Skip to content

Commit

Permalink
http2: expand list of known headers
Browse files Browse the repository at this point in the history 
Add access-control-*, dnt, forwarded, trailer, tk,
upgrade-insecure-requests, warning, x-content-type-options and
x-frame-options to known list of headers for HTTP2. Expand tests
to account for these headers.

Fixes: #15337
Refs: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
Refs: https://www.w3.org/TR/cors/#syntax
Refs: https://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#dnt-header-field
Refs: https://tools.ietf.org/html/rfc7239#section-4
Refs: https://tools.ietf.org/html/rfc7230#section-4.4
Refs: https://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#response-header-field
Refs: https://www.w3.org/TR/upgrade-insecure-requests/#preference
Refs: https://tools.ietf.org/html/rfc7234#section-5.5
Refs: https://fetch.spec.whatwg.org/#x-content-type-options-header
Refs: https://tools.ietf.org/html/rfc7034

PR-URL: #15434
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
  • Loading branch information
@apapirovski @jasnell
apapirovski authored and jasnell committed Sep 20, 2017
1 parent 771c2ac commit b9a9290
Show file tree
Hide file tree
Showing 4 changed files with 79 additions and 3 deletions.
16 changes: 15 additions & 1 deletion lib/internal/http2/util.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ const {
HTTP2_HEADER_AUTHORITY,
HTTP2_HEADER_SCHEME,
HTTP2_HEADER_PATH,
HTTP2_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS,
HTTP2_HEADER_ACCESS_CONTROL_MAX_AGE,
HTTP2_HEADER_ACCESS_CONTROL_REQUEST_METHOD,
HTTP2_HEADER_AGE,
HTTP2_HEADER_AUTHORIZATION,
HTTP2_HEADER_CONTENT_ENCODING,
Expand All @@ -20,6 +23,7 @@ const {
HTTP2_HEADER_CONTENT_TYPE,
HTTP2_HEADER_COOKIE,
HTTP2_HEADER_DATE,
HTTP2_HEADER_DNT,
HTTP2_HEADER_ETAG,
HTTP2_HEADER_EXPIRES,
HTTP2_HEADER_FROM,
Expand All @@ -36,7 +40,10 @@ const {
HTTP2_HEADER_REFERER,
HTTP2_HEADER_RETRY_AFTER,
HTTP2_HEADER_SET_COOKIE,
HTTP2_HEADER_TK,
HTTP2_HEADER_UPGRADE_INSECURE_REQUESTS,
HTTP2_HEADER_USER_AGENT,
HTTP2_HEADER_X_CONTENT_TYPE_OPTIONS,

HTTP2_HEADER_CONNECTION,
HTTP2_HEADER_UPGRADE,
Expand Down Expand Up @@ -71,6 +78,9 @@ const kSingleValueHeaders = new Set([
HTTP2_HEADER_AUTHORITY,
HTTP2_HEADER_SCHEME,
HTTP2_HEADER_PATH,
HTTP2_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS,
HTTP2_HEADER_ACCESS_CONTROL_MAX_AGE,
HTTP2_HEADER_ACCESS_CONTROL_REQUEST_METHOD,
HTTP2_HEADER_AGE,
HTTP2_HEADER_AUTHORIZATION,
HTTP2_HEADER_CONTENT_ENCODING,
Expand All @@ -81,6 +91,7 @@ const kSingleValueHeaders = new Set([
HTTP2_HEADER_CONTENT_RANGE,
HTTP2_HEADER_CONTENT_TYPE,
HTTP2_HEADER_DATE,
HTTP2_HEADER_DNT,
HTTP2_HEADER_ETAG,
HTTP2_HEADER_EXPIRES,
HTTP2_HEADER_FROM,
Expand All @@ -96,7 +107,10 @@ const kSingleValueHeaders = new Set([
HTTP2_HEADER_RANGE,
HTTP2_HEADER_REFERER,
HTTP2_HEADER_RETRY_AFTER,
HTTP2_HEADER_USER_AGENT
HTTP2_HEADER_TK,
HTTP2_HEADER_UPGRADE_INSECURE_REQUESTS,
HTTP2_HEADER_USER_AGENT,
HTTP2_HEADER_X_CONTENT_TYPE_OPTIONS
]);

