Skip to content

Commit

Permalink
https: add maxHeaderSize option for https server
Browse files Browse the repository at this point in the history
  • Loading branch information
Ayase-252 committed Jun 10, 2021
1 parent 82b44f4 commit 3956f4e
Show file tree
Hide file tree
Showing 3 changed files with 134 additions and 0 deletions.
4 changes: 4 additions & 0 deletions doc/api/https.md
Original file line number Diff line number Diff line change
Expand Up @@ -158,6 +158,10 @@ See [`http.Server#keepAliveTimeout`][].
## `https.createServer([options][, requestListener])`
<!-- YAML
added: v0.3.4
changes:
- version: REPLACEME
pr-url: REPLACEME
description: Support `maxHeaderSize` option.
-->

* `options` {Object} Accepts `options` from [`tls.createServer()`][],
Expand Down
7 changes: 7 additions & 0 deletions lib/https.js
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ let debug = require('internal/util/debuglog').debuglog('https', (fn) => {
const { URL, urlToHttpOptions, searchParamsSymbol } = require('internal/url');
const { IncomingMessage, ServerResponse } = require('http');
const { kIncomingMessage } = require('_http_common');
const { validateInteger } = require('internal/validators');

function Server(opts, requestListener) {
if (!(this instanceof Server)) return new Server(opts, requestListener);
Expand All @@ -67,6 +68,12 @@ function Server(opts, requestListener) {
opts.ALPNProtocols = ['http/1.1'];
}

this.maxHeaderSize = 0;
if (opts.maxHeaderSize !== undefined) {
validateInteger(opts.maxHeaderSize, 'maxHeaderSize', 0);
this.maxHeaderSize = opts.maxHeaderSize;
}

this[kIncomingMessage] = opts.IncomingMessage || IncomingMessage;
this[kServerResponse] = opts.ServerResponse || ServerResponse;

Expand Down
123 changes: 123 additions & 0 deletions test/parallel/test-https-max-header-size.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,123 @@
'use strict';

const common = require('../common');

if (!common.hasCrypto) {
common.skip('missing crypto');
}

const assert = require('assert');
const https = require('https');
const fixtures = require('../common/fixtures');


const options = {
key: fixtures.readKey('agent1-key.pem'),
cert: fixtures.readKey('agent1-cert.pem')
};

const maxHeaderSize = 8192;

const body = 'hello world\n';
const serverCallback = (req, res) => {
res.writeHead(200, { 'content-type': 'text/plain' });
res.end(body);
};

const commonReqOptions = {
hostname: '127.0.0.1',
path: '/',
method: 'GET',
rejectUnauthorized: false,
};

// Test when header size is larger than maxHeaderSize
{
const server = https.createServer({
...options,
maxHeaderSize
}, serverCallback);

server.listen(0, common.mustCall(() => {
const serverPort = server.address().port;
const reqOptions = {
...commonReqOptions,
port: serverPort,
headers: {
'h': 'a'.repeat(maxHeaderSize + 1)
}
};

https
.request(reqOptions, common.mustCall((res) => {
assert.strictEqual(res.statusCode, 431);

res.on('data', () => {});

res.on('end', common.mustCall(() => {
server.close();
}));
}))
.end();
}));
}

// Test when header size is within the range
{
const server = https.createServer({
...options,
maxHeaderSize
}, serverCallback);

server.listen(0, common.mustCall(() => {
const serverPort = server.address().port;
const reqOptions = {
...commonReqOptions,
port: serverPort,
headers: {
// Some other header overhead
'h': 'a'.repeat(maxHeaderSize - 200)
}
};

https
.request(reqOptions, common.mustCall((res) => {
assert.strictEqual(res.statusCode, 200);

res.on('data', () => {});

res.on('end', common.mustCall(() => {
server.close();
}));
}))
.end();
}));
}


// Test parameter validation
{
assert.throws(common.mustCall(() => {
https.createServer({
...options,
maxHeaderSize: -1
}, serverCallback);
}), {
message: 'The value of "maxHeaderSize" is out of range. ' +
'It must be >= 0 && <= 9007199254740991. Received -1',
code: 'ERR_OUT_OF_RANGE',
name: 'RangeError'
});

assert.throws(common.mustCall(() => {
https.createServer({
...options,
maxHeaderSize: ''
}, serverCallback);
}), {
message: 'The "maxHeaderSize" argument must be of type number. ' +
'Received type string (\'\')',
code: 'ERR_INVALID_ARG_TYPE',
name: 'TypeError'
});
}

0 comments on commit 3956f4e

Please sign in to comment.