Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

http module accepts all http versions (e.g. HTTP/9.9) and treats/responds to them as http1 #43115

Closed
cmawhorter opened this issue May 15, 2022 · 3 comments · Fixed by nodejs/llhttp#157 or #44344
Labels
http Issues or PRs related to the http subsystem.

Comments

@cmawhorter
Copy link

Version

14.9.2

Platform

all

Subsystem

http

What steps will reproduce the bug?

http accepts any http version and treats it as http1, and passes it along (>= 0 and <= 9.9 in my tests). this may be a feature, but if so could use some documentation since it's a little unexpected maybe.

copying comment from here:

'use strict'

const http = require('http')
const host = 'localhost'
const port = 3000
const handlerequest = function (req, res) {
  console.log(req)
  console.log(req.httpVersion)
  res.writeHead(200)
  res.end(`Your Request HTTP Version is ${req.httpVersion} 
            with Major ${req.httpVersionMajor} and Minor ${req.httpVersionMinor}`)
}
const server = http.createServer(handlerequest)
server.listen(port, host, () => {
  console.log(`Server is running on http://${host}:${port}`)
})

with:

telnet 127.0.0.1 3000
GET / HTTP/5.6

and the response is

HTTP/1.1 200 OK
Date: Sun, 15 May 2022 15:17:11 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Transfer-Encoding: chunked

46
Your Request HTTP Version is 5.6 
            with Major 5 and Minor 6
0

How often does it reproduce? Is there a required condition?

no special requirements/conditions

What is the expected behavior?

request being rejected. http 505 maybe? requesting with GET / NOTHTTP/1.1 gives 400 bad request.

What do you see instead?

the node server treats all requests regardless of version as http1

Additional information

No response

@tniessen tniessen added the http Issues or PRs related to the http subsystem. label May 15, 2022
@tniessen
Copy link
Member

cc @mcollina @nodejs/http

@mscdex
Copy link
Contributor

mscdex commented May 15, 2022

I think this would need to be lodged in the llhttp repository.

@ShogunPanda
Copy link
Contributor

ShogunPanda commented May 27, 2022

@mscdex I agree, this is on llhttp. Patch will come soon and then later we can update this.

nodejs-github-bot pushed a commit that referenced this issue Aug 25, 2022
PR-URL: #44344
Fixes: #43115
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
sidwebworks pushed a commit to sidwebworks/node that referenced this issue Aug 26, 2022
PR-URL: nodejs#44344
Fixes: nodejs#43115
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
RafaelGSS pushed a commit that referenced this issue Sep 5, 2022
PR-URL: #44344
Fixes: #43115
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Fyko pushed a commit to Fyko/node that referenced this issue Sep 15, 2022
PR-URL: nodejs#44344
Fixes: nodejs#43115
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
targos pushed a commit that referenced this issue Sep 16, 2022
PR-URL: #44344
Fixes: #43115
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
http Issues or PRs related to the http subsystem.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants