PR-URL: https://github.com/nodejs/node/pull/31793
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Our docs have a mix of "hostname" and "host name" in prose.
Let's follow the usage of Unix man pages, RFCs, and most
professionally-edited sources, and use "host name" in prose and
"hostname" to refer to the command and in code.
Lint rule forthcoming.
PR-URL: https://github.com/nodejs/node/pull/31326
Refs: https://github.com/nodejs/node/pull/31073
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
The keylog event is implemented on TLS sockets, but client HTTPS uses
TLS sockets managed by an agent, so accessing the underlying socket
before the TLS handshake completed was not possible. Note that server
HTTPS already supports the keylog event because it inherits from the TLS
server.
PR-URL: https://github.com/nodejs/node/pull/30053
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Convert to asterisks when there are mixed styles in document.
Addresses Markdownlint MD004 rule
PR-URL: https://github.com/nodejs/node/pull/29516
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
These are rendered as single breaks.
Addresses Markdownlint MD012 rule.
PR-URL: https://github.com/nodejs/node/pull/29352
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/29256
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Stop automatically setting servername in https.request() if the target
host is specified with an IP address. Doing so is invalid, and triggers
a deprecation warning. It is still possible to send an IP address as a
servername if its required, but it needs to be explicity configured, it
won't happen automatically.
PR-URL: https://github.com/nodejs/node/pull/28209
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
There is no way to disable SNI extension when sending a request to HTTPS
server. Setting `options.servername` to a falsy value would make Node.js
core override it with either hostname or ip address.
This change introduces a way to disable SNI completely if this is
required for user's application. Setting `options.servername` to ``
in `https.request` would disable overrides and thus disable the
extension.
PR-URL: https://github.com/nodejs/node/pull/27316
Reviewed-By: Steven R Loomis <srloomis@us.ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
CVE-2018-12122
An attacker can send a char/s within headers and exahust the resources
(file descriptors) of a system even with a tight max header length
protection. This PR destroys a socket if it has not received the headers
in 40s.
PR-URL: https://github.com/nodejs-private/node-private/pull/144
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit supplements some types and their corresponding return
values in docs, including `AsyncResource`, `DiffieHellman`,
`ECDH`, `https.Server`, `repl.REPLServer`.
PR-URL: https://github.com/nodejs/node/pull/23998
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/22949
Refs: https://github.com/nodejs/node/pull/21616
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Some nits were also fixed in passing.
PR-URL: https://github.com/nodejs/node/pull/22537
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Notable changes:
* buffer:
* Fix out-of-bounds (OOB) write in `Buffer.write()` for UCS-2 encoding
(CVE-2018-12115)
* Fix unintentional exposure of uninitialized memory in `Buffer.alloc()`
(CVE-2018-7166)
* deps:
* Upgrade to OpenSSL 1.1.0i, fixing:
- Client DoS due to large DH parameter (CVE-2018-0732)
- ECDSA key extraction via local side-channel (CVE not assigned)
* Upgrade V8 from 6.7 to 6.8 (Michaël Zasso) #21079
- Memory reduction and performance improvements, details at:
https://v8project.blogspot.com/2018/06/v8-release-68.html
* http: `http.get()` and `http.request()` (and `https` variants) can now accept
three arguments to allow for a `URL` _and_ an `options` object
(Sam Ruby) #21616
* Added new collaborators
* Sam Ruby (https://github.com/rubys)
* George Adams (https://github.com/gdams)
PR-URL: https://github.com/nodejs/node/pull/21782
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
In Refs, http.Server's maxHeadersCount field was defined in the
constructor to make hidden class stable and so on. Also in https.Server,
we can use maxHeadersCount the same as http via connectionListener. So,
defines it in the constructor and documentation.
Refs: https://github.com/nodejs/node/pull/9116
PR-URL: https://github.com/nodejs/node/pull/20359
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Some other formatting nits were fixed
and some superfluous descriptions were simplified in passing.
PR-URL: https://github.com/nodejs/node/pull/20401
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This switches the url parser from `url.parse()` to the WHATWG URL
parser while keeping `url.parse()` as fallback.
Also add tests for invalid url deprecations and correct hostname
checks.
PR-URL: https://github.com/nodejs/node/pull/20270
Fixes: https://github.com/nodejs/node/issues/19468
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
PR-URL: https://github.com/nodejs/node/pull/19915
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Include example on how to pin certificate and/or public key
PR-URL: https://github.com/nodejs/node/pull/17690
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Adds the remaining options from tls.createSecureContext() to the
string generated by Agent#getName(). This allows https.request() to
accept the options and generate unique sockets appropriately.
PR-URL: https://github.com/nodejs/node/pull/16402
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This adds the optional options argument to `http.createServer()`.
It contains two options: the `IncomingMessage` and `ServerReponse`
option.
PR-URL: https://github.com/nodejs/node/pull/15752
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Install URL and URLSearchParams on the global object, like they can be
found in browser environments.
PR-URL: https://github.com/nodejs/node/pull/18281
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
The PR number included for this api addition was originally incorrect.
PR-URL: https://github.com/nodejs/node/pull/17630
Refs: https://github.com/nodejs/node/pull/14903
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jon Moss <me@jonathanmoss.me>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
The `net`, `tls`, `http` and `https` module have the same
`server.listen()` method, but have a different documenation.
Changed to a consistent link to the documentation of the `net` module.
PR-URL: https://github.com/nodejs/node/pull/16020
Reviewed-By: Bryan English <bryan@bryanenglish.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Each page of the API documentation should have links to other versions
of the same page. This will make it easier to switch between the current
"live" release at nodejs.org and LTS versions.
PR-URL: https://github.com/nodejs/node/pull/10958
Fixes: https://github.com/nodejs/node/issues/10726
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
`opts` in `createServer` will be immutable that won't change origional
opts value. What's more, it's optional which can make `requestListener`
be the first argument.
PR-URL: https://github.com/nodejs/node/pull/13599
Fixes: https://github.com/nodejs/node/issues/13584
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Yorkie Liu <yorkiefixer@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
