express
express copied to clipboard
expressjs
HTTP2 insecure server crashes every time.
I am trying to write an insecure HTTP2 web server. However it crashes on any inputs.
I need an insecure HTTP2 server. Here's my code:
import { createServer } from 'node:http2';
import createExpressApp from 'express';
import http2ExpressBridge from 'http2-express-bridge';
// Test with: curl --insecure -v -k --http2-prior-knowledge "http://[::]:8080"
function main(): void {
const app = http2ExpressBridge(createExpressApp);
app.get('*', (request, response) => {
response.setHeader('Content-Type', 'text/plain');
response.status(200);
response.write('Server reached');
response.end();
});
const server = createServer(app);
server.listen({ port: 8080 });
// Triggered by CMD/CTRL + C .
process.on('SIGINT', () => {
server.close();
process.exit(0);
});
}
try {
main();
} catch (error) {
console.error(error);
process.exit(1);
}
I'm testing using curl --insecure -v -k --http2-prior-knowledge "http://[::]:8080"
Every time I execute it, the server crashes with:
> tsx src/example/http2BugRepro.ts
node:events:492
throw er; // Unhandled 'error' event
^
TypeError: Cannot read properties of undefined (reading 'readable')
at IncomingMessage._read (node:_http_incoming:214:19)
at Readable.read (node:internal/streams/readable:547:12)
at resume_ (node:internal/streams/readable:1048:12)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
Emitted 'error' event on IncomingMessage instance at:
at emitErrorNT (node:internal/streams/destroy:151:8)
at errorOrDestroy (node:internal/streams/destroy:214:7)
at Readable.read (node:internal/streams/readable:549:7)
at resume_ (node:internal/streams/readable:1048:12)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
When I add an SSL certificate and use createSecureServer everything works fine. But when I use createServer it crashes.
I think it's a bug in express or http2-express-bridge because without specifying the app, and handling the stream directly produces no errors.
My info:
OS: MacOS
Node: 20.9.0
Express: I tried v5.0.0-beta and v4.18.2
http2-express-bridge: 1.0.7
Thank you.
Small correction: This fails for secure servers in express 5 as well. Different stack though:
TypeError: Cannot read properties of undefined (reading 'readable')
at IncomingMessage._read (node:_http_incoming:214:19)
at Readable.read (node:internal/streams/readable:547:12)
at resume_ (node:internal/streams/readable:1048:12)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
TypeError: Cannot set properties of undefined (setting 'content-security-policy')
at ServerResponse.setHeader (node:_http_outgoing:661:45)
at Immediate.write (/somepath/web-platform/node_modules/finalhandler/index.js:285:9)
at process.processImmediate (node:internal/timers:480:21)
I will suggest to open an issue on http2-express-bridge, It seems that the issue might be related to the library.
Because Express.JS cannot work with HTTP/2 natively, and http2-express-bridge is no longer maintained. If you really need the extra efficiency provided by HTTP/2, then switching to something like fastify makes more sense.
i would not mind contributing to create a separate version of express that works with HTTP2, backwards compatibility be damned.
i would also not mind authoring the change if we can get about $10k-20k into a kickstarter for it. seems suitable and would likely deliver a lot more back to the community.
It would be awesome if HTTP/2 ever gets added to express.js! Though, if you are asking for money from kickstarters to kick off the process, I guess:
- Others (Springboot, Fastify, even nginx!) have done it and are available to the public for free. You might need a convincing story to get this money, good luck!
- Actually, ask IBM and StrangeLoop to see if they will offer the money or simply a position at their companies! This will definitely catch their attentions!
Yeah, well, a startup I consulted for ran out of cash in December and I need a job :)
But no, I also want to see this happen. The last company I worked at informally sponsored Matteo you could say to continue working on Fastify. I could go to them, but this seems like it would stir some pots. If not them, a similar organization.
I am sitting on a large monorepository solution without a safe way to go to market without getting ripped off by Vercel, the powers and IP thiefs at large. This seems like a reasonable way to gain some notoriety and while I seriously would just sit down for 3-6 months and do this, I burned out my bank account.
I authored hot reloading in express without doing a server reload on top, and helping with HTTP2 could build trust to push this and similar changes into Express v5 as a PR(s). I do more stuff that allows route repositioning and declarative route ordering across a monorepository (where construction of route order is not always known in advance). Basically I have done a lot of additional work to make route positioning more dynamic that might be interesting to propose into Express.
This is me, inventing a job for myself. Scratching at the food line. This is tech.
See PR : https://github.com/expressjs/express/pull/3730
I can pick up where this one left off (6 years ago!).. speed in Express is important to me.
See PR : #3730
I can pick up where this one left off (6 years ago!).. speed in Express is important to me.
Hey! Can I join you? I'd love to work on this with you