// The HTTP methods in this set are specifically defined as assigning no
Expand Down
15 changes: 15 additions & 0 deletions src/node_http2.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,14 @@ using v8::MaybeLocal;
V(ACCEPT_LANGUAGE, "accept-language") \
V(ACCEPT_RANGES, "accept-ranges") \
V(ACCEPT, "accept") \
V(ACCESS_CONTROL_ALLOW_CREDENTIALS, "access-control-allow-credentials") \
V(ACCESS_CONTROL_ALLOW_HEADERS, "access-control-allow-headers") \
V(ACCESS_CONTROL_ALLOW_METHODS, "access-control-allow-methods") \
V(ACCESS_CONTROL_ALLOW_ORIGIN, "access-control-allow-origin") \
V(ACCESS_CONTROL_EXPOSE_HEADERS, "access-control-expose-headers") \
V(ACCESS_CONTROL_MAX_AGE, "access-control-max-age") \
V(ACCESS_CONTROL_REQUEST_HEADERS, "access-control-request-headers") \
V(ACCESS_CONTROL_REQUEST_METHOD, "access-control-request-method") \
V(AGE, "age") \
V(ALLOW, "allow") \
V(AUTHORIZATION, "authorization") \
Expand All @@ -84,9 +91,11 @@ using v8::MaybeLocal;
V(CONTENT_TYPE, "content-type") \
V(COOKIE, "cookie") \
V(DATE, "date") \
V(DNT, "dnt") \
V(ETAG, "etag") \
V(EXPECT, "expect") \
V(EXPIRES, "expires") \
V(FORWARDED, "forwarded") \
V(FROM, "from") \
V(HOST, "host") \
V(IF_MATCH, "if-match") \
Expand All @@ -108,13 +117,19 @@ using v8::MaybeLocal;
V(SERVER, "server") \
V(SET_COOKIE, "set-cookie") \
V(STRICT_TRANSPORT_SECURITY, "strict-transport-security") \
V(TRAILER, "trailer") \
V(TRANSFER_ENCODING, "transfer-encoding") \
V(TE, "te") \
V(TK, "tk") \
V(UPGRADE_INSECURE_REQUESTS, "upgrade-insecure-requests") \
V(UPGRADE, "upgrade") \
V(USER_AGENT, "user-agent") \
V(VARY, "vary") \
V(VIA, "via") \
V(WARNING, "warning") \
V(WWW_AUTHENTICATE, "www-authenticate") \
V(X_CONTENT_TYPE_OPTIONS, "x-content-type-options") \
V(X_FRAME_OPTIONS, "x-frame-options") \
V(HTTP2_SETTINGS, "http2-settings") \
V(KEEP_ALIVE, "keep-alive") \
V(PROXY_CONNECTION, "proxy-connection")
Expand Down
15 changes: 15 additions & 0 deletions test/parallel/test-http2-binding.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,14 @@ const expectedHeaderNames = {
HTTP2_HEADER_ACCEPT_LANGUAGE: 'accept-language',
HTTP2_HEADER_ACCEPT_RANGES: 'accept-ranges',
HTTP2_HEADER_ACCEPT: 'accept',
HTTP2_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS: 'access-control-allow-credentials', // eslint-disable-line max-len
HTTP2_HEADER_ACCESS_CONTROL_ALLOW_HEADERS: 'access-control-allow-headers',
HTTP2_HEADER_ACCESS_CONTROL_ALLOW_METHODS: 'access-control-allow-methods',
HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN: 'access-control-allow-origin',
HTTP2_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS: 'access-control-expose-headers',
HTTP2_HEADER_ACCESS_CONTROL_MAX_AGE: 'access-control-max-age',
HTTP2_HEADER_ACCESS_CONTROL_REQUEST_HEADERS: 'access-control-request-headers',
HTTP2_HEADER_ACCESS_CONTROL_REQUEST_METHOD: 'access-control-request-method',
HTTP2_HEADER_AGE: 'age',
HTTP2_HEADER_ALLOW: 'allow',
HTTP2_HEADER_AUTHORIZATION: 'authorization',
Expand All @@ -119,9 +126,11 @@ const expectedHeaderNames = {
HTTP2_HEADER_CONTENT_TYPE: 'content-type',
HTTP2_HEADER_COOKIE: 'cookie',
HTTP2_HEADER_CONNECTION: 'connection',
HTTP2_HEADER_DNT: 'dnt',
HTTP2_HEADER_ETAG: 'etag',
HTTP2_HEADER_EXPECT: 'expect',
HTTP2_HEADER_EXPIRES: 'expires',
HTTP2_HEADER_FORWARDED: 'forwarded',
HTTP2_HEADER_FROM: 'from',
HTTP2_HEADER_HOST: 'host',
HTTP2_HEADER_IF_MATCH: 'if-match',
Expand All @@ -144,11 +153,17 @@ const expectedHeaderNames = {
HTTP2_HEADER_SERVER: 'server',
HTTP2_HEADER_SET_COOKIE: 'set-cookie',
HTTP2_HEADER_STRICT_TRANSPORT_SECURITY: 'strict-transport-security',
HTTP2_HEADER_TRAILER: 'trailer',
HTTP2_HEADER_TRANSFER_ENCODING: 'transfer-encoding',
HTTP2_HEADER_TK: 'tk',
HTTP2_HEADER_UPGRADE_INSECURE_REQUESTS: 'upgrade-insecure-requests',
HTTP2_HEADER_USER_AGENT: 'user-agent',
HTTP2_HEADER_VARY: 'vary',
HTTP2_HEADER_VIA: 'via',
HTTP2_HEADER_WARNING: 'warning',
HTTP2_HEADER_WWW_AUTHENTICATE: 'www-authenticate',
HTTP2_HEADER_X_CONTENT_TYPE_OPTIONS: 'x-content-type-options',
HTTP2_HEADER_X_FRAME_OPTIONS: 'x-frame-options',
HTTP2_HEADER_KEEP_ALIVE: 'keep-alive',
HTTP2_HEADER_CONTENT_MD5: 'content-md5',
HTTP2_HEADER_TE: 'te',
Expand Down
36 changes: 34 additions & 2 deletions test/parallel/test-http2-util-headers-list.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ const {
HTTP2_HEADER_AUTHORITY,
HTTP2_HEADER_SCHEME,
HTTP2_HEADER_PATH,
HTTP2_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS,
HTTP2_HEADER_ACCESS_CONTROL_MAX_AGE,
HTTP2_HEADER_ACCESS_CONTROL_REQUEST_METHOD,
HTTP2_HEADER_AGE,
HTTP2_HEADER_AUTHORIZATION,
HTTP2_HEADER_CONTENT_ENCODING,
Expand All @@ -24,6 +27,7 @@ const {
HTTP2_HEADER_CONTENT_RANGE,
HTTP2_HEADER_CONTENT_TYPE,
HTTP2_HEADER_DATE,
HTTP2_HEADER_DNT,
HTTP2_HEADER_ETAG,
HTTP2_HEADER_EXPIRES,
HTTP2_HEADER_FROM,
Expand All @@ -33,34 +37,46 @@ const {
HTTP2_HEADER_IF_RANGE,
HTTP2_HEADER_IF_UNMODIFIED_SINCE,
HTTP2_HEADER_LAST_MODIFIED,
HTTP2_HEADER_LOCATION,
HTTP2_HEADER_MAX_FORWARDS,
HTTP2_HEADER_PROXY_AUTHORIZATION,
HTTP2_HEADER_RANGE,
HTTP2_HEADER_REFERER,
HTTP2_HEADER_RETRY_AFTER,
HTTP2_HEADER_TK,
HTTP2_HEADER_UPGRADE_INSECURE_REQUESTS,
HTTP2_HEADER_USER_AGENT,
HTTP2_HEADER_X_CONTENT_TYPE_OPTIONS,

