This makes it easier to see what header has an invalid value.
PR-URL: #9195
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
checkIsHttpToken() already checks for typeof string. We do not
want to check twice.
PR-URL: https://github.com/nodejs/node/pull/7985
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/7949
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
When node began using the OneByte API (f150d56) it also switched to
officially supporting ISO-8859-1. Though at the time no new encoding
string was introduced.
Introduce the new encoding string 'latin1' to be more explicit. The
previous 'binary' and documented as an alias to 'latin1'. While many
tests have switched to use 'latin1', there are still plenty that do both
'binary' and 'latin1' checks side-by-side to ensure there is no
regression.
PR-URL: https://github.com/nodejs/node/pull/7111
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Take advantage of arrow function lexical `this` to avoid defining a
`self = this` var which was only used once.
Code relating to the `finish` event was split in to two areas of the
parent function. Gathered it together to clarify association within the
script.
Fixes: https://github.com/nodejs/node/issues/7295
PR-URL: https://github.com/nodejs/node/pull/7378
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Several changes:
* Soft-Deprecate Buffer() constructors
* Add `Buffer.from()`, `Buffer.alloc()`, and `Buffer.allocUnsafe()`
* Add `--zero-fill-buffers` command line option
* Add byteOffset and length to `new Buffer(arrayBuffer)` constructor
* buffer.fill('') previously had no effect, now zero-fills
* Update the docs
PR-URL: https://github.com/nodejs/node/pull/4682
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
The value passed to `process.nextTick()` which is passed to the
callback is already a valid object, so the conditional will always
evaluate to true.
PR-URL: https://github.com/nodejs/node/pull/5233
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
This just removes an assignment to `ret` of a value that's not used before
it's overwritten. Immediately following the assigment is an `if/else` in
which both branches assign to `ret` without using it.
PR-URL: https://github.com/nodejs/node/pull/4323
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit fixes some error messages that are not consistent with
some general rules which most of the error messages follow.
PR-URL: https://github.com/nodejs/node/pull/3374
Reviewed-By: Roman Reiss <me@silverwind.io>
- This check is already covered in EventEmitter#addListener()
Refs: https://github.com/nodejs/node/pull/3618
PR-URL: https://github.com/nodejs/node/pull/3631
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
This is a two-part fix:
- Fix pending data notification in `OutgoingMessage` to notify server
about flushed data too
- Fix pause/resume behavior for the consumed socket. `resume` event is
emitted on a next tick, and `socket._paused` can already be `true` at
this time. Pause the socket again to avoid PAUSED error on parser.
Fix: https://github.com/nodejs/node/issues/3332
PR-URL: https://github.com/nodejs/node/pull/3342
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Make sure that the pipelined response data will be written as less TCP
packets as possible.
PR-URL: https://github.com/nodejs/node/pull/3172
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
We were checking that the callback existed, but not
checking that it was a function. In `setTimeout`, if
callback is truthy but not a function, throw a
TypeError
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
PR-URL: https://github.com/nodejs/node/pull/3090
Account pending response data to decide whether pause the socket or
not. Writable stream state is a not reliable measure, because it just
says how much data is pending on a **current** request, thus not helping
much with problem we are trying to solve here.
PR-URL: https://github.com/nodejs/node/pull/3128
Ref: https://github.com/nodejs/node-convergence-archive/issues/13
This adds a new check for header and trailer fields names and method
names to ensure that they conform to the HTTP token rule. If they do
not, a `TypeError` is thrown.
Previously this had an additional `strictMode` option that has been
removed in favor of making the strict check the default (and only)
behavior.
Doc and test case are included.
On the client-side
```javascript
var http = require('http');
var url = require('url');
var p = url.parse('http://localhost:8888');
p.headers = {'testing 123': 123};
http.client(p, function(res) { }); // throws
```
On the server-side
```javascript
var http = require('http');
var server = http.createServer(function(req,res) {
res.setHeader('testing 123', 123); // throws
res.end('...');
});
```
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Trevor Norris <trevnorris@nodejs.org>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
PR-URL: https://github.com/nodejs/node/pull/2526
Commit 3c293ba ("http: protect against response splitting attacks")
filters out newline characters from HTTP headers but forgot to apply
the same logic to trailing HTTP headers, i.e., headers that come after
the response body. This commit rectifies that.
The expected security impact is low because approximately no one uses
trailing headers. Some HTTP clients can't even parse them.
