Skip to content

http: add strictMode option and checkIsHttpToken check#2526

Closed
jasnell wants to merge 3 commits intonodejs:masterfrom
jasnell:sanitize-headers
Closed

http: add strictMode option and checkIsHttpToken check#2526
jasnell wants to merge 3 commits intonodejs:masterfrom
jasnell:sanitize-headers

Conversation

@jasnell
Copy link
Member

@jasnell jasnell commented Aug 24, 2015

Per: nodejs/node-convergence-archive#13

Adds a check that will cause a TypeError to be thrown if the HTTP
method or header field name does not conform to the Token rule.

This adds a new strictMode flag to OutgoingMessage that, when
enabled, will cause a TypeError to be thrown if the HTTP Method
or header field name does not conform to the Token rule.

The strictMode flag ensures that, in the common case, there
is minimal performance hit and that existing code should continue
to work. The Token check is only performed when strictMode = true.

Doc and test case are included.

On the client-side

var http = require('http');
var url = require('url');
var p = url.parse('http://localhost:8888');
p.headers = {'testing 123': 123};
p.strictMode = true;
http.client(p, function(res) { }); // throws

On the server-side

var http = require('http');
var server = http.createServer(function(req,res) {
  res.strictMode = true;
  res.setHeader('testing 123', 123); // throws
  res.end('...');
});

Loading
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

http Issues or PRs related to the http subsystem. semver-major PRs that contain breaking changes and should be released in the next major version.

Projects

None yet

Milestone

5.0.0

Development

Successfully merging this pull request may close these issues.

9 participants

@jasnell @brendanashworth @trevnorris @rvagg @indutny @ChALkeR @thefourtheye @targos @Fishrock123