-
Notifications
You must be signed in to change notification settings - Fork 30.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http: improve errors thrown in header validation #16715
Conversation
b09ead1
to
a4c2e6e
Compare
Would be nice to have |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM with some nits 👍
### ERR_HTTP2_INVALID_HEADER_VALUE | ||
### ERR_HTTP_INVALID_HEADER_VALUE | ||
<a id="ERR_HTTP_INVALID_HEADER_VALUE"></a> | ||
### ERR_HTTP_INVALID_HEADER_VALUE |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Accidentally doubled here?
throw new errors.Error('ERR_HTTP2_PSEUDOHEADER_NOT_ALLOWED'); | ||
if (value === undefined || value === null) | ||
throw new errors.TypeError('ERR_HTTP2_INVALID_HEADER_VALUE'); | ||
var err; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: can we use let
? (I don't think there's many/any vars in http2 except for for
loops.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am still under the impression that we favor var
in cases like this...might be just outdated impressions, I'll fix that.
@@ -26,17 +26,17 @@ server.listen(0, common.mustCall(() => { | |||
common.expectsError( | |||
() => response.setTrailer('test', undefined), | |||
{ | |||
code: 'ERR_HTTP2_INVALID_HEADER_VALUE', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not 100% sure about this because the semantics of the http2 validation are slightly different, for example pseudo headers are an http2 only feature.
throw new errors.TypeError('ERR_INVALID_CHAR', 'header content', name); | ||
err = new errors.TypeError('ERR_INVALID_CHAR', 'header content', name); | ||
} | ||
if (err) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this is an object, can we do a strict comparison to undefined
? (This function is kind of in a hot path.)
} else if (value === undefined || value === null) { | ||
err = new errors.TypeError('ERR_HTTP_INVALID_HEADER_VALUE', value, name); | ||
} | ||
if (err) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as for http
, could we compare to undefined
to avoid the whole document.all
perf issue? (This is in a hot path.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 to landing as semver-major
@@ -818,9 +818,11 @@ HTTP/1 connection specific headers are forbidden to be used in HTTP/2 | |||
requests and responses. | |||
|
|||
<a id="ERR_HTTP2_INVALID_HEADER_VALUE"></a> | |||
### ERR_HTTP2_INVALID_HEADER_VALUE | |||
### ERR_HTTP_INVALID_HEADER_VALUE |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This line is duplicated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually it's accidentally changed..we need to keep the documentation for ERR_HTTP2_INVALID_HEADER_VALUE
because it's out there already.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the codebase doesn't raise an error with this code though, should it be removed? 😬
|
||
Used to indicate that an invalid HTTP/2 header value has been specified. | ||
Used to indicate that an invalid HTTP header value has been specified. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we explicitly say HTTP/1.1 and HTTP/2?
Is this semver-major? It doesn't modify error codes except for http2 which is experimental. (And I'm not even 100% confident the error code for h2 should change, see above.) |
@apapirovski Hmmm, actually I don't know what's our policy for "changing error code but it's an error in the experimental module".. |
@apapirovski Ah, wait, it also modifies the HTTP error codes ( |
@joyeecheung They already changed roughly a million times during v8.x... that ship might've sailed. 😆
Ah true. Wonder if we could split into two separate PRs/commits so most of this could land right away? |
Yeah that seems like a better idea. I will close this one and open another two. |
Fixes: #16714
This PR:
ERR_HTTP2_INVALID_HEADER_VALUE
withERR_HTTP_INVALID_HEADER_VALUE
, don't really see a need to differentiate the two.ERR_HTTP2_INVALID_HEADER_VALUE
is kept.Value must not be undefined or null
(HTTP2) orThe "value" argument must be specified
(HTTP), after it'sInvalid value "undefined" for header "test"
. If the user is setting the header in a loop this would be much more useful.Error.captureStackTrace
to exclude the validation functions from the stack traceChecklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passesAffected core subsystem(s)
http, http2