Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Caseless header comparing in HTTP adapter. #2880

Merged
merged 5 commits into from Sep 7, 2021
Merged

Caseless header comparing in HTTP adapter. #2880

merged 5 commits into from Sep 7, 2021

Conversation

mastermatt
Copy link
Contributor

@mastermatt mastermatt commented Apr 7, 2020
edited by chinesedfan

It was adding User-Agent and removing Authorization, but only when
existing headers had the exact right casing. Node uses caseless logic
when managing headers.

This was causing some requests to have User-Agent appended to the
headers object and overriding provided agent strings.

Also included is an update to not override the Content-Length if it
was already defined in the options. It can be desirable to manually
specify a content length that does not match the data on hand.
Especially for testing.

Ref: #1237 (dup #2876) (stale PR #1291) nock/nock#1969 nock/nock#1845 https://github.com/sendgrid/sendgrid-nodejs/issues/1083

@mastermatt
Caseless header comparing in HTTP adapter.
57d2ebd 
It was adding User-Agent and removing Authorization, but only when
existing headers had the exact right casing. Node uses caseless logic
when managing headers.

This was causing some requests to have `User-Agent` appended to the
headers object and overriding provided agent strings.

Also included is an update to not override the `Content-Length` if it
was already defined in the options. It can be desirable to manually
specify a content length that does not match the data on hand.
Especially for testing.
@chinesedfan
Copy link
Collaborator

@mastermatt What do you think about using lib/helpers/normalizeHeaderName.js, and there are 2 places merging for headers,

  • lib/core/mergeConfig.js
  • lib/core/dispatchRequest.js

Then both adapters, xhr and http, can be unchanged.

@mastermatt
Copy link
Contributor Author

I'd be happy to look at alternative ways of doing this so the adapters don't drift. I didn't want to touch the XHR since I don't know the inner workings as well.
That being said, the approach behind normalizeHeaderName isn't one I'm a fan of.

While HTTP headers are case-insensitive, not every client and server is perfect about following this (take this PR for example). As such if a user of this client explicitly passes a header, that casing should be maintained across the wire.

It's a subtle, but important distinction that my change does not modify the provided headers, just updates the internal logic around adding defaults.

That being said, looking at the callers of normalizeHeaderName as well as the two places @chinesedfan pointed out that mergers headers, does concern me. The merging is not done in a case-insensitive manner and the normalization is destructive.

This project really does probably need a proper header helper/utility class, like in #1291, but that PR has been sitting for two years.
This PR isn't a holistic fix, but will fix the majority of the issues I've seen in the Node community.

This was referenced May 23, 2020
Closed
Closed
@jasonsaayman jasonsaayman added this to In progress in v0.20.0 via automation May 23, 2020
@jasonsaayman jasonsaayman added this to the v0.20.0 milestone May 23, 2020
@chinesedfan chinesedfan mentioned this pull request Jul 11, 2020
Closed
@jasonsaayman jasonsaayman moved this from In progress to Done in v0.20.0 Aug 25, 2020
@jasonsaayman jasonsaayman removed this from the v0.20.0 milestone Aug 25, 2020
@jasonsaayman
Copy link
Member

Please can you fix the test in this branch, update it to the latest master, and let me know so I can review it fully.

@mastermatt
Copy link
Contributor Author

@jasonsaayman updated and ready to review. I had to merge a conflict with #3703. Tests from both PRs now pass.

@jasonsaayman jasonsaayman merged commit f3ca637 into axios:master Sep 7, 2021
@mastermatt mastermatt deleted the caseless-header-checking-http-adapter branch September 7, 2021 19:00
@jasonsaayman jasonsaayman mentioned this pull request Oct 1, 2021
Merged
@redpeacock78 redpeacock78 mentioned this pull request Oct 2, 2021
Merged
@caugner caugner mentioned this pull request Oct 6, 2021
Closed
@ranjan-purbey ranjan-purbey mentioned this pull request Oct 6, 2021
Closed
@Shaquu Shaquu mentioned this pull request Jan 3, 2022
Closed
@sync-by-unito sync-by-unito bot mentioned this pull request Jan 6, 2022
Closed
mbargiel pushed a commit to mbargiel/axios that referenced this pull request Jan 27, 2022
@mastermatt @jasonsaayman
Caseless header comparing in HTTP adapter. (axios#2880)
8b9b402 
* Caseless header comparing in HTTP adapter.

It was adding User-Agent and removing Authorization, but only when
existing headers had the exact right casing. Node uses caseless logic
when managing headers.

This was causing some requests to have `User-Agent` appended to the
headers object and overriding provided agent strings.

Also included is an update to not override the `Content-Length` if it
was already defined in the options. It can be desirable to manually
specify a content length that does not match the data on hand.
Especially for testing.

* Fix eslint error

* fixup: update state UA logic

Play nice with axios#3703

Co-authored-by: Jay <jasonsaayman@gmail.com>
This was referenced Feb 22, 2022
Closed
Closed
@snyk-bot snyk-bot mentioned this pull request Mar 16, 2022
Closed
@Viiprogrammer Viiprogrammer mentioned this pull request May 14, 2022
Merged
@shaneomatz shaneomatz mentioned this pull request Nov 18, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
No open projects
v0.20.0
  
Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mastermatt @chinesedfan @jasonsaayman