PR-URL: https://github.com/nodejs/node/pull/2945
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Rod Vagg <r@va.gg>
Changes included in this commit are
1. Making the deprecation messages consistent. The messages will be in
the following format
x is deprecated. Use y instead.
If there is no alternative for `x`, then the ` Use y instead.` part
will not be there in the message.
2. All the internal deprecation messages are printed with the prefix
`(node) `, except when the `--trace-deprecation` flag is set.
Fixes: https://github.com/nodejs/io.js/issues/1883
PR-URL: https://github.com/nodejs/io.js/pull/1892
Reviewed-By: Roman Reiss <me@silverwind.io>
Modifies the setTimeout methods for the following prototypes:
- http.ClientRequest
- http.IncomingMessage
- http.OutgoingMessage
- http.Server
- https.Server
- net.Socket
- tls.TLSSocket
Previously, the above functions returned undefined. They now return
`this`. This is useful for chaining function calls.
PR-URL: https://github.com/nodejs/io.js/pull/1699
Reviewed-By: Roman Reiss <me@silverwind.io>
This changes the behavior for http to send send a Content-Length header
instead of using chunked encoding when we know the size of the body when
sending the headers.
Fixes: https://github.com/iojs/io.js/issues/1044
PR-URL: https://github.com/iojs/io.js/pull/1062
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Brian White <mscdex@mscdex.net>
This commit does some small optimization changes on
`lib/_http_outgoing.js`. These include switching from `while` loops to
`for` loops, moving away from `util` to `typeof` checks, and removing
dead code. It also includes variable caches to avoid lookups and
generic style changes. All in all, much faster execution.
It gets an across the board increase in req/sec on the benchmarks,
from my experience about a 10% increase.
PR-URL: https://github.com/iojs/io.js/pull/605
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Nicu Micleușanu <micnic90@gmail.com>
Reviewed-By: Christian Vaagland Tellnes <christian@tellnes.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
If you set a custom http header which includes eg. the string `Date`,
then http will not automatically send the `Date` header.
This is also true for other automatic http headers.
PR-URL: https://github.com/iojs/io.js/pull/828
Reviewed-By: Brendan Ashworth <brendan.ashworth@me.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
Many of the util.is*() methods used to check data types
simply compare against a single value or the result of
typeof. This commit replaces calls to these methods with
equivalent checks. This commit does not touch calls to the
more complex methods (isRegExp(), isDate(), etc.).
Fixes: https://github.com/iojs/io.js/issues/607
PR-URL: https://github.com/iojs/io.js/pull/647
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit replaces a number of var statements throughout
the lib code with const statements.
PR-URL: https://github.com/iojs/io.js/pull/541
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
The copyright and license notice is already in the LICENSE file. There
is no justifiable reason to also require that it be included in every
file, since the individual files are not individually distributed except
as part of the entire package.
Turn on strict mode for the files in the lib/ directory. It helps
catch bugs and can have a positive effect on performance.
PR-URL: https://github.com/node-forward/node/pull/64
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Several fields on OutgoingMessage were set after instantiation. These
have been included in the constructor to prevent mutation of the object
map after instantiation.
"name" is now explicitly checked to be a string. Where before if a
non-string was passed the following cryptic error was thrown:
_http_outgoing.js:334
var key = name.toLowerCase();
^
TypeError: undefined is not a function
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
When calling write() after end() has been called on an OutgoingMessage,
an error is emitted and the write's callback is called with an instance
of Error.
Fix#7477.
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Forcibly flushes the request headers. You need this with long-lived
HTTP connections where the first data isn't written until the connection
has been established (think: tunneling requests over HTTP CONNECT.)
Fixes#7296.
Signed-off-by: Fedor Indutny <fedor@indutny.com>
This allows automatically-inserted headers to be removed permanently by
calling OutgoingMessage.removeHeader() on them, as if they were normal
headers.
In other Writable streams, the 'finish' event means that all of the data
was written, and flushed to the underlying system.
The 'prefinish' event means that end() was called, and all of the data
was processed, but not necessarily completely flushed.
This change brings the http OutgoingMessage classes more in sync with
the other Writable classes throughout Node.
Unfortunately, this change highlights an issue with http
IncomingMessages, where the _dump() method will not actually pull the
data off the wire. This is a minor issue that is typically only
relevant in test cases, and will be addressed in the next commit.
This removes a dubious performance "optimization" where strings body
chunks were concatenated to one another (and to the headers) without any
regard for their encoding.