New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add httpOptions
option
#855
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we can just call the parameter httpOptions
.
Agreed! |
@@ -446,7 +446,8 @@ The default values are shown after each option key. | |||
compress: true, // support gzip/deflate content encoding. false to disable | |||
size: 0, // maximum response body size in bytes. 0 to disable | |||
agent: null, // http(s).Agent instance or function that returns an instance (see below) | |||
highWaterMark: 16384 // the maximum number of bytes to store in the internal buffer before ceasing to read from the underlying resource. | |||
highWaterMark: 16384, // the maximum number of bytes to store in the internal buffer before ceasing to read from the underlying resource. | |||
httpOptions: {} // additional options to include in http(s).request options that cannot be configured by the http(s).Agent override. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fix indentation, replace tab for space to be consistent
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
would have been nice with at least some test
wouldn't the new recommended way to pass a Agent be thought the new httpOptions? now we essentially got two ways of adding Agent, but i guess that could be fine too... |
@jimmywarting I’ll fix the whitespace and mull over a way to test this - it’s not obvious to me how I could do that without stubbing out the http package. Any ideas? As far as the agent goes, I’m conflicted. The other idea I’ve entertained is only adding the insecureHTTPParser Parameter - I didn’t see anyone looking for any of the other options here https://nodejs.org/docs/latest-v12.x/api/http.html#http_http_request_options_callback |
Please demostrate what's not possible via Agent? |
ok looks like nodejs did not make it easy for us. My preference is still not to introduce an open But if other team members are into |
How insecure HTTP parser (and wider allowance in HTTP headers) will then work with our |
Thanks for pointing that out @tinovyatkin - it is filtering (silently dropping) invalid headers here: Line 250 in e6bfe4d
I think that is probably acceptable behavior. |
But, I mean, what is the point if you will not be able to access those headers anyway? |
Should |
@c-kruse in https://github.com/node-fetch/node-fetch/blob/master/test/utils/server.js you got a test server, you could perhaps create a own response with invalid headers, if node don't allow you to respond with inaccurate headers then maybe you could test other httpOptions in other cases it would also be possible to create a server using
maybe so you at least got a graceful degration instead of flat out get rejected with an error of why you where not able to get a response? |
would a annoying, nagging |
To provide browser-like ability to ignore junk http headers in the node environment for anyone who wishes to opt-in. Today it raises the HPE_INVALID_HEADER_TOKEN error. If you force your browser to use http/1.1 you can catch it dropping invalid http headers from most sites running behind an Incapsula CDN.
I could be convinced either way. It seems like a relatively small number of us who are blessed with this problem. Selfishly, I don't want to maintain a fork of node-fetch or refactor the handful of projects we have using it to another client. |
@jimmywarting |
nah, isn't the world going to a bit better if everyone just instead fix there bugs? i don't expect that the insecure http parser will be around for much long, insecure is... well, insecure |
What is the purpose of this pull request?
What changes did you make? (provide an overview)
Added extraHTTPOptions option that gets passed through to the http(s).request options here https://nodejs.org/docs/latest-v12.x/api/http.html#http_http_request_options_callback.
It looks like there was recently a similar discussion around this for TLS Options, which can be configured on the agent (undocumented). The impetus for this PR is the ability to pass the
insecureHTTPParser
option, which as far as I can tell can't be set on the agent.Which issue (if any) does this pull request address?
#724
Is there anything you'd like reviewers to know?
Here's some background reading: nodejs/node#27711
Sounds like it's a fairly common issue with the Incapsula CDN.
Why not just use the Agent?
Running this on node 12.x LTS will get you this:
We need the
insecureHTTPParser
option on the request to override this on a per-call basis. https://nodejs.org/api/http.html#http_http_request_options_callback