Ensure that the parser is freed before emitting the 'connect' or
'upgrade' event.
PR-URL: https://github.com/nodejs/node/pull/18209
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Jon Moss <me@jonathanmoss.me>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Fix a bug where a connection upgrade response with a Transfer-Encoding
header and a body whose first byte is > 127 causes said byte to be
dropped on the floor when passing the remainder of the message to
the 'upgrade' event listeners.
Fixes: https://github.com/nodejs/node/issues/17789
PR-URL: https://github.com/nodejs/node/pull/17806
Fixes: https://github.com/nodejs/node/issues/17789
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
rename initTriggerId to defaultTriggerAsyncId such it matches the rest
of our naming.
PR-URL: https://github.com/nodejs/node/pull/17273
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This adds computed properties to readable and writable streams to
allow access to the readable buffer, the writable buffer, and flow
state without accessing the readable or writable state.
These are the only uses of readable and writable state in the docs
so adding these work arounds allows them to be removed from the docs.
This also updates net, http_client and http_server to use the new
methods instead of manipulating readable and writable state directly.
See: https://github.com/nodejs/node/issues/445
PR-URL: https://github.com/nodejs/node/pull/12855
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit changes node's handling of two-byte characters in
the path component of an http URL. Previously, node would just
strip the higher byte when generating the request. So this code:
```
http.request({host: "example.com", port: "80", "/N"})
```
would request `http://example.com/.`
(`.` is the character for the byte `0x2e`).
This is not useful and can in some cases lead to filter evasion.
With this change, the code generates `ERR_UNESCAPED_CHARACTERS`,
just like space and control characters already did.
PR-URL: https://github.com/nodejs/node/pull/16237
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/16923
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
The initials of expected in TypeError[ERR_INVALID_ARG_TYPE]
are inconsistent. This change is to unify them.
PR-URL: https://github.com/nodejs/node/pull/16401
Fixes: https://github.com/nodejs/node/issues/16383
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Support generic `Duplex` streams through more duck typing
on the server and client sides.
Since HTTP is, as a protocol, independent of its underlying transport
layer, Node.js should not enforce any restrictions on what streams
its HTTP parser may use.
Ref: https://github.com/nodejs/node/issues/16256
PR-URL: https://github.com/nodejs/node/pull/16267
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Emit close event after all other events in the client, e.g.
error will be emitted before close.
PR-URL: https://github.com/nodejs/node/pull/15588
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
This change is to unify the declaration for constants into using
destructuring on the top-level-module scope, reducing some redundant
code.
PR-URL: https://github.com/nodejs/node/pull/16063
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Makes `Connection: keep-alive` behave correctly when making client
connections to UNIX domain sockets.
Prior to this, connections would never be re-used, but the keep-alive
would cause the connections to stick around until they time out. This
would lead to an eventual EMFILE error due to all the connections
staying open. This was due to http.Agent not properly supporting UNIX
domain sockets.
PR-URL: https://github.com/nodejs/node/pull/13214
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
`request.setTimeout()` calls `socket.setTimeout()` as soon as a socket
is assigned to the request. This makes the `timeout` event to be
emitted on the request even if the underlying socket never connects.
This commit makes `socket.setTimeout()` to be called only when the
underlying socket is connected.
PR-URL: https://github.com/nodejs/node/pull/8895
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
req.socket._hadError should be set before emitting the error event.
PR-URL: https://github.com/nodejs/node/pull/14659
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
This commit allows self signed certificates to work with
unix sockets by forwarding the rejectUnauthorized option.
Fixes: https://github.com/nodejs/node/issues/13470
PR-URL: https://github.com/nodejs/node/pull/13505
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/13206
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Add type checking for options.hostname / options.host
Maintains the use of `undefined` and `null` for default `localhost`,
but other falsy values (like `false`, `0` and `NaN`) are rejected.
PR-URL: https://github.com/nodejs/node/pull/12494
Ref: https://github.com/nodejs/node/issues/12488
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
PR-URL: https://github.com/nodejs/node/pull/11567
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/10941
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
When parameter count is fixed, use literal Array instance is more
simply and avoid arguments leak also.
PR-URL: https://github.com/nodejs/node/pull/10833
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
`request.abort()` did not destroy the socket if it was called
before a socket was assigned to the request and the request
did not use an `Agent` or a Unix Domain Socket was used.
Fixes: https://github.com/nodejs/node/issues/10812
PR-URL: https://github.com/nodejs/node/pull/10818
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
As per https://github.com/nodejs/node/issues/9069
unexpected things can happen when supplying an
unexpected value to agent. Beings as the docs
clearly state the expected values, this throws
an error on an unexpected value.
PR-URL: https://github.com/nodejs/node/pull/10053
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
This commit implements two optimizations when working with headers:
* Avoid having to explicitly "render" headers and separately store the
original casing for header names.
* Match special header names using a single regular expression instead
of testing one regular expression per header name.
PR-URL: https://github.com/nodejs/node/pull/10558
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Adding all used properties in the constructor makes the hidden class
stable and heap snapshots more verbose.
Refs: https://github.com/nodejs/node/issues/8912
PR-URL: https://github.com/nodejs/node/pull/9116
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
In order to prevent a memory leak when using keep alive, ensure that the
timeout listener for the request is removed when the response has ended.
PR-URL: https://github.com/nodejs/node/pull/9440
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Prior to this commit, it was possible to pass a truthy non-string
value as the HTTP method to the HTTP client, resulting in an
exception being thrown. This commit adds validation to the method.
PR-URL: https://github.com/nodejs/node/pull/10111
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Unsanitized paths containing line feed characters can be used for
header injection and request splitting so reject them with an exception.
There seems to be no reasonable use case for allowing control characters
(characters <= 31) while there are several scenarios where they can be
used to exploit software bugs so reject control characters altogether.
PR-URL: https://github.com/nodejs/node/pull/8923
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: not-an-aardvark <not-an-aardvark@users.noreply.github.com>
This allows passing the socket connection timeout to http#request
such that it will be set before the socket is connecting
PR-URL: https://github.com/nodejs/node/pull/8101
Fixes: https://github.com/nodejs/node/issues/7580
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ilkka Myller <ilkka.myller@nodefield.com>
When `free`ing the socket to be reused in keep-alive Agent wait for
both `prefinish` and `end` events. Otherwise the next request may be
written before the previous one has finished sending the body, leading
to a parser errors.
PR-URL: https://github.com/nodejs/node/pull/7149
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
When handling a response to `CONNECT` request - skip message body
and do not attempt to parse the next message. `CONNECT` requests are
used in similar sense to HTTP Upgrade.
Fix: https://github.com/nodejs/node/pull/6198
PR-URL: https://github.com/nodejs/node/pull/6279
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
IPv6 addresses in Host header (URI), must be enclosed within
square brackets, in order to properly separate the host address
from any port reference.
PR-URL: https://github.com/nodejs/node/pull/5314
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Several changes:
* Soft-Deprecate Buffer() constructors
* Add `Buffer.from()`, `Buffer.alloc()`, and `Buffer.allocUnsafe()`
* Add `--zero-fill-buffers` command line option
* Add byteOffset and length to `new Buffer(arrayBuffer)` constructor
* buffer.fill('') previously had no effect, now zero-fills
* Update the docs
PR-URL: https://github.com/nodejs/node/pull/4682
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
