node/test/parallel/test-http-server-multiheade...

// Copyright Joyent, Inc. and other Node contributors.
//
// Permission is hereby granted, free of charge, to any person obtaining a
// copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to permit
// persons to whom the Software is furnished to do so, subject to the
// following conditions:
//
// The above copyright notice and this permission notice shall be included
// in all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
// USE OR OTHER DEALINGS IN THE SOFTWARE.

'use strict';
// Verify that the HTTP server implementation handles multiple instances
// of the same header as per RFC2616: joining the handful of fields by ', '
// that support it, and dropping duplicates for other fields.

require('../common');
const assert = require('assert');
const http = require('http');

const multipleAllowed = [
  'Accept',
  'Accept-Charset',
  'Accept-Encoding',
  'Accept-Language',
  'Connection',
  'Cookie',
  'DAV', // GH-2750
  'Pragma', // GH-715
  'Link', // GH-1187
  'WWW-Authenticate', // GH-1083
  'Proxy-Authenticate', // GH-4052
  'Sec-Websocket-Extensions', // GH-2764
  'Sec-Websocket-Protocol', // GH-2764
  'Via', // GH-6660

  // not a special case, just making sure it's parsed correctly
  'X-Forwarded-For',

  // make sure that unspecified headers is treated as multiple
  'Some-Random-Header',
  'X-Some-Random-Header',
];

const multipleForbidden = [
  'Content-Type',
  'User-Agent',
  'Referer',
  'Host',
  'Authorization',
  'Proxy-Authorization',
  'If-Modified-Since',
  'If-Unmodified-Since',
  'From',
  'Location',
  'Max-Forwards',

  // special case, tested differently
  //'Content-Length',
];

const srv = http.createServer(function(req, res) {
  multipleForbidden.forEach(function(header) {
    assert.strictEqual(req.headers[header.toLowerCase()],
                       'foo', 'header parsed incorrectly: ' + header);
  });
  multipleAllowed.forEach(function(header) {
    const sep = (header.toLowerCase() === 'cookie' ? '; ' : ', ');
    assert.strictEqual(req.headers[header.toLowerCase()],
                       'foo' + sep + 'bar',
                       'header parsed incorrectly: ' + header);
  });

  res.writeHead(200, {'Content-Type': 'text/plain'});
  res.end('EOF');

  srv.close();
});

function makeHeader(value) {
  return function(header) {
    return [header, value];
  };
}

const headers = []
  .concat(multipleAllowed.map(makeHeader('foo')))
  .concat(multipleForbidden.map(makeHeader('foo')))
  .concat(multipleAllowed.map(makeHeader('bar')))
  .concat(multipleForbidden.map(makeHeader('bar')));

srv.listen(0, function() {
  http.get({
    host: 'localhost',
    port: this.address().port,
    path: '/',
    headers: headers,
  });
});
meta: restore original copyright header A prior io.js era commit inappropriately removed the original copyright statements from the source. This restores those in any files still remaining from that edit. Ref: https://github.com/nodejs/TSC/issues/174 Ref: https://github.com/nodejs/node/pull/10599 PR-URL: https://github.com/nodejs/node/pull/10155 Note: This PR was required, reviewed-by and approved by the Node.js Foundation Legal Committee and the TSC. There is no `Approved-By:` meta data. 8 years ago			`// Copyright Joyent, Inc. and other Node contributors.`
			`//`
			`// Permission is hereby granted, free of charge, to any person obtaining a`
			`// copy of this software and associated documentation files (the`
			`// "Software"), to deal in the Software without restriction, including`
			`// without limitation the rights to use, copy, modify, merge, publish,`
			`// distribute, sublicense, and/or sell copies of the Software, and to permit`
			`// persons to whom the Software is furnished to do so, subject to the`
			`// following conditions:`
			`//`
			`// The above copyright notice and this permission notice shall be included`
			`// in all copies or substantial portions of the Software.`
			`//`
			`// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS`
			`// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF`
			`// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN`
			`// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,`
			`// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR`
			`// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE`
			`// USE OR OTHER DEALINGS IN THE SOFTWARE.`

