-
Notifications
You must be signed in to change notification settings - Fork 30.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
http: make maximum header size configurable per-stream or per-server
Make `maxHeaderSize` a.k.a. `--max-header-size` configurable now that the legacy parser is gone (which only supported a single global value). Refs: #30567 PR-URL: #30570 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Denys Otrishko <shishugi@gmail.com>
- Loading branch information
Showing
7 changed files
with
135 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
'use strict'; | ||
const common = require('../common'); | ||
const assert = require('assert'); | ||
const http = require('http'); | ||
const MakeDuplexPair = require('../common/duplexpair'); | ||
|
||
// Test that setting the `maxHeaderSize` option works on a per-stream-basis. | ||
|
||
// Test 1: The server sends larger headers than what would otherwise be allowed. | ||
{ | ||
const { clientSide, serverSide } = MakeDuplexPair(); | ||
|
||
const req = http.request({ | ||
createConnection: common.mustCall(() => clientSide), | ||
maxHeaderSize: http.maxHeaderSize * 4 | ||
}, common.mustCall((res) => { | ||
assert.strictEqual(res.headers.hello, 'A'.repeat(http.maxHeaderSize * 3)); | ||
res.resume(); // We don’t actually care about contents. | ||
res.on('end', common.mustCall()); | ||
})); | ||
req.end(); | ||
|
||
serverSide.resume(); // Dump the request | ||
serverSide.end('HTTP/1.1 200 OK\r\n' + | ||
'Hello: ' + 'A'.repeat(http.maxHeaderSize * 3) + '\r\n' + | ||
'Content-Length: 0\r\n' + | ||
'\r\n\r\n'); | ||
} | ||
|
||
// Test 2: The same as Test 1 except without the option, to make sure it fails. | ||
{ | ||
const { clientSide, serverSide } = MakeDuplexPair(); | ||
|
||
const req = http.request({ | ||
createConnection: common.mustCall(() => clientSide) | ||
}, common.mustNotCall()); | ||
req.end(); | ||
req.on('error', common.mustCall()); | ||
|
||
serverSide.resume(); // Dump the request | ||
serverSide.end('HTTP/1.1 200 OK\r\n' + | ||
'Hello: ' + 'A'.repeat(http.maxHeaderSize * 3) + '\r\n' + | ||
'Content-Length: 0\r\n' + | ||
'\r\n\r\n'); | ||
} | ||
|
||
// Test 3: The client sends larger headers than what would otherwise be allowed. | ||
{ | ||
const testData = 'Hello, World!\n'; | ||
const server = http.createServer( | ||
{ maxHeaderSize: http.maxHeaderSize * 4 }, | ||
common.mustCall((req, res) => { | ||
res.statusCode = 200; | ||
res.setHeader('Content-Type', 'text/plain'); | ||
res.end(testData); | ||
})); | ||
|
||
server.on('clientError', common.mustNotCall()); | ||
|
||
const { clientSide, serverSide } = MakeDuplexPair(); | ||
serverSide.server = server; | ||
server.emit('connection', serverSide); | ||
|
||
clientSide.write('GET / HTTP/1.1\r\n' + | ||
'Hello: ' + 'A'.repeat(http.maxHeaderSize * 3) + '\r\n' + | ||
'\r\n\r\n'); | ||
} | ||
|
||
// Test 4: The same as Test 3 except without the option, to make sure it fails. | ||
{ | ||
const server = http.createServer(common.mustNotCall()); | ||
|
||
server.on('clientError', common.mustCall()); | ||
|
||
const { clientSide, serverSide } = MakeDuplexPair(); | ||
serverSide.server = server; | ||
server.emit('connection', serverSide); | ||
|
||
clientSide.write('GET / HTTP/1.1\r\n' + | ||
'Hello: ' + 'A'.repeat(http.maxHeaderSize * 3) + '\r\n' + | ||
'\r\n\r\n'); | ||
} |