diff options
author | Albert Still <albertjamesstill@gmail.com> | 2019-01-21 17:47:32 +1100 |
---|---|---|
committer | Matteo Collina <hello@matteocollina.com> | 2019-02-01 19:48:23 +0100 |
commit | bcf2886a84407028572fd1084242a1c789c056f8 (patch) | |
tree | 7453ccd2287079cc3755ae4f2a3e4e7ab79fc2da /lib/_http_server.js | |
parent | a861adde3bc22dec07e67f199be5f2c2aa226b44 (diff) | |
download | android-node-v8-bcf2886a84407028572fd1084242a1c789c056f8.tar.gz android-node-v8-bcf2886a84407028572fd1084242a1c789c056f8.tar.bz2 android-node-v8-bcf2886a84407028572fd1084242a1c789c056f8.zip |
http: return HTTP 431 on HPE_HEADER_OVERFLOW error
Instead of returning a generic 400 response when the
max header size is reached, return a 431 Request Header
Fields Too Large.
This is a semver-major because it changes the HTTP
status code for requests that trigger the header
overflow error.
PR-URL: https://github.com/nodejs/node/pull/25605
Fixes: https://github.com/nodejs/node/issues/25528
Refs: https://tools.ietf.org/html/rfc6585#section-5
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'lib/_http_server.js')
-rw-r--r-- | lib/_http_server.js | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/_http_server.js b/lib/_http_server.js index 24ebd41bb5..5a714da6b6 100644 --- a/lib/_http_server.js +++ b/lib/_http_server.js @@ -507,6 +507,9 @@ const noop = () => {}; const badRequestResponse = Buffer.from( `HTTP/1.1 400 ${STATUS_CODES[400]}${CRLF}${CRLF}`, 'ascii' ); +const requestHeaderFieldsTooLargeResponse = Buffer.from( + `HTTP/1.1 431 ${STATUS_CODES[431]}${CRLF}${CRLF}`, 'ascii' +); function socketOnError(e) { // Ignore further errors this.removeListener('error', socketOnError); @@ -514,7 +517,9 @@ function socketOnError(e) { if (!this.server.emit('clientError', e, this)) { if (this.writable) { - this.write(badRequestResponse); + const response = e.code === 'HPE_HEADER_OVERFLOW' ? + requestHeaderFieldsTooLargeResponse : badRequestResponse; + this.write(response); } this.destroy(e); } |