http: return HTTP 431 on HPE_HEADER_OVERFLOW error

Instead of returning a generic 400 response when the
max header size is reached, return a 431 Request Header
Fields Too Large.

This is a semver-major because it changes the HTTP
status code for requests that trigger the header
overflow error.

PR-URL: https://github.com/nodejs/node/pull/25605
Fixes: https://github.com/nodejs/node/issues/25528
Refs: https://tools.ietf.org/html/rfc6585#section-5

Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>

1 files changed, 6 insertions, 1 deletions

diff --git a/lib/_http_server.js b/lib/_http_server.js
index 24ebd41bb5..5a714da6b6 100644
--- a/lib/_http_server.js
+++ b/lib/_http_server.js
@@ -507,6 +507,9 @@ const noop = () => {};
 const badRequestResponse = Buffer.from(
   `HTTP/1.1 400 ${STATUS_CODES[400]}${CRLF}${CRLF}`, 'ascii'
 );
+const requestHeaderFieldsTooLargeResponse = Buffer.from(
+  `HTTP/1.1 431 ${STATUS_CODES[431]}${CRLF}${CRLF}`, 'ascii'
+);
 function socketOnError(e) {
   // Ignore further errors
   this.removeListener('error', socketOnError);
@@ -514,7 +517,9 @@ function socketOnError(e) {
 
   if (!this.server.emit('clientError', e, this)) {
     if (this.writable) {
-      this.write(badRequestResponse);
+      const response = e.code === 'HPE_HEADER_OVERFLOW' ?
+        requestHeaderFieldsTooLargeResponse : badRequestResponse;
+      this.write(response);
     }
     this.destroy(e);
   }