-
Notifications
You must be signed in to change notification settings - Fork 30k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
http,https: align server option of https with http
Fixes: #38954 PR-URL: #38992 Refs: #30570 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michaël Zasso <targos@protonmail.com>
- Loading branch information
Showing
4 changed files
with
268 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,131 @@ | ||
'use strict'; | ||
const common = require('../common'); | ||
if (!common.hasCrypto) { | ||
common.skip('missing crypto'); | ||
} | ||
|
||
const fixtures = require('../common/fixtures'); | ||
const assert = require('assert'); | ||
const https = require('https'); | ||
const MakeDuplexPair = require('../common/duplexpair'); | ||
const tls = require('tls'); | ||
const { finished } = require('stream'); | ||
|
||
const certFixture = { | ||
key: fixtures.readKey('agent1-key.pem'), | ||
cert: fixtures.readKey('agent1-cert.pem'), | ||
ca: fixtures.readKey('ca1-cert.pem'), | ||
}; | ||
|
||
|
||
// Test that setting the `insecureHTTPParse` option works on a per-stream-basis. | ||
|
||
// Test 1: The server sends an invalid header. | ||
{ | ||
const { clientSide, serverSide } = MakeDuplexPair(); | ||
|
||
const req = https.request({ | ||
rejectUnauthorized: false, | ||
createConnection: common.mustCall(() => clientSide), | ||
insecureHTTPParser: true | ||
}, common.mustCall((res) => { | ||
assert.strictEqual(res.headers.hello, 'foo\x08foo'); | ||
res.resume(); // We don’t actually care about contents. | ||
res.on('end', common.mustCall()); | ||
})); | ||
req.end(); | ||
|
||
serverSide.resume(); // Dump the request | ||
serverSide.end('HTTP/1.1 200 OK\r\n' + | ||
'Hello: foo\x08foo\r\n' + | ||
'Content-Length: 0\r\n' + | ||
'\r\n\r\n'); | ||
} | ||
|
||
// Test 2: The same as Test 1 except without the option, to make sure it fails. | ||
{ | ||
const { clientSide, serverSide } = MakeDuplexPair(); | ||
|
||
const req = https.request({ | ||
rejectUnauthorized: false, | ||
createConnection: common.mustCall(() => clientSide) | ||
}, common.mustNotCall()); | ||
req.end(); | ||
req.on('error', common.mustCall()); | ||
|
||
serverSide.resume(); // Dump the request | ||
serverSide.end('HTTP/1.1 200 OK\r\n' + | ||
'Hello: foo\x08foo\r\n' + | ||
'Content-Length: 0\r\n' + | ||
'\r\n\r\n'); | ||
} | ||
|
||
// Test 3: The client sends an invalid header. | ||
{ | ||
const testData = 'Hello, World!\n'; | ||
const server = https.createServer( | ||
{ insecureHTTPParser: true, | ||
...certFixture }, | ||
common.mustCall((req, res) => { | ||
res.statusCode = 200; | ||
res.setHeader('Content-Type', 'text/plain'); | ||
res.end(testData); | ||
})); | ||
|
||
server.on('clientError', common.mustNotCall()); | ||
|
||
server.listen(0, common.mustCall(() => { | ||
const client = tls.connect({ | ||
port: server.address().port, | ||
rejectUnauthorized: false | ||
}); | ||
client.write( | ||
'GET / HTTP/1.1\r\n' + | ||
'Hello: foo\x08foo\r\n' + | ||
'\r\n\r\n'); | ||
client.end(); | ||
|
||
client.on('data', () => {}); | ||
finished(client, common.mustCall(() => { | ||
server.close(); | ||
})); | ||
})); | ||
} | ||
|
||
// Test 4: The same as Test 3 except without the option, to make sure it fails. | ||
{ | ||
const server = https.createServer( | ||
{ ...certFixture }, | ||
common.mustNotCall()); | ||
|
||
server.on('clientError', common.mustCall()); | ||
|
||
server.listen(0, common.mustCall(() => { | ||
const client = tls.connect({ | ||
port: server.address().port, | ||
rejectUnauthorized: false | ||
}); | ||
client.write( | ||
'GET / HTTP/1.1\r\n' + | ||
'Hello: foo\x08foo\r\n' + | ||
'\r\n\r\n'); | ||
client.end(); | ||
|
||
client.on('data', () => {}); | ||
finished(client, common.mustCall(() => { | ||
server.close(); | ||
})); | ||
})); | ||
} | ||
|
||
// Test 5: Invalid argument type | ||
{ | ||
assert.throws( | ||
() => https.request({ insecureHTTPParser: 0 }, common.mustNotCall()), | ||