HTTP2_HEADER_ACCEPT_CHARSET,
HTTP2_HEADER_ACCEPT_ENCODING,
HTTP2_HEADER_ACCEPT_LANGUAGE,
HTTP2_HEADER_ACCEPT_RANGES,
HTTP2_HEADER_ACCEPT,
HTTP2_HEADER_ACCESS_CONTROL_ALLOW_HEADERS,
HTTP2_HEADER_ACCESS_CONTROL_ALLOW_METHODS,
HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
HTTP2_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS,
HTTP2_HEADER_ACCESS_CONTROL_REQUEST_HEADERS,
HTTP2_HEADER_ALLOW,
HTTP2_HEADER_CACHE_CONTROL,
HTTP2_HEADER_CONTENT_DISPOSITION,
HTTP2_HEADER_COOKIE,
HTTP2_HEADER_EXPECT,
HTTP2_HEADER_FORWARDED,
HTTP2_HEADER_LINK,
HTTP2_HEADER_PREFER,
HTTP2_HEADER_PROXY_AUTHENTICATE,
HTTP2_HEADER_REFRESH,
HTTP2_HEADER_SERVER,
HTTP2_HEADER_SET_COOKIE,
HTTP2_HEADER_STRICT_TRANSPORT_SECURITY,
HTTP2_HEADER_TRAILER,
HTTP2_HEADER_VARY,
HTTP2_HEADER_VIA,
HTTP2_HEADER_WARNING,
HTTP2_HEADER_WWW_AUTHENTICATE,
HTTP2_HEADER_X_FRAME_OPTIONS,

