Skip to content

http: improve errors thrown in header validation #16715

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
joyeecheung wants to merge 1 commit into from
Closed

http: improve errors thrown in header validation #16715

joyeecheung wants to merge 1 commit into from

Conversation

@joyeecheung
Copy link
Member

@joyeecheung joyeecheung commented Nov 3, 2017
edited
Loading

Fixes: #16714

This PR:

  • Replace ERR_HTTP2_INVALID_HEADER_VALUE with ERR_HTTP_INVALID_HEADER_VALUE, don't really see a need to differentiate the two.
    • The error code documentation of ERR_HTTP2_INVALID_HEADER_VALUE is kept.
    • Include the header name and the value for debug-ability as [REQUEST] Better Errors in http validate headers #16714 suggests. Before it's Value must not be undefined or null(HTTP2) or The "value" argument must be specified(HTTP), after it's Invalid value "undefined" for header "test". If the user is setting the header in a loop this would be much more useful.
  • Use Error.captureStackTrace to exclude the validation functions from the stack trace
Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines
Affected core subsystem(s)

http, http2

@nodejs-github-bot nodejs-github-bot added the lib / src Issues and PRs related to general changes in the lib or src directory. label Nov 3, 2017
@joyeecheung
Copy link
Member Author

joyeecheung commented Nov 3, 2017

CI: https://ci.nodejs.org/job/node-test-pull-request/11168/

@joyeecheung joyeecheung added errors Issues and PRs related to JavaScript errors originated in Node.js core. http Issues or PRs related to the http subsystem. http2 Issues or PRs related to the http2 subsystem. semver-major PRs that contain breaking changes and should be released in the next major version. labels Nov 3, 2017
@joyeecheung
Copy link
Member Author

joyeecheung commented Nov 3, 2017

Would be nice to have common.expectsError checking excluded stack frames and printing the original message when the error classes are called without new. Will open a seperate PR for that.

apapirovski
apapirovski approved these changes Nov 3, 2017
View reviewed changes
Copy link
Contributor

@apapirovski apapirovski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with some nits 👍

doc/api/errors.md
### ERR_HTTP2_INVALID_HEADER_VALUE
### ERR_HTTP_INVALID_HEADER_VALUE
<a id="ERR_HTTP_INVALID_HEADER_VALUE"></a>
### ERR_HTTP_INVALID_HEADER_VALUE
Copy link
Contributor

@apapirovski apapirovski Nov 3, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Accidentally doubled here?

lib/internal/http2/compat.js
throw new errors.Error('ERR_HTTP2_PSEUDOHEADER_NOT_ALLOWED');
if (value === undefined || value === null)
throw new errors.TypeError('ERR_HTTP2_INVALID_HEADER_VALUE');
var err;
Copy link
Contributor

@apapirovski apapirovski Nov 3, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: can we use let? (I don't think there's many/any vars in http2 except for for loops.)

Copy link
Member Author

@joyeecheung joyeecheung Nov 3, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am still under the impression that we favor var in cases like this...might be just outdated impressions, I'll fix that.

test/parallel/test-http2-compat-serverresponse-trailers.js
common.expectsError(
() => response.setTrailer('test', undefined),
{
code: 'ERR_HTTP2_INVALID_HEADER_VALUE',
Copy link
Contributor

@apapirovski apapirovski Nov 3, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not 100% sure about this because the semantics of the http2 validation are slightly different, for example pseudo headers are an http2 only feature.

lib/_http_outgoing.js
throw new errors.TypeError('ERR_INVALID_CHAR', 'header content', name);
err = new errors.TypeError('ERR_INVALID_CHAR', 'header content', name);
}
if (err) {
Copy link
Contributor

@apapirovski apapirovski Nov 3, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this is an object, can we do a strict comparison to undefined? (This function is kind of in a hot path.)

lib/internal/http2/compat.js
} else if (value === undefined || value === null) {
err = new errors.TypeError('ERR_HTTP_INVALID_HEADER_VALUE', value, name);
}
if (err) {
Copy link
Contributor

@apapirovski apapirovski Nov 3, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as for http, could we compare to undefined to avoid the whole document.all perf issue? (This is in a hot path.)

maclover7
maclover7 reviewed Nov 3, 2017
View reviewed changes
Copy link
Contributor

@maclover7 maclover7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 to landing as semver-major

doc/api/errors.md

<a id="ERR_HTTP2_INVALID_HEADER_VALUE"></a>
### ERR_HTTP2_INVALID_HEADER_VALUE
### ERR_HTTP_INVALID_HEADER_VALUE
Copy link
Contributor

@maclover7 maclover7 Nov 3, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This line is duplicated

Copy link
Member Author

@joyeecheung joyeecheung Nov 3, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually it's accidentally changed..we need to keep the documentation for ERR_HTTP2_INVALID_HEADER_VALUE because it's out there already.

Copy link
Contributor

@maclover7 maclover7 Nov 3, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the codebase doesn't raise an error with this code though, should it be removed? 😬

doc/api/errors.md
### ERR_HTTP_INVALID_HEADER_VALUE

Used to indicate that an invalid HTTP/2 header value has been specified.
Used to indicate that an invalid HTTP header value has been specified.
Copy link
Contributor

@maclover7 maclover7 Nov 3, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we explicitly say HTTP/1.1 and HTTP/2?

@apapirovski
Copy link
Contributor

apapirovski commented Nov 3, 2017
edited
Loading

Is this semver-major? It doesn't modify error codes except for http2 which is experimental. (And I'm not even 100% confident the error code for h2 should change, see above.)

@joyeecheung
Copy link
Member Author

joyeecheung commented Nov 3, 2017

@apapirovski Hmmm, actually I don't know what's our policy for "changing error code but it's an error in the experimental module"..

@joyeecheung
Copy link
Member Author

joyeecheung commented Nov 3, 2017

@apapirovski Ah, wait, it also modifies the HTTP error codes (ERR_MISSING_ARGS -> ERR_HTTP_INVALID_HEADER_VALUE)

@apapirovski
Copy link
Contributor

apapirovski commented Nov 3, 2017
edited
Loading

@joyeecheung They already changed roughly a million times during v8.x... that ship might've sailed. 😆

Ah, wait, it also modifies the HTTP error codes (ERR_MISSING_ARGS -> ERR_HTTP_INVALID_HEADER_VALUE)

Ah true. Wonder if we could split into two separate PRs/commits so most of this could land right away?

@joyeecheung
Copy link
Member Author

joyeecheung commented Nov 3, 2017

@apapirovski

Ah true. Wonder if we could split into two separate PRs/commits so most of this could land right away?

Yeah that seems like a better idea. I will close this one and open another two.

@joyeecheung joyeecheung closed this Nov 3, 2017
This was referenced Nov 3, 2017
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@maclover7 maclover7 maclover7 left review comments

@apapirovski apapirovski apapirovski approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

errors Issues and PRs related to JavaScript errors originated in Node.js core. http Issues or PRs related to the http subsystem. http2 Issues or PRs related to the http2 subsystem. lib / src Issues and PRs related to general changes in the lib or src directory. semver-major PRs that contain breaking changes and should be released in the next major version.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[REQUEST] Better Errors in http validate headers

4 participants

@joyeecheung @apapirovski @maclover7 @nodejs-github-bot