http: do not allow multiple instances of certain response headers
Response headers such as ETag and Last-Modified do not permit multiple instances, and therefore the comma-separated syntax is not allowed. When multiple values for these headers are specified, use only the first instance. Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> PR-URL: https://github.com/nodejs/node/pull/3090
This commit is contained in:
James M Snell
parent
0094a8dad7
commit
e655a437b3
@ -152,6 +152,12 @@ IncomingMessage.prototype._addHeaderLine = function(field, value, dest) {
|
|||||||
case 'from':
|
case 'from':
|
||||||
case 'location':
|
case 'location':
|
||||||
case 'max-forwards':
|
case 'max-forwards':
|
||||||
|
case 'retry-after':
|
||||||
|
case 'etag':
|
||||||
|
case 'last-modified':
|
||||||
|
case 'server':
|
||||||
|
case 'age':
|
||||||
|
case 'expires':
|
||||||
// drop duplicates
|
// drop duplicates
|
||||||
if (dest[field] === undefined)
|
if (dest[field] === undefined)
|
||||||
dest[field] = value;
|
dest[field] = value;
|
||||||
|
|||||||
54
test/parallel/test-http-response-multiheaders.js
Normal file
54
test/parallel/test-http-response-multiheaders.js
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
'use strict';
|
||||||
|
|
||||||
|
const common = require('../common');
|
||||||
|
const http = require('http');
|
||||||
|
const assert = require('assert');
|
||||||
|
|
||||||
|
// Test that certain response header fields do not repeat
|
||||||
|
const norepeat = [
|
||||||
|
'retry-after',
|
||||||
|
'etag',
|
||||||
|
'last-modified',
|
||||||
|
'server',
|
||||||
|
'age',
|
||||||
|
'expires'
|
||||||
|
];
|
||||||
|
|
||||||
|
const server = http.createServer(function(req, res) {
|
||||||
|
var num = req.headers['x-num'];
|
||||||
|
if (num == 1) {
|
||||||
|
for (let name of norepeat) {
|
||||||
|
res.setHeader(name, ['A', 'B']);
|
||||||
|
}
|
||||||
|
res.setHeader('X-A', ['A', 'B']);
|
||||||
|
} else if (num == 2) {
|
||||||
|
let headers = {};
|
||||||
|
for (let name of norepeat) {
|
||||||
|
headers[name] = ['A', 'B'];
|
||||||
|
}
|
||||||
|
headers['X-A'] = ['A', 'B'];
|
||||||
|
res.writeHead(200, headers);
|
||||||
|
}
|
||||||
|
res.end('ok');
|
||||||
|
});
|
||||||
|
|
||||||
|
server.listen(common.PORT, common.mustCall(function() {
|
||||||
|
for (let n = 1; n <= 2 ; n++) {
|
||||||
|
// this runs twice, the first time, the server will use
|
||||||
|
// setHeader, the second time it uses writeHead. The
|
||||||
|
// result on the client side should be the same in
|
||||||
|
// either case -- only the first instance of the header
|
||||||
|
// value should be reported for the header fields listed
|
||||||
|
// in the norepeat array.
|
||||||
|
http.get(
|
||||||
|
{port:common.PORT, headers:{'x-num': n}},
|
||||||
|
common.mustCall(function(res) {
|
||||||
|
if (n == 2) server.close();
|
||||||
|
for (let name of norepeat) {
|
||||||
|
assert.equal(res.headers[name], 'A');
|
||||||
|
}
|
||||||
|
assert.equal(res.headers['x-a'], 'A, B');
|
||||||
|
})
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}));
|
||||||
Loading…
x
Reference in New Issue
Block a user