common.expectsError({ | ||
code: 'ERR_INVALID_ARG_TYPE', | ||
message: 'The "options.insecureHTTPParser" property must be of' + | ||
' type boolean. Received type number (0)' | ||
}) | ||
); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,119 @@ | ||
'use strict'; | ||
const common = require('../common'); | ||
|
||
if (!common.hasCrypto) { | ||
common.skip('missing crypto'); | ||
} | ||
|
||
const fixtures = require('../common/fixtures'); | ||
const assert = require('assert'); | ||
const https = require('https'); | ||
const http = require('http'); | ||
const tls = require('tls'); | ||
const MakeDuplexPair = require('../common/duplexpair'); | ||
const { finished } = require('stream'); | ||
|
||
const certFixture = { | ||
key: fixtures.readKey('agent1-key.pem'), | ||
cert: fixtures.readKey('agent1-cert.pem'), | ||
ca: fixtures.readKey('ca1-cert.pem'), | ||
}; | ||
|
||
|
||
// Test that setting the `maxHeaderSize` option works on a per-stream-basis. | ||
|
||
// Test 1: The server sends larger headers than what would otherwise be allowed. | ||
{ | ||
const { clientSide, serverSide } = MakeDuplexPair(); | ||
|
||
const req = https.request({ | ||
createConnection: common.mustCall(() => clientSide), | ||
maxHeaderSize: http.maxHeaderSize * 4 | ||
}, common.mustCall((res) => { | ||
assert.strictEqual(res.headers.hello, 'A'.repeat(http.maxHeaderSize * 3)); | ||
res.resume(); // We don’t actually care about contents. | ||
res.on('end', common.mustCall()); | ||
})); | ||
req.end(); | ||
|
||
serverSide.resume(); // Dump the request | ||
serverSide.end('HTTP/1.1 200 OK\r\n' + | ||
'Hello: ' + 'A'.repeat(http.maxHeaderSize * 3) + '\r\n' + | ||
'Content-Length: 0\r\n' + | ||
'\r\n\r\n'); | ||
} | ||
|
||
// Test 2: The same as Test 1 except without the option, to make sure it fails. | ||
{ | ||
const { clientSide, serverSide } = MakeDuplexPair(); | ||
|
||
const req = https.request({ | ||
createConnection: common.mustCall(() => clientSide) | ||
}, common.mustNotCall()); | ||
req.end(); | ||
req.on('error', common.mustCall()); | ||
|
||
serverSide.resume(); // Dump the request | ||
serverSide.end('HTTP/1.1 200 OK\r\n' + | ||
'Hello: ' + 'A'.repeat(http.maxHeaderSize * 3) + '\r\n' + | ||
'Content-Length: 0\r\n' + | ||
'\r\n\r\n'); | ||
} | ||
|
||
// Test 3: The client sends larger headers than what would otherwise be allowed. | ||
{ | ||
const testData = 'Hello, World!\n'; | ||
const server = https.createServer( | ||
{ maxHeaderSize: http.maxHeaderSize * 4, | ||
...certFixture }, | ||
common.mustCall((req, res) => { | ||
res.statusCode = 200; | ||
res.setHeader('Content-Type', 'text/plain'); | ||
res.end(testData); | ||
})); | ||
|
||
server.on('clientError', common.mustNotCall()); | ||
|
||
server.listen(0, common.mustCall(() => { | ||
const client = tls.connect({ | ||
port: server.address().port, | ||
rejectUnauthorized: false | ||
}); | ||
client.write( | ||
'GET / HTTP/1.1\r\n' + | ||
'Hello: ' + 'A'.repeat(http.maxHeaderSize * 3) + '\r\n' + | ||
'\r\n\r\n'); | ||
client.end(); | ||
|
||
client.on('data', () => {}); | ||
finished(client, common.mustCall(() => { | ||
server.close(); | ||
})); | ||
})); | ||
} | ||
|
||
// Test 4: The same as Test 3 except without the option, to make sure it fails. | ||
{ | ||
const server = https.createServer({ ...certFixture }, common.mustNotCall()); | ||
|
||
// clientError may be emitted multiple times when header is larger than | ||
// maxHeaderSize. | ||
server.on('clientError', common.mustCallAtLeast(() => {}, 1)); | ||
|
||
server.listen(0, common.mustCall(() => { | ||
const client = tls.connect({ | ||
port: server.address().port, | ||
rejectUnauthorized: false | ||
}); | ||
client.write( | ||
'GET / HTTP/1.1\r\n' + | ||
'Hello: ' + 'A'.repeat(http.maxHeaderSize * 3) + '\r\n' + | ||
'\r\n\r\n'); | ||
client.end(); | ||
|
||
client.on('data', () => {}); | ||
finished(client, common.mustCall(() => { | ||
server.close(); | ||
})); | ||
})); | ||
} |