Adding nodejs http.request option: insecureHTTPParser for interoperability by fabiel-leon · Pull Request #2930 · axios/axios

fabiel-leon · 2020-04-26T00:07:36Z

February 2020 Security Releases
by Sam Roberts, 2020-02-06 Nodejs has increase the strictness of HTTP header parsing. There are no known vulnerabilities addressed, but lax HTTP parsing has historically been a source of problems. Some commonly used sites are known to generate invalid HTTP headers, a --insecure-http-parser CLI option or insecureHTTPParser http option can be used if necessary for interoperability, but is not recommended.
https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/#strict-http-header-parsing-none

Bug Error: Parse Error: Invalid header value char

adding the new option for nodejs http.request: insecureHTTPParser for interoperability

see nodejs http.request options docs

see nodejs/node#27711

chinesedfan · 2020-04-26T03:49:12Z

Added to #2808.

github-actions · 2020-06-22T00:03:29Z

Hello! 👋 \n\nThis pull request is being automatically marked as stale because it has not been updated in a while. Please confirm that the issue is still present and reproducible. If no updates or new comments are received the pull request will be closed in a few days. \n\nThanks

queso · 2021-09-14T01:32:24Z

It seems the new boolean value was missed in the request config type interface

Co-authored-by: Jay <jasonsaayman@gmail.com>

Adding nodejs http.request option: insecureHTTPParser

9d2a089

chinesedfan mentioned this pull request Apr 26, 2020

More flexible ways to customize adapters #2808

Closed

chinesedfan added env:node labels Apr 26, 2020

jasonsaayman removed env:node labels May 21, 2020

github-actions Bot added the status:stale label Jun 22, 2020

jasonsaayman added status:work in progress and removed status:stale labels Jun 22, 2020

chinesedfan removed the status:work in progress label Aug 29, 2020

Merge branch 'master' into master

faa5b33

jasonsaayman merged commit b5a1a67 into axios:master Sep 5, 2021

sync-by-unito Bot mentioned this pull request Sep 9, 2021

Bump axios from 0.21.1 to 0.21.4 in /packages/health-check SkynetLabs/skynet-webportal#1161

Merged

fishcharlie mentioned this pull request Sep 11, 2021

TypeScript: No insecureHTTPParser property #4044

Closed

sync-by-unito Bot mentioned this pull request Sep 12, 2021

Bump axios from 0.21.1 to 0.21.4 in /amplify/backend/function/jcmobilePostConfirmation/src jesus-collective/mobile#904

Closed

mbargiel pushed a commit to mbargiel/axios that referenced this pull request Jan 27, 2022

Adding nodejs http.request option: insecureHTTPParser (axios#2930)

7f2cb2e

Co-authored-by: Jay <jasonsaayman@gmail.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Adding nodejs http.request option: insecureHTTPParser for interoperability#2930

Adding nodejs http.request option: insecureHTTPParser for interoperability#2930
jasonsaayman merged 2 commits intoaxios:masterfrom
fabiel-leon:master

fabiel-leon commented Apr 26, 2020

Uh oh!

chinesedfan commented Apr 26, 2020

Uh oh!

github-actions Bot commented Jun 22, 2020

Uh oh!

queso commented Sep 14, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Uh oh!

Conversation

fabiel-leon commented Apr 26, 2020

Uh oh!

chinesedfan commented Apr 26, 2020

Uh oh!

github-actions Bot commented Jun 22, 2020

Uh oh!

queso commented Sep 14, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants