Add support for relaxed header value parsing#787
Open
pimterry wants to merge 1 commit intonodejs:mainfrom
Open
Add support for relaxed header value parsing#787pimterry wants to merge 1 commit intonodejs:mainfrom
pimterry wants to merge 1 commit intonodejs:mainfrom
Conversation
Member
Author
|
Build is failing before the tests, in dev env provisioning. |
Member
Author
|
All the core tests here are passing. The aiohttp regression tests that fail are unrelated, and I've fixed separately in #788. |
RajeshKumar11
added a commit
to RajeshKumar11/node
that referenced
this pull request
Feb 13, 2026
Add support for lenient outgoing header value validation when the insecureHTTPParser option is set. By default, strict validation per RFC 7230 is used (rejecting control characters except HTAB). When insecureHTTPParser is enabled, validation follows the Fetch spec (rejecting only NUL, CR, and LF). This applies to setHeader(), appendHeader(), and addTrailers() on OutgoingMessage (both ClientRequest and ServerResponse). Also adds the kLenientHeaderValueRelaxed flag in the C++ HTTP parser binding, wiring up llhttp's new lenient_header_value_relaxed option for inbound parsing when insecureHTTPParser is enabled. Note: requires llhttp update from nodejs/llhttp#787 for inbound parsing support (kLenientHeaderValueRelaxed). Fixes: nodejs#61582
RajeshKumar11
added a commit
to RajeshKumar11/node
that referenced
this pull request
Feb 13, 2026
Add support for lenient outgoing header value validation when the insecureHTTPParser option is set. By default, strict validation per RFC 7230 is used (rejecting control characters except HTAB). When insecureHTTPParser is enabled, validation follows the Fetch spec (rejecting only NUL, CR, and LF). This applies to setHeader(), appendHeader(), and addTrailers() on OutgoingMessage (both ClientRequest and ServerResponse). The C++ parser wiring for inbound parsing (kLenientHeaderValueRelaxed) will be added in a follow-up once the llhttp dependency is updated with nodejs/llhttp#787. Fixes: nodejs#61582
Member
Author
|
@nodejs/llhttp |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds support for 'relaxed' header parsing, to support the parsing side of nodejs/node#61597. See the comments in that PR for context.
The end goal here is to build a new 3rd mode for HTTP parsing in Node, such that we have:
This is my first LLHTTP PR, but I think most of the implementation is relatively clear hopefully.
Naming is hard here, since this clearly fits within the 'lenient' flags, but by design it is fully distinct from the other lenient flags that are all part of Node's insecure mode. I've gone with just treating it as a new type of lenient flag (
LENIENT_HEADER_VALUE_RELAXED) but open to opinions.