diff options
| author | Albert Still <albertjamesstill@gmail.com> | 2019-01-21 17:47:32 +1100 |
|---|---|---|
| committer | Matteo Collina <hello@matteocollina.com> | 2019-02-01 19:48:23 +0100 |
| commit | bcf2886a84407028572fd1084242a1c789c056f8 (patch) | |
| tree | 7453ccd2287079cc3755ae4f2a3e4e7ab79fc2da /doc | |
| parent | a861adde3bc22dec07e67f199be5f2c2aa226b44 (diff) | |
| download | android-node-v8-bcf2886a84407028572fd1084242a1c789c056f8.tar.gz android-node-v8-bcf2886a84407028572fd1084242a1c789c056f8.tar.bz2 android-node-v8-bcf2886a84407028572fd1084242a1c789c056f8.zip | |
http: return HTTP 431 on HPE_HEADER_OVERFLOW error
Instead of returning a generic 400 response when the
max header size is reached, return a 431 Request Header
Fields Too Large.
This is a semver-major because it changes the HTTP
status code for requests that trigger the header
overflow error.
PR-URL: https://github.com/nodejs/node/pull/25605
Fixes: https://github.com/nodejs/node/issues/25528
Refs: https://tools.ietf.org/html/rfc6585#section-5
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/api/http.md | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/doc/api/http.md b/doc/api/http.md index 7f0b39cbb1..149fc53668 100644 --- a/doc/api/http.md +++ b/doc/api/http.md @@ -829,6 +829,10 @@ changes: description: The `rawPacket` is the current buffer that just parsed. Adding this buffer to the error object of `'clientError'` event is to make it possible that developers can log the broken packet. + - version: REPLACEME + pr-url: https://github.com/nodejs/node/pull/25605 + description: The default behavior will return a 431 Request Header + Fields Too Large if a HPE_HEADER_OVERFLOW error occurs. --> * `exception` {Error} @@ -839,8 +843,10 @@ Listener of this event is responsible for closing/destroying the underlying socket. For example, one may wish to more gracefully close the socket with a custom HTTP response instead of abruptly severing the connection. -Default behavior is to close the socket with an HTTP '400 Bad Request' response -if possible, otherwise the socket is immediately destroyed. +Default behavior is to try close the socket with a HTTP '400 Bad Request', +or a HTTP '431 Request Header Fields Too Large' in the case of a +[`HPE_HEADER_OVERFLOW`][] error. If the socket is not writable it is +immediately destroyed. `socket` is the [`net.Socket`][] object that the error originated from. @@ -2171,3 +2177,4 @@ not abort the request or do anything besides add a `'timeout'` event. [`url.parse()`]: url.html#url_url_parse_urlstring_parsequerystring_slashesdenotehost [Readable Stream]: stream.html#stream_class_stream_readable [Stream]: stream.html#stream_stream +[`HPE_HEADER_OVERFLOW`]: errors.html#errors_hpe_header_overflow |