HTTP2_HEADER_CONNECTION,
HTTP2_HEADER_UPGRADE,
Expand Down Expand Up @@ -145,6 +161,9 @@ const {
HTTP2_HEADER_AUTHORITY,
HTTP2_HEADER_SCHEME,
HTTP2_HEADER_PATH,
HTTP2_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS,
HTTP2_HEADER_ACCESS_CONTROL_MAX_AGE,
HTTP2_HEADER_ACCESS_CONTROL_REQUEST_METHOD,
HTTP2_HEADER_AGE,
HTTP2_HEADER_AUTHORIZATION,
HTTP2_HEADER_CONTENT_ENCODING,
Expand All @@ -155,6 +174,7 @@ const {
HTTP2_HEADER_CONTENT_RANGE,
HTTP2_HEADER_CONTENT_TYPE,
HTTP2_HEADER_DATE,
HTTP2_HEADER_DNT,
HTTP2_HEADER_ETAG,
HTTP2_HEADER_EXPIRES,
HTTP2_HEADER_FROM,
Expand All @@ -164,12 +184,16 @@ const {
HTTP2_HEADER_IF_RANGE,
HTTP2_HEADER_IF_UNMODIFIED_SINCE,
HTTP2_HEADER_LAST_MODIFIED,
HTTP2_HEADER_LOCATION,
HTTP2_HEADER_MAX_FORWARDS,
HTTP2_HEADER_PROXY_AUTHORIZATION,
HTTP2_HEADER_RANGE,
HTTP2_HEADER_REFERER,
HTTP2_HEADER_RETRY_AFTER,
HTTP2_HEADER_USER_AGENT
HTTP2_HEADER_TK,
HTTP2_HEADER_UPGRADE_INSECURE_REQUESTS,
HTTP2_HEADER_USER_AGENT,
HTTP2_HEADER_X_CONTENT_TYPE_OPTIONS
].forEach((name) => {
const msg = `Header field "${name}" must have only a single value`;
common.expectsError({
Expand All @@ -184,22 +208,30 @@ const {
HTTP2_HEADER_ACCEPT_LANGUAGE,
HTTP2_HEADER_ACCEPT_RANGES,
HTTP2_HEADER_ACCEPT,
HTTP2_HEADER_ACCESS_CONTROL_ALLOW_HEADERS,
HTTP2_HEADER_ACCESS_CONTROL_ALLOW_METHODS,
HTTP2_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN,
HTTP2_HEADER_ACCESS_CONTROL_EXPOSE_HEADERS,
HTTP2_HEADER_ACCESS_CONTROL_REQUEST_HEADERS,
HTTP2_HEADER_ALLOW,
HTTP2_HEADER_CACHE_CONTROL,
HTTP2_HEADER_CONTENT_DISPOSITION,
HTTP2_HEADER_COOKIE,
HTTP2_HEADER_EXPECT,
HTTP2_HEADER_FORWARDED,
HTTP2_HEADER_LINK,
HTTP2_HEADER_PREFER,
HTTP2_HEADER_PROXY_AUTHENTICATE,
HTTP2_HEADER_REFRESH,
HTTP2_HEADER_SERVER,
HTTP2_HEADER_SET_COOKIE,
HTTP2_HEADER_STRICT_TRANSPORT_SECURITY,
HTTP2_HEADER_TRAILER,
HTTP2_HEADER_VARY,
HTTP2_HEADER_VIA,
HTTP2_HEADER_WWW_AUTHENTICATE
HTTP2_HEADER_WARNING,
HTTP2_HEADER_WWW_AUTHENTICATE,
HTTP2_HEADER_X_FRAME_OPTIONS
].forEach((name) => {
assert(!(mapToHeaders({ [name]: [1, 2, 3] }) instanceof Error), name);
});
Expand Down

0 comments on commit b9a9290

Please sign in to comment.