From d2bf892bef074248b9c779f473d556d38a193a25 Mon Sep 17 00:00:00 2001
From: Robert Nagy <ronagy@icloud.com>
Date: Thu, 30 Jul 2020 10:20:58 +0200
Subject: [PATCH] fix: throw on keep-alive header

---
 lib/client.js           | 10 +++++++---
 lib/request.js          |  5 +++++
 test/invalid-headers.js | 12 +++++++++++-
 3 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/lib/client.js b/lib/client.js
index 607e3e7b816..7b2a84c5d5d 100644
--- a/lib/client.js
+++ b/lib/client.js
@@ -412,6 +412,7 @@ class Parser extends HTTPParser {
     const request = client[kQueue][client[kRunningIdx]]
 
     // TODO: Check for content-length mismatch?
+    // TODO: keep-alive timeout & max?
 
     assert(this.statusCode < 200)
 
@@ -566,17 +567,18 @@ function connect (client) {
   }
 
   socket[kError] = null
-  socket.setTimeout(client[kSocketTimeout], function () {
-    util.destroy(this, new SocketTimeoutError())
-  })
   socket
     .setNoDelay(true)
+    .setTimeout(client[kSocketTimeout])
     .on(protocol === 'https:' ? 'secureConnect' : 'connect', function () {
       client[kReset] = false
       client[kRetryDelay] = 0
       client.emit('connect')
       resume(client)
     })
+    .on('timeout', function () {
+      util.destroy(this, new SocketTimeoutError())
+    })
     .on('data', /* istanbul ignore next */ function () {
       /* istanbul ignore next */
       assert(false)
@@ -797,6 +799,8 @@ function write (client, request) {
     socket.write(`content-length: ${contentLength}\r\n`, 'ascii')
   }
 
+  // TODO: keep-alive timeout=client[kSocketTimeout]?
+
   if (method === 'HEAD') {
     // https://github.com/mcollina/undici/issues/258
 
diff --git a/lib/request.js b/lib/request.js
index d0fa80a21f1..3b38f459abd 100644
--- a/lib/request.js
+++ b/lib/request.js
@@ -122,6 +122,11 @@ class Request extends AsyncResource {
             key.toLowerCase() === 'connection'
           ) {
             throw new InvalidArgumentError('invalid connection header')
+          } else if (
+            key.length === 10 &&
+            key.toLowerCase() === 'keep-alive'
+          ) {
+            throw new InvalidArgumentError('invalid keep-alive header')
           } else {
             header += `${key}: ${val}\r\n`
           }
diff --git a/test/invalid-headers.js b/test/invalid-headers.js
index 2e7e2768cbb..edcc7a5c629 100644
--- a/test/invalid-headers.js
+++ b/test/invalid-headers.js
@@ -4,7 +4,7 @@ const { test } = require('tap')
 const { Client, errors } = require('..')
 
 test('invalid headers', (t) => {
-  t.plan(5)
+  t.plan(6)
 
   const client = new Client('http://localhost:3000')
   t.teardown(client.destroy.bind(client))
@@ -38,6 +38,16 @@ test('invalid headers', (t) => {
     t.ok(err instanceof errors.InvalidArgumentError)
   })
 
+  client.request({
+    path: '/',
+    method: 'GET',
+    headers: {
+      'keep-alive': 'timeout=5'
+    }
+  }, (err, data) => {
+    t.ok(err instanceof errors.InvalidArgumentError)
+  })
+
   client.request({
     path: '/',
     method: 'GET',