From 09a012cd529d1e05a37c3c358132e8c2a5d4861d Mon Sep 17 00:00:00 2001
From: Rob Wu <rob@robwu.nl>
Date: Sat, 2 May 2020 19:52:05 +0200
Subject: [PATCH] Pass --max-http-header-size in supported versions only

---
 test/test-memory.js | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/test/test-memory.js b/test/test-memory.js
index 081dfc4b..d7011649 100644
--- a/test/test-memory.js
+++ b/test/test-memory.js
@@ -32,8 +32,19 @@ describe('memory usage', function() {
     // Uncomment this if you want to compare the performance of CORS Anywhere
     // with the standard no-op http module.
     // args.push('use-http-instead-of-cors-anywhere');
+    var nodeOptionsArgs = ['--expose-gc'];
+    var nodeMajorV = parseInt(process.versions.node, 10);
+    // Node 11.3.0+, 10.14.0+, 8.14.0+, 6.15.0+ restrict header sizes
+    // (CVE-2018-12121), and need to be passed the --max-http-header-size flag
+    // to not reject large headers.
+    if (nodeMajorV >= 11 ||
+        nodeMajorV === 10 ||
+        nodeMajorV === 8 ||
+        nodeMajorV === 6) {
+      nodeOptionsArgs.push('--max-http-header-size=60000');
+    }
     cors_anywhere_child = fork(cors_module_path, args, {
-      execArgv: ['--expose-gc', '--max-http-header-size=60000'],
+      execArgv: nodeOptionsArgs,
     });
     cors_anywhere_child.once('message', function(cors_url) {
       cors_api_url = cors_url;