node-http-proxy icon indicating copy to clipboard operation
node-http-proxy copied to clipboard

Published 20 hours ago β€’ verified publisher icon http-party

FIX: Don't break on invalid headers

Open asbermudez opened this issue 5 years ago β€’ 13 comments

Have found that in some scenarios the proxied server does return invalid characters in the headers, like here: https://github.com/nodejs/node/issues/21509

In the current version the proxy does break when a invalid character is found with a [ERR_INVALID_CHAR]: Invalid character in header content

This PR aims to avoid the total crash of the application and instead show a warning in the console and process all what can be processed.

asbermudez avatar Nov 04 '19 13:11 asbermudez

The build seems to be breaking because of something I haven't changed... πŸ€·β€β™‚

asbermudez avatar Nov 04 '19 14:11 asbermudez

Thanks @asbermudez This looks reasonable enough to me. The fail in CI is only during the Node 6 pipeline...but it's past due that Node 6 support is killed off, in my opinion.

jsmylnycky avatar Nov 04 '19 15:11 jsmylnycky

To add some more info, this error specially happens with proxied requests to servers "protected" with Incapsula. Apparently they do use that invalid character to prevent bots from parsing the page by generating this exception with it.

asbermudez avatar Nov 06 '19 16:11 asbermudez

@jsmylnycky I've added the changes of https://github.com/http-party/node-http-proxy/pull/1397/files to verify it does build properly.

asbermudez avatar Nov 11 '19 13:11 asbermudez

Codecov Report

Merging #1395 into master will decrease coverage by 0.26%. The diff coverage is 66.66%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1395      +/-   ##
==========================================
- Coverage   92.35%   92.08%   -0.27%     
==========================================
  Files           6        6              
  Lines         314      316       +2     
==========================================
+ Hits          290      291       +1     
- Misses         24       25       +1
Impacted Files Coverage Ξ”
lib/http-proxy/passes/web-outgoing.js 98.07% <66.66%> (-1.93%) :arrow_down:

Continue to review full report at Codecov.

Legend - Click here to learn more Ξ” = absolute <relative> (impact), ΓΈ = not affected, ? = missing data Powered by Codecov. Last update 9bbe486...b30ecfd. Read the comment docs.

codecov-io avatar Nov 11 '19 13:11 codecov-io

Hello, when this PR will be merged?

As we are having the same exact issue and this PR addresses it.

The issue is related to the response from Incapsula CDN. We do not want to remove this header as it protects from some bots. We already using --insecure-http-parser and fetch is working as expected. But unfortunately proxy is not working.

sshishov avatar Dec 16 '20 15:12 sshishov

Hello! Do we have any plans to merge it? We are having a problem with security scanner, it's sending malformed headers and we are getting a storm of exceptions. It's should work more graceful.

doctornkz avatar Feb 09 '21 09:02 doctornkz

Hello! Do you have any plans to merge it?

We have the same problems

dipiash avatar Jun 20 '22 10:06 dipiash

we've also run into this problem, and we are now applying the fix from this PR via patch-package.

would be good to see this merged sometime, thank you πŸ™

TkDodo avatar Aug 30 '23 06:08 TkDodo

@jsmylnycky I was running into this issue and would wish a flag to disable this exception for invalid headers (or this got merged somehow )

conradkirschner avatar Mar 03 '24 12:03 conradkirschner

@jsmylnycky I was running into this issue and would wish a flag to disable this exception for invalid headers (or this got merged somehow )

Apologies but I'm no longer involved in this project. You'll need to reach out to the current maintainers.

jsmylnycky avatar Mar 04 '24 19:03 jsmylnycky