test: enable linting for tests Enable linting for the test directory. A number of changes was made so all tests conform the current rules used by lib and src directories. The only exception for tests is that unreachable (dead) code is allowed. test-fs-non-number-arguments-throw had to be excluded from the changes because of a weird issue on Windows CI. PR-URL: https://github.com/nodejs/io.js/pull/1721 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> 10 years ago			`'use strict';`
http: concatenate duplicate headers by default 11 years ago			`// Verify that the HTTP server implementation handles multiple instances`
			`// of the same header as per RFC2616: joining the handful of fields by ', '`
			`// that support it, and dropping duplicates for other fields.`

test: use random ports where possible This helps to prevent issues where a failed test can keep a bound socket open long enough to cause other tests to fail with EADDRINUSE because the same port number is used. PR-URL: https://github.com/nodejs/node/pull/7045 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> 9 years ago			`require('../common');`
test: use const for all require() calls PR-URL: https://github.com/nodejs/node/pull/10550 Reviewed-By: Rich Trott <rtrott@gmail.com> 8 years ago			`const assert = require('assert');`
			`const http = require('http');`
http: concatenate duplicate headers by default 11 years ago
test: use eslint to fix var->const/let Manually fix issues that eslint --fix couldn't do automatically. PR-URL: https://github.com/nodejs/node/pull/10685 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io> 8 years ago			`const multipleAllowed = [`
http: concatenate duplicate headers by default 11 years ago			`'Accept',`
			`'Accept-Charset',`
			`'Accept-Encoding',`
			`'Accept-Language',`
			`'Connection',`
			`'Cookie',`
			`'DAV', // GH-2750`
			`'Pragma', // GH-715`
			`'Link', // GH-1187`
			`'WWW-Authenticate', // GH-1083`
			`'Proxy-Authenticate', // GH-4052`
			`'Sec-Websocket-Extensions', // GH-2764`
			`'Sec-Websocket-Protocol', // GH-2764`
			`'Via', // GH-6660`

			`// not a special case, just making sure it's parsed correctly`
			`'X-Forwarded-For',`

			`// make sure that unspecified headers is treated as multiple`
			`'Some-Random-Header',`
			`'X-Some-Random-Header',`
			`];`

test: use eslint to fix var->const/let Manually fix issues that eslint --fix couldn't do automatically. PR-URL: https://github.com/nodejs/node/pull/10685 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io> 8 years ago			`const multipleForbidden = [`
http: concatenate duplicate headers by default 11 years ago			`'Content-Type',`
			`'User-Agent',`
			`'Referer',`
			`'Host',`
			`'Authorization',`
			`'Proxy-Authorization',`
			`'If-Modified-Since',`
			`'If-Unmodified-Since',`
			`'From',`
			`'Location',`
			`'Max-Forwards',`

			`// special case, tested differently`
			`//'Content-Length',`
			`];`

test: use eslint to fix var->const/let Manually fix issues that eslint --fix couldn't do automatically. PR-URL: https://github.com/nodejs/node/pull/10685 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io> 8 years ago			`const srv = http.createServer(function(req, res) {`
http: concatenate duplicate headers by default 11 years ago			`multipleForbidden.forEach(function(header) {`
test: s/assert.equal/assert.strictEqual/ Use assert.strictEqual instead of assert.equal in tests, manually convert types where necessary. PR-URL: https://github.com/nodejs/node/pull/10698 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Teddy Katz <teddy.katz@gmail.com> 8 years ago			`assert.strictEqual(req.headers[header.toLowerCase()],`
			`'foo', 'header parsed incorrectly: ' + header);`
http: concatenate duplicate headers by default 11 years ago			`});`
			`multipleAllowed.forEach(function(header) {`
http: append Cookie header values with semicolon Previously, separate incoming Cookie headers would be concatenated with a comma, which can cause confusion in userland code when it comes to parsing the final Cookie header value. This commit concatenates using a semicolon instead. Fixes: https://github.com/nodejs/node/issues/11256 PR-URL: https://github.com/nodejs/node/pull/11259 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> 8 years ago			`const sep = (header.toLowerCase() === 'cookie' ? '; ' : ', ');`
test: s/assert.equal/assert.strictEqual/ Use assert.strictEqual instead of assert.equal in tests, manually convert types where necessary. PR-URL: https://github.com/nodejs/node/pull/10698 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Teddy Katz <teddy.katz@gmail.com> 8 years ago			`assert.strictEqual(req.headers[header.toLowerCase()],`
http: append Cookie header values with semicolon Previously, separate incoming Cookie headers would be concatenated with a comma, which can cause confusion in userland code when it comes to parsing the final Cookie header value. This commit concatenates using a semicolon instead. Fixes: https://github.com/nodejs/node/issues/11256 PR-URL: https://github.com/nodejs/node/pull/11259 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> 8 years ago			`'foo' + sep + 'bar',`
			`'header parsed incorrectly: ' + header);`
http: concatenate duplicate headers by default 11 years ago			`});`

