1'use strict'; 2const common = require('../common'); 3if (!common.hasCrypto) { 4 common.skip('missing crypto'); 5} 6 7const fixtures = require('../common/fixtures'); 8const assert = require('assert'); 9const https = require('https'); 10const MakeDuplexPair = require('../common/duplexpair'); 11const tls = require('tls'); 12const { finished } = require('stream'); 13 14const certFixture = { 15 key: fixtures.readKey('agent1-key.pem'), 16 cert: fixtures.readKey('agent1-cert.pem'), 17 ca: fixtures.readKey('ca1-cert.pem'), 18}; 19 20 21// Test that setting the `insecureHTTPParse` option works on a per-stream-basis. 22 23// Test 1: The server sends an invalid header. 24{ 25 const { clientSide, serverSide } = MakeDuplexPair(); 26 27 const req = https.request({ 28 rejectUnauthorized: false, 29 createConnection: common.mustCall(() => clientSide), 30 insecureHTTPParser: true 31 }, common.mustCall((res) => { 32 assert.strictEqual(res.headers.hello, 'foo\x08foo'); 33 res.resume(); // We don’t actually care about contents. 34 res.on('end', common.mustCall()); 35 })); 36 req.end(); 37 38 serverSide.resume(); // Dump the request 39 serverSide.end('HTTP/1.1 200 OK\r\n' + 40 'Hello: foo\x08foo\r\n' + 41 'Content-Length: 0\r\n' + 42 '\r\n\r\n'); 43} 44 45// Test 2: The same as Test 1 except without the option, to make sure it fails. 46{ 47 const { clientSide, serverSide } = MakeDuplexPair(); 48 49 const req = https.request({ 50 rejectUnauthorized: false, 51 createConnection: common.mustCall(() => clientSide) 52 }, common.mustNotCall()); 53 req.end(); 54 req.on('error', common.mustCall()); 55 56 serverSide.resume(); // Dump the request 57 serverSide.end('HTTP/1.1 200 OK\r\n' + 58 'Hello: foo\x08foo\r\n' + 59 'Content-Length: 0\r\n' + 60 '\r\n\r\n'); 61} 62 63// Test 3: The client sends an invalid header. 64{ 65 const testData = 'Hello, World!\n'; 66 const server = https.createServer( 67 { insecureHTTPParser: true, 68 ...certFixture }, 69 common.mustCall((req, res) => { 70 res.statusCode = 200; 71 res.setHeader('Content-Type', 'text/plain'); 72 res.end(testData); 73 })); 74 75 server.on('clientError', common.mustNotCall()); 76 77 server.listen(0, common.mustCall(() => { 78 const client = tls.connect({ 79 port: server.address().port, 80 rejectUnauthorized: false 81 }); 82 client.write( 83 'GET / HTTP/1.1\r\n' + 84 'Hello: foo\x08foo\r\n' + 85 '\r\n\r\n'); 86 client.end(); 87 88 client.on('data', () => {}); 89 finished(client, common.mustCall(() => { 90 server.close(); 91 })); 92 })); 93} 94 95// Test 4: The same as Test 3 except without the option, to make sure it fails. 96{ 97 const server = https.createServer( 98 { ...certFixture }, 99 common.mustNotCall()); 100 101 server.on('clientError', common.mustCall()); 102 103 server.listen(0, common.mustCall(() => { 104 const client = tls.connect({ 105 port: server.address().port, 106 rejectUnauthorized: false 107 }); 108 client.write( 109 'GET / HTTP/1.1\r\n' + 110 'Hello: foo\x08foo\r\n' + 111 '\r\n\r\n'); 112 client.end(); 113 114 client.on('data', () => {}); 115 finished(client, common.mustCall(() => { 116 server.close(); 117 })); 118 })); 119} 120 121// Test 5: Invalid argument type 122{ 123 assert.throws( 124 () => https.request({ insecureHTTPParser: 0 }, common.mustNotCall()), 125 common.expectsError({ 126 code: 'ERR_INVALID_ARG_TYPE', 127 message: 'The "options.insecureHTTPParser" property must be of' + 128 ' type boolean. Received type number (0)' 129 }) 130 ); 131} 132