Fix the logic of resetting the socket timeout of keep-alive HTTP
connections and add two tests:
* `test-http-server-keep-alive-timeout-slow-server` is a regression test
for GH-13391. It ensures that the server-side keep-alive timeout will
not fire during processing of a request.
* `test-http-server-keep-alive-timeout-slow-client-headers` ensures that
the regular socket timeout is restored as soon as a client starts
sending a new request, not as soon as the whole message is received,
so that the keep-alive timeout will not fire while, e.g., the client
is sending large cookies.
Refs: https://github.com/nodejs/node/pull/2534
Fixes: https://github.com/nodejs/node/issues/13391
PR-URL: https://github.com/nodejs/node/pull/13549
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
PR-URL: https://github.com/nodejs/node/pull/13206
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Prevent the events listeners of the sockets obtained with the HTTP
upgrade mechanism from retaining unneeded memory.
Ref: https://github.com/nodejs/node/issues/11868
PR-URL: https://github.com/nodejs/node/pull/11926
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Where inclusion of a lengthy URL causes a line to exceed 80 characters
in our code base, do not report the line length as a linting error.
PR-URL: https://github.com/nodejs/node/pull/11890
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/10941
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Doc-only deprecation of the undocumented res.writeHeader() API.
Also makes res.writeHeader an alias of res.writeHead since the
previous implementation simply deferred to that method.
PR-URL: https://github.com/nodejs/node/pull/11355
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
ServerResponse#writeHead() coerces the user provided status code
to a number and then performs a range check. If the check fails,
a range error is thrown. The coerced status code is included in
the error message. This commit uses the user provided status code
instead.
PR-URL: https://github.com/nodejs/node/pull/11221
Reviewed-By: James M Snell <jasnell@gmail.com>
When emitting a 'connection' event on a httpServer, the function
connectionListener is called. Then, a new parser is created, and
'consume' method is called on the socket's externalStream. However,
if this stream was already consumed and unconsumed, the process
crashes with a cpp assert from the 'Consume' method in stream_base.h.
This commit makes sure that no SIGABRT will be raised and the process
will stay alive (after emitting the socket).
PR-URL: https://github.com/nodejs/node/pull/11015
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/10558
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
This commit implements two optimizations when working with headers:
* Avoid having to explicitly "render" headers and separately store the
original casing for header names.
* Match special header names using a single regular expression instead
of testing one regular expression per header name.
PR-URL: https://github.com/nodejs/node/pull/10558
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
By enforcing the statusCode to be an SMI, it helps a bit
performance-wise when looking up the associated statusMessage.
PR-URL: https://github.com/nodejs/node/pull/10558
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Adding all used properties in the constructor makes the hidden class
stable and heap snapshots more verbose.
Refs: https://github.com/nodejs/node/issues/8912
PR-URL: https://github.com/nodejs/node/pull/9116
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Minor fix to favor strict equality in http_server.js and tls_wrap.js
to ensure accurate comparisons without type coercion.
PR-URL: https://github.com/nodejs/node/pull/9849
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Previously, the reason argument passed to ServerResponse#writeHead was
not being properly validated. One could pass CRLFs which could lead to
http response splitting. This commit changes the behavior to throw an
error in the event any invalid characters are included in the reason.
CVE-2016-5325
PR-URL: https://github.com/nodejs/node-private/pull/60
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
There has been occasional nits for spacing in object literals in PRs but
the project does not lint for it and it is not always handled
consistently in the existing code, even on adjacent lines of a file.
This change enables a linting rule requiring no space between the key
and the colon, and requiring at least one space (but allowing for more
so property values can be lined up if desired) between the colon and the
value. This appears to be the most common style used in the current code
base.
Example code the complies with lint rule:
myObj = { foo: 'bar' };
Examples that do not comply with the lint rule:
myObj = { foo : 'bar' };
myObj = { foo:'bar' };
PR-URL: https://github.com/nodejs/node/pull/6592
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
When underlying `net.Socket` instance is consumed in http server - no
`data` events are emitted, and thus `socket.setTimeout` fires the
callback even if the data is constantly flowing into the socket.
Fix this by calling `socket._unrefTimer()` on every `onParserExecute`
call.
Fix: #5899
PR-URL: https://github.com/nodejs/node/pull/6286
Reviewed-By: James M Snell <jasnell@gmail.com>
With an indentation style of two spaces, it is not possible to indent
multiline variable declarations by four spaces. Instead, the var keyword
is used on every new line.
Use const instead of var where applicable for changed lines.
PR-URL: https://github.com/nodejs/io.js/pull/2286
Reviewed-By: Roman Reiss <me@silverwind.io>
Now returns a 417 error status or allows for an event listener on
the `checkExpectation` event. Before we were ignoring requests that
had misspelled `100-continue` values for expect headers.
