http: llhttp opt-in insecure HTTP header parsing

Allow insecure HTTP header parsing. Make clear it is insecure.

See:
- https://github.com/nodejs/node/pull/30553
- https://github.com/nodejs/node/issues/27711#issuecomment-556265881
- https://github.com/nodejs/node/issues/30515

PR-URL: https://github.com/nodejs/node/pull/30567
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Denys Otrishko <shishugi@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>

1 files changed, 3 insertions, 1 deletions

diff --git a/lib/_http_client.js b/lib/_http_client.js
index ece93d14e0..7888ce27d5 100644
--- a/lib/_http_client.js
+++ b/lib/_http_client.js
@@ -39,6 +39,7 @@ const {
   freeParser,
   parsers,
   HTTPParser,
+  isLenient,
   prepareError,
 } = require('_http_common');
 const { OutgoingMessage } = require('_http_outgoing');
@@ -676,7 +677,8 @@ function tickOnSocket(req, socket) {
   req.socket = socket;
   parser.initialize(HTTPParser.RESPONSE,
                     new HTTPClientAsyncResource('HTTPINCOMINGMESSAGE', req),
-                    req.maxHeaderSize || 0);
+                    req.maxHeaderSize || 0,
+                    isLenient());
   parser.socket = socket;
   parser.outgoing = req;
   req.parser = parser;