Properly fall back to http.Server when tlsconfig is missing#7
Open
Rob--W wants to merge 2 commits intomscdex:masterfrom
Open
Properly fall back to http.Server when tlsconfig is missing#7Rob--W wants to merge 2 commits intomscdex:masterfrom
http.Server when tlsconfig is missing#7Rob--W wants to merge 2 commits intomscdex:masterfrom
Conversation
The common pattern in the implementation of Server (including the
http.Server and https.Server objects from the Node.js core) is
the following (note that `this` is completely ignored):
if (!(this instanceof Server)) return new Server(...arguments);
There are three relevant `Server` implementations, with the following
inheritance tree:
- tls.Server
+-- http.Server
+-- https.Server
+-- httpolyglot.Server
When `httpolyglot.Server` is constructed without TLS config, it falls
back to constructing itself using `http.Server`:
// this is an instance of httpolyglot.Server
http.Server.call(this, requestListener);
But `this` is not an instance of `http.Server`, so a new `http.Server`
instance is created (and discarded) and `this` is not modified.
So, when `listen()` is called, the server starts listening on a port
but does not have any request handlers. Consequently, when a http(s)
request is sent to the server, the connection is accepted but the
request is never processed.
To fix this, be explicit and return the new instance of `http.Server`.
Author
|
I've tested the patch with Node v4.2.6 and v7.4.0. |
Owner
|
I think I would rather just get rid of the silent fallback to |
Author
|
I think that the fall-back is useful. I have a project where TLS is
optional, so if I cannot read the key and cert, the config stays empty.
This is my code:
```
var tlsconfig;
try {
tlsconfig = { ... with fs.readFileSync ... };
} catch (e) {
// ... Show warning with setup instructions...
}
httpolyglot.createServer(tlsconfig, app).listen(port,
callbackWhenListening);
```
If httpolyglot does not support the void tlsconfig option any more, I would
need a few more lines to accomplish the same effect (mainly separating the
createServer and listen call).
If you still want to drop the ability to specify a void tlsconfig, then you
have to perform a major version bump (to 0.2.0 would be OK, in semver <
1.0.0 has no guarantee of a stable API).
…On Jan 8, 2017 1:30 AM, "Brian White" ***@***.***> wrote:
I think I would rather just get rid of the silent fallback to http.Server
and enforce a TLS configuration.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#7 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ABTUT-UsBwJf3Vsxy5jbrwMsFnZ3HbcHks5rQC4QgaJpZM4Ldi_i>
.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The common pattern in the implementation of Server (including the http.Server and https.Server objects from the Node.js core) is the following (note that
thisis completely ignored):There are three relevant
Serverimplementations, with the following inheritance tree:When
httpolyglot.Serveris constructed without TLS config, it falls back to constructing itself usinghttp.Server:But
thisis not an instance ofhttp.Server, so a newhttp.Serverinstance is created (and discarded) andthisis not modified. So, whenlisten()is called, the server starts listening on a portbut does not have any request handlers. Consequently, when a http(s) request is sent to the server, the connection is accepted but the request is never processed.
To fix this, be explicit and return the new instance of
http.Server(as done in this PR).