http: improve errors thrown in header validation

joyeecheung · joyeecheung · commit 0a84e95cd929 · 2017-11-06T18:24:34.000+08:00
PR-URL: #16719 Fixes: #16714 Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: James M Snell <jasnell@gmail.com>
diff --git a/doc/api/errors.md b/doc/api/errors.md
@@ -754,6 +754,11 @@ more headers.
 Used when an invalid character is found in an HTTP response status message
 (reason phrase).
 
+<a id="ERR_HTTP_INVALID_HEADER_VALUE"></a>
+### ERR_HTTP_INVALID_HEADER_VALUE
+
+Used to indicate that an invalid HTTP header value has been specified.
+
 <a id="ERR_HTTP_INVALID_STATUS_CODE"></a>
 ### ERR_HTTP_INVALID_STATUS_CODE
 
diff --git a/lib/_http_outgoing.js b/lib/_http_outgoing.js
@@ -437,16 +437,7 @@ function _storeHeader(firstLine, headers) {
 
 function storeHeader(self, state, key, value, validate) {
   if (validate) {
-    if (typeof key !== 'string' || !key || !checkIsHttpToken(key)) {
-      throw new errors.TypeError(
-        'ERR_INVALID_HTTP_TOKEN', 'Header name', key);
-    }
-    if (value === undefined) {
-      throw new errors.TypeError('ERR_MISSING_ARGS', `header "${key}"`);
-    } else if (checkInvalidHeaderChar(value)) {
-      debug('Header "%s" contains invalid characters', key);
-      throw new errors.TypeError('ERR_INVALID_CHAR', 'header content', key);
-    }
+    validateHeader(key, value);
   }
   state.header += key + ': ' + escapeHeaderValue(value) + CRLF;
   matchHeader(self, state, key, value);
@@ -494,20 +485,27 @@ function matchHeader(self, state, field, value) {
   }
 }
 
-function validateHeader(msg, name, value) {
-  if (typeof name !== 'string' || !name || !checkIsHttpToken(name))
-    throw new errors.TypeError('ERR_INVALID_HTTP_TOKEN', 'Header name', name);
-  if (value === undefined)
-    throw new errors.TypeError('ERR_MISSING_ARGS', 'value');
-  if (msg._header)
-    throw new errors.Error('ERR_HTTP_HEADERS_SENT', 'set');
-  if (checkInvalidHeaderChar(value)) {
+function validateHeader(name, value) {
+  let err;
+  if (typeof name !== 'string' || !name || !checkIsHttpToken(name)) {
+    err = new errors.TypeError('ERR_INVALID_HTTP_TOKEN', 'Header name', name);
+  } else if (value === undefined) {
+    err = new errors.TypeError('ERR_HTTP_INVALID_HEADER_VALUE', value, name);
+  } else if (checkInvalidHeaderChar(value)) {
     debug('Header "%s" contains invalid characters', name);
-    throw new errors.TypeError('ERR_INVALID_CHAR', 'header content', name);
+    err = new errors.TypeError('ERR_INVALID_CHAR', 'header content', name);
+  }
+  if (err !== undefined) {
+    Error.captureStackTrace(err, validateHeader);
+    throw err;
   }
 }
+
 OutgoingMessage.prototype.setHeader = function setHeader(name, value) {
-  validateHeader(this, name, value);
+  if (this._header) {
+    throw new errors.Error('ERR_HTTP_HEADERS_SENT', 'set');
+  }
+  validateHeader(name, value);
 
   if (!this[outHeadersKey])
     this[outHeadersKey] = {};
diff --git a/lib/internal/errors.js b/lib/internal/errors.js
@@ -317,6 +317,7 @@ E('ERR_HTTP2_UNSUPPORTED_PROTOCOL',
 E('ERR_HTTP_HEADERS_SENT',
   'Cannot %s headers after they are sent to the client');
 E('ERR_HTTP_INVALID_CHAR', 'Invalid character in statusMessage.');
+E('ERR_HTTP_INVALID_HEADER_VALUE', 'Invalid value "%s" for header "%s"');
 E('ERR_HTTP_INVALID_STATUS_CODE',
   (originalStatusCode) => `Invalid status code: ${originalStatusCode}`);
 E('ERR_HTTP_TRAILER_INVALID',
diff --git a/test/parallel/test-http-mutable-headers.js b/test/parallel/test-http-mutable-headers.js
@@ -61,9 +61,9 @@ const s = http.createServer(common.mustCall((req, res) => {
       common.expectsError(
         () => res.setHeader('someHeader'),
         {
-          code: 'ERR_MISSING_ARGS',
+          code: 'ERR_HTTP_INVALID_HEADER_VALUE',
           type: TypeError,
-          message: 'The "value" argument must be specified'
+          message: 'Invalid value "undefined" for header "someHeader"'
         }
       );
       common.expectsError(
diff --git a/test/parallel/test-http-outgoing-proto.js b/test/parallel/test-http-outgoing-proto.js
@@ -34,9 +34,9 @@ assert.throws(() => {
   const outgoingMessage = new OutgoingMessage();
   outgoingMessage.setHeader('test');
 }, common.expectsError({
-  code: 'ERR_MISSING_ARGS',
+  code: 'ERR_HTTP_INVALID_HEADER_VALUE',
   type: TypeError,
-  message: 'The "value" argument must be specified'
+  message: 'Invalid value "undefined" for header "test"'
 }));
 
 assert.throws(() => {
diff --git a/test/parallel/test-http-write-head.js b/test/parallel/test-http-write-head.js
@@ -44,9 +44,9 @@ const s = http.createServer(common.mustCall((req, res) => {
   common.expectsError(
     () => res.setHeader('foo', undefined),
     {
-      code: 'ERR_MISSING_ARGS',
+      code: 'ERR_HTTP_INVALID_HEADER_VALUE',
       type: TypeError,
-      message: 'The "value" argument must be specified'
+      message: 'Invalid value "undefined" for header "foo"'
     }
   );
 

Original file line number	Diff line number	Diff line change
`@@ -61,9 +61,9 @@ const s = http.createServer(common.mustCall((req, res) => {`
`61`	`61`	`common.expectsError(`
`62`	`62`	`() => res.setHeader('someHeader'),`
`63`	`63`	`{`
`64`		`- code: 'ERR_MISSING_ARGS',`
	`64`	`+ code: 'ERR_HTTP_INVALID_HEADER_VALUE',`
`65`	`65`	`type: TypeError,`
`66`		`- message: 'The "value" argument must be specified'`
	`66`	`+ message: 'Invalid value "undefined" for header "someHeader"'`
`67`	`67`	`}`
`68`	`68`	`);`
`69`	`69`	`common.expectsError(`
Original file line number	Diff line number	Diff line change
`@@ -44,9 +44,9 @@ const s = http.createServer(common.mustCall((req, res) => {`
`44`	`44`	`common.expectsError(`
`45`	`45`	`() => res.setHeader('foo', undefined),`
`46`	`46`	`{`
`47`		`- code: 'ERR_MISSING_ARGS',`
	`47`	`+ code: 'ERR_HTTP_INVALID_HEADER_VALUE',`
`48`	`48`	`type: TypeError,`
`49`		`- message: 'The "value" argument must be specified'`
	`49`	`+ message: 'Invalid value "undefined" for header "foo"'`
`50`	`50`	`}`
`51`	`51`	`);`
`52`	`52`