diff options
author | James M Snell <jasnell@gmail.com> | 2015-09-27 11:55:47 -0700 |
---|---|---|
committer | James M Snell <jasnell@gmail.com> | 2015-10-06 14:53:21 -0700 |
commit | e655a437b3fde33151eab3606f6d3a06d5b8e681 (patch) | |
tree | de504b5b9b372069c0f69dee9c052cd8415dde71 /lib/_http_incoming.js | |
parent | 0094a8dad725e7b7a035d7c56332844cb105cba3 (diff) | |
download | android-node-v8-e655a437b3fde33151eab3606f6d3a06d5b8e681.tar.gz android-node-v8-e655a437b3fde33151eab3606f6d3a06d5b8e681.tar.bz2 android-node-v8-e655a437b3fde33151eab3606f6d3a06d5b8e681.zip |
http: do not allow multiple instances of certain response headers
Response headers such as ETag and Last-Modified do not permit
multiple instances, and therefore the comma-separated syntax is
not allowed. When multiple values for these headers are specified,
use only the first instance.
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
PR-URL: https://github.com/nodejs/node/pull/3090
Diffstat (limited to 'lib/_http_incoming.js')
-rw-r--r-- | lib/_http_incoming.js | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/_http_incoming.js b/lib/_http_incoming.js index e16f198dba..5377c84d5d 100644 --- a/lib/_http_incoming.js +++ b/lib/_http_incoming.js @@ -152,6 +152,12 @@ IncomingMessage.prototype._addHeaderLine = function(field, value, dest) { case 'from': case 'location': case 'max-forwards': + case 'retry-after': + case 'etag': + case 'last-modified': + case 'server': + case 'age': + case 'expires': // drop duplicates if (dest[field] === undefined) dest[field] = value; |