tools: lint for object literal spacing There has been occasional nits for spacing in object literals in PRs but the project does not lint for it and it is not always handled consistently in the existing code, even on adjacent lines of a file. This change enables a linting rule requiring no space between the key and the colon, and requiring at least one space (but allowing for more so property values can be lined up if desired) between the colon and the value. This appears to be the most common style used in the current code base. Example code the complies with lint rule: myObj = { foo: 'bar' }; Examples that do not comply with the lint rule: myObj = { foo : 'bar' }; myObj = { foo:'bar' }; PR-URL: https://github.com/nodejs/node/pull/6592 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Brian White <mscdex@mscdex.net> 9 years ago			`res.writeHead(200, {'Content-Type': 'text/plain'});`
http: concatenate duplicate headers by default 11 years ago			`res.end('EOF');`

			`srv.close();`
			`});`

			`function makeHeader(value) {`
			`return function(header) {`
			`return [header, value];`
test: enable linting for tests Enable linting for the test directory. A number of changes was made so all tests conform the current rules used by lib and src directories. The only exception for tests is that unreachable (dead) code is allowed. test-fs-non-number-arguments-throw had to be excluded from the changes because of a weird issue on Windows CI. PR-URL: https://github.com/nodejs/io.js/pull/1721 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> 10 years ago			`};`
http: concatenate duplicate headers by default 11 years ago			`}`

test: use eslint to fix var->const/let Manually fix issues that eslint --fix couldn't do automatically. PR-URL: https://github.com/nodejs/node/pull/10685 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Roman Reiss <me@silverwind.io> 8 years ago			`const headers = []`
http: concatenate duplicate headers by default 11 years ago			`.concat(multipleAllowed.map(makeHeader('foo')))`
			`.concat(multipleForbidden.map(makeHeader('foo')))`
			`.concat(multipleAllowed.map(makeHeader('bar')))`
deps: update http-parser to version 2.6.1 includes parsing improvements to ensure closer HTTP spec conformance PR-URL: https://github.com/nodejs/node-private/pull/26 Reviewed-By: Rod Vagg <r@va.gg> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> 9 years ago			`.concat(multipleForbidden.map(makeHeader('bar')));`
http: concatenate duplicate headers by default 11 years ago
test: use random ports where possible This helps to prevent issues where a failed test can keep a bound socket open long enough to cause other tests to fail with EADDRINUSE because the same port number is used. PR-URL: https://github.com/nodejs/node/pull/7045 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> 9 years ago			`srv.listen(0, function() {`
http: concatenate duplicate headers by default 11 years ago			`http.get({`
			`host: 'localhost',`
test: use random ports where possible This helps to prevent issues where a failed test can keep a bound socket open long enough to cause other tests to fail with EADDRINUSE because the same port number is used. PR-URL: https://github.com/nodejs/node/pull/7045 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org> 9 years ago			`port: this.address().port,`
http: concatenate duplicate headers by default 11 years ago			`path: '/',`
			`headers: headers,`
			`});`
			`});`