From 2f5bef4705de7aefeaf58d15ee270239d98d5b89 Mon Sep 17 00:00:00 2001 From: Anatoli Papirovski Date: Tue, 19 Sep 2017 09:56:09 -0400 Subject: http2: expand list of known headers Add access-control-*, dnt, forwarded, trailer, tk, upgrade-insecure-requests, warning, x-content-type-options and x-frame-options to known list of headers for HTTP2. Expand tests to account for these headers. Fixes: https://github.com/nodejs/node/issues/15337 Refs: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers Refs: https://www.w3.org/TR/cors/#syntax Refs: https://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#dnt-header-field Refs: https://tools.ietf.org/html/rfc7239#section-4 Refs: https://tools.ietf.org/html/rfc7230#section-4.4 Refs: https://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#response-header-field Refs: https://www.w3.org/TR/upgrade-insecure-requests/#preference Refs: https://tools.ietf.org/html/rfc7234#section-5.5 Refs: https://fetch.spec.whatwg.org/#x-content-type-options-header Refs: https://tools.ietf.org/html/rfc7034 PR-URL: https://github.com/nodejs/node/pull/15434 Reviewed-By: James M Snell Reviewed-By: Colin Ihrig Reviewed-By: Franziska Hinkelmann Reviewed-By: Luigi Pinca Reviewed-By: Ruben Bridgewater --- src/node_http2.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'src/node_http2.h') diff --git a/src/node_http2.h b/src/node_http2.h index a5029bec37..68801eeb54 100644 --- a/src/node_http2.h +++ b/src/node_http2.h @@ -69,7 +69,14 @@ using v8::MaybeLocal; V(ACCEPT_LANGUAGE, "accept-language") \ V(ACCEPT_RANGES, "accept-ranges") \ V(ACCEPT, "accept") \ + V(ACCESS_CONTROL_ALLOW_CREDENTIALS, "access-control-allow-credentials") \ + V(ACCESS_CONTROL_ALLOW_HEADERS, "access-control-allow-headers") \ + V(ACCESS_CONTROL_ALLOW_METHODS, "access-control-allow-methods") \ V(ACCESS_CONTROL_ALLOW_ORIGIN, "access-control-allow-origin") \ + V(ACCESS_CONTROL_EXPOSE_HEADERS, "access-control-expose-headers") \ + V(ACCESS_CONTROL_MAX_AGE, "access-control-max-age") \ + V(ACCESS_CONTROL_REQUEST_HEADERS, "access-control-request-headers") \ + V(ACCESS_CONTROL_REQUEST_METHOD, "access-control-request-method") \ V(AGE, "age") \ V(ALLOW, "allow") \ V(AUTHORIZATION, "authorization") \ @@ -85,9 +92,11 @@ using v8::MaybeLocal; V(CONTENT_TYPE, "content-type") \ V(COOKIE, "cookie") \ V(DATE, "date") \ + V(DNT, "dnt") \ V(ETAG, "etag") \ V(EXPECT, "expect") \ V(EXPIRES, "expires") \ + V(FORWARDED, "forwarded") \ V(FROM, "from") \ V(HOST, "host") \ V(IF_MATCH, "if-match") \ @@ -109,13 +118,19 @@ using v8::MaybeLocal; V(SERVER, "server") \ V(SET_COOKIE, "set-cookie") \ V(STRICT_TRANSPORT_SECURITY, "strict-transport-security") \ + V(TRAILER, "trailer") \ V(TRANSFER_ENCODING, "transfer-encoding") \ V(TE, "te") \ + V(TK, "tk") \ + V(UPGRADE_INSECURE_REQUESTS, "upgrade-insecure-requests") \ V(UPGRADE, "upgrade") \ V(USER_AGENT, "user-agent") \ V(VARY, "vary") \ V(VIA, "via") \ + V(WARNING, "warning") \ V(WWW_AUTHENTICATE, "www-authenticate") \ + V(X_CONTENT_TYPE_OPTIONS, "x-content-type-options") \ + V(X_FRAME_OPTIONS, "x-frame-options") \ V(HTTP2_SETTINGS, "http2-settings") \ V(KEEP_ALIVE, "keep-alive") \ V(PROXY_CONNECTION, "proxy-connection") -- cgit v1.2.3