Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

http: handle multi-value content-disposition header correctly #50977

Merged
merged 1 commit into from
Dec 11, 2023
Merged

http: handle multi-value content-disposition header correctly #50977

merged 1 commit into from
Dec 11, 2023

Conversation

ArsalanDotMe
Copy link
Contributor

This change fixes a bug introduced by an earlier PR #46528. Basically, in the earlier PR the code was written with the assumption that content-disposition header will always have a scalar string value but in fact Node.js allows users to provide an array as a value for a header.

If you provide an array value for content-disposition header, then the Buffer string would contain characters that are invalid for headers and that results in a ERR_INVALID_HTTP_RESPONSE error.

@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/http
  • @nodejs/net

@nodejs-github-bot nodejs-github-bot added http Issues or PRs related to the http subsystem. needs-ci PRs that need a full CI run. labels Nov 30, 2023
@ArsalanDotMe ArsalanDotMe changed the title Handle multi-value content-disposition header correctly http: handle multi-value content-disposition header correctly Nov 30, 2023
@ArsalanDotMe
Copy link
Contributor Author

Fixes #50978

@ArsalanDotMe
Copy link
Contributor Author

@ShogunPanda @mcollina tagging you to get your eyes on this since you reviewed the related PR before. This change is important because in some libraries, headers are always passed as arrays (usually single value) to response.setHeader. Everything else works fine that way but content-disposition fails in an unexpected manner.

@ArsalanDotMe ArsalanDotMe mentioned this pull request Dec 1, 2023
Merged
@marco-ippolito
Copy link
Member

@ArsalanDotMe can you amend commit message, the ci is failing

@ArsalanDotMe
http: handle multi-value content-disposition header
5e6d348 
Headers in nodejs can be arrays and current workaround for
content-disposition header do not take this into account.
This change fixes that and makes sure array values are handled
properly.
@ArsalanDotMe
Copy link
Contributor Author

yes, sure. just a sec

ShogunPanda
ShogunPanda approved these changes Dec 6, 2023
View reviewed changes
Copy link
Contributor

@ShogunPanda ShogunPanda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@marco-ippolito marco-ippolito added the request-ci Add this label to start a Jenkins CI on a PR. label Dec 6, 2023
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Dec 6, 2023
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/56132/

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/56134/

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/56197/

mcollina
mcollina approved these changes Dec 10, 2023
View reviewed changes
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/56203/

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/56215/

@mcollina mcollina added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. commit-queue Add this label to land a pull request using GitHub Actions. commit-queue-squash Add this label to instruct the Commit Queue to squash all the PR commits into the first one. and removed needs-ci PRs that need a full CI run. labels Dec 11, 2023
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Dec 11, 2023
@nodejs-github-bot nodejs-github-bot merged commit 6e90fed into nodejs:main Dec 11, 2023
59 checks passed
@nodejs-github-bot
Copy link
Collaborator

Landed in 6e90fed

@steelbrain steelbrain mentioned this pull request Dec 12, 2023
Open
RafaelGSS pushed a commit that referenced this pull request Dec 15, 2023
@ArsalanDotMe @RafaelGSS
http: handle multi-value content-disposition header
7f95926 
Headers in nodejs can be arrays and current workaround for
content-disposition header do not take this into account.
This change fixes that and makes sure array values are handled
properly.

PR-URL: #50977
Reviewed-By: Paolo Insogna <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
@RafaelGSS RafaelGSS mentioned this pull request Dec 15, 2023
Merged
richardlau pushed a commit that referenced this pull request Mar 25, 2024
@ArsalanDotMe @richardlau
http: handle multi-value content-disposition header
4e38dee 
Headers in nodejs can be arrays and current workaround for
content-disposition header do not take this into account.
This change fixes that and makes sure array values are handled
properly.

PR-URL: #50977
Reviewed-By: Paolo Insogna <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
@richardlau richardlau mentioned this pull request Mar 25, 2024
Merged
@geirbak
Copy link

geirbak commented Jun 13, 2024

I'm not sure where/how is the correct way for me to raise this, but we need this fixed in the 18 LTS (It was introduced in 18.16.0 - #46528).

@richardlau richardlau added the lts-watch-v18.x PRs that may need to be released in v18.x. label Jun 13, 2024
@einarq
Copy link

einarq commented Jun 19, 2024

I'm not sure where/how is the correct way for me to raise this, but we need this fixed in the 18 LTS (It was introduced in 18.16.0 - #46528).

@richardlau
Planning on merging this for 18 as well?

@richardlau
Copy link
Member

richardlau commented Jun 19, 2024
edited
Loading

I've added the lts-watch-v18.x label to this which will put it on the list of things to consider for the next non-security Node.js 18.x release.

@einarq
Copy link

einarq commented Jun 19, 2024

I've added the lts-watch-v18.x label to this which will put it on the list of things to consider for the next non-security Node.js 18.x release.

Ok, thanks. We will have to ask people to downgrade to 18.5 in the meantime.

richardlau pushed a commit that referenced this pull request Jul 19, 2024
@ArsalanDotMe @richardlau
http: handle multi-value content-disposition header
0092358 
Headers in nodejs can be arrays and current workaround for
content-disposition header do not take this into account.
This change fixes that and makes sure array values are handled
properly.

PR-URL: #50977
Reviewed-By: Paolo Insogna <[email protected]>
Reviewed-By: Marco Ippolito <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
@richardlau richardlau added backported-to-v18.x PRs backported to the v18.x-staging branch. and removed lts-watch-v18.x PRs that may need to be released in v18.x. labels Jul 19, 2024
@geirbak geirbak mentioned this pull request Jul 29, 2024
Open
@aduh95 aduh95 mentioned this pull request Nov 7, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marco-ippolito marco-ippolito marco-ippolito approved these changes

@jasnell jasnell jasnell approved these changes

@ShogunPanda ShogunPanda ShogunPanda approved these changes

@mcollina mcollina mcollina approved these changes

Assignees
No one assigned
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. backported-to-v18.x PRs backported to the v18.x-staging branch. commit-queue-squash Add this label to instruct the Commit Queue to squash all the PR commits into the first one. http Issues or PRs related to the http subsystem.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@ArsalanDotMe @nodejs-github-bot @marco-ippolito @geirbak @einarq @richardlau @mcollina @ShogunPanda @jasnell