This is a quick port of the work done here:
https://github.com/nodejs/node-v0.x-archive/pull/7132 by alFReD-NSH
with surrounding discussion here:
https://github.com/nodejs/node-v0.x-archive/issues/4651
Also updates all the instances of the deprecated
EventEmitter.listenerCount to the current self.listenerCount. Most
of these were in the new code ported over but there was another
legacy instance.
Refs: #2403
PR-URL: https://github.com/nodejs/node/pull/4501
Reviewed-By: James M Snell <jasnell@gmail.com>
Make default `clientError` behavior (close socket immediately)
overridable. With this APIs it is possible to write a custom error
handler, and to send, for example, a 400 HTTP response.
http.createServer(...).on('clientError', function(err, socket) {
socket.end('HTTP/1.1 400 Bad Request\r\n\r\n');
socket.destroy();
});
Fix: #4543
PR-URL: https://github.com/nodejs/node/pull/4557
Reviewed-By: Brian White <mscdex@mscdex.net>
This is a two-part fix:
- Fix pending data notification in `OutgoingMessage` to notify server
about flushed data too
- Fix pause/resume behavior for the consumed socket. `resume` event is
emitted on a next tick, and `socket._paused` can already be `true` at
this time. Pause the socket again to avoid PAUSED error on parser.
Fix: https://github.com/nodejs/node/issues/3332
PR-URL: https://github.com/nodejs/node/pull/3342
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Account pending response data to decide whether pause the socket or
not. Writable stream state is a not reliable measure, because it just
says how much data is pending on a **current** request, thus not helping
much with problem we are trying to solve here.
PR-URL: https://github.com/nodejs/node/pull/3128
The `events` module already exports `EventEmitter` constructor function
So, we don't have to use `events.EventEmitter` to access it.
Refer: https://github.com/nodejs/node/pull/2896
PR-URL: https://github.com/nodejs/node/pull/2921
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Socket resume may happen on a next tick, and in following scenario:
1. `socket.resume()`
2. `socket._handle.close()`
3. `socket._handle = null;`
The `_resume` will be invoked with empty `._handle` property. There is
nothing bad about it, and we should just ignore the `resume`/`pause`
events in this case.
Same applies to the unconsuming of socket on adding `data` and/or
`readable` event listeners.
Fix: https://github.com/nodejs/node/issues/2821
PR-URL: https://github.com/nodejs/node/pull/2824
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Now parts of our public and public-ish APIs fall back to old-style
listenerCount() if the emitter does not have a listenerCount function.
Fixes: https://github.com/nodejs/node/issues/2655
Refs: 8f58fb92ff
PR-URL: https://github.com/nodejs/node/pull/2661
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
As per the discussion in #734, this patch deprecates the usage of
`EventEmitter.listenerCount` static function in the docs, and introduces
the `listenerCount` function in the prototype of `EventEmitter` itself.
PR-URL: https://github.com/nodejs/node/pull/2349
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
* adds missing HTTP status codes
* corrects those with a wrong description
* the falsely included codes have been kept
PR-URL: https://github.com/nodejs/io.js/pull/1470
Reviewed-By: Brendan Ashworth <brendan.ashworth@me.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Modifies the setTimeout methods for the following prototypes:
- http.ClientRequest
- http.IncomingMessage
- http.OutgoingMessage
- http.Server
- https.Server
- net.Socket
- tls.TLSSocket
Previously, the above functions returned undefined. They now return
`this`. This is useful for chaining function calls.
PR-URL: https://github.com/nodejs/io.js/pull/1699
Reviewed-By: Roman Reiss <me@silverwind.io>
This commit adds the ability to enable userspace tracing with lttng
in io.js. It adds tracepoints for all the equivalent dtrace and ETW
tracepoints. To use these tracepoints enable --with-lttng on linux.
PR-URL: https://github.com/iojs/io.js/pull/702
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ryan Graham <ryan@strongloop.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Many of the util.is*() methods used to check data types
simply compare against a single value or the result of
typeof. This commit replaces calls to these methods with
equivalent checks. This commit does not touch calls to the
more complex methods (isRegExp(), isDate(), etc.).
Fixes: https://github.com/iojs/io.js/issues/607
PR-URL: https://github.com/iojs/io.js/pull/647
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit replaces a number of var statements throughout
the lib code with const statements.
PR-URL: https://github.com/iojs/io.js/pull/541
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
The copyright and license notice is already in the LICENSE file. There
is no justifiable reason to also require that it be included in every
file, since the individual files are not individually distributed except
as part of the entire package.
Turn on strict mode for the files in the lib/ directory. It helps
catch bugs and can have a positive effect on performance.
PR-URL: https://github.com/node-forward/node/pull/64
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Make it a little harder to slip in use-after-free bugs by nulling out
references to the parser object after handing it off to freeParser().
Reviewed-by: Trevor Norris <trev.norris@gmail.com>