http2: report invalid for spaced header names

[rexagod]

Refs: #29829

Checklist

• make -j4 test (UNIX), or vcbuild test (Windows) passes
• tests and/or benchmarks are included
• documentation is changed or added
• commit message follows commit guidelines

[BridgeAR]

@nodejs/http @nodejs/http2 @nodejs/streams PTAL

[ronag]

LGTM

[mcollina]

lgtm

[addaleax]

@rexagod Is this semver-major? It looks that way to me.

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/31430/

[rexagod]

@addaleax +1. Thank you for tagging this!

[mcollina]

lgtm

[rexagod]

This will be equivalent to 'test', hence a valid header. See below.

node/lib/internal/http2/compat.js

Line 604 in a29d7c7

name = name.trim().toLowerCase();

[lundibundi]

Hm, I wonder, the http fails with ERR_INVALID_HTTP_TOKEN if you try to set the header name of ' test'.

[rexagod]

Each header field consists
of a name followed by a colon (":") and the field value. Field names
are case-insensitive. The field value MAY be preceded by any amount
of LWS, though a single SP is preferred.

@lundibundi The RFC2616 for HTTP/1 states that the field value may be preceded by any amount of LWS, but nothing similar is stated for the field names. Furthermore, this is not a problem in HTTP/2 owing to the binary protocol.

[lundibundi]

That part of the RFC if referring to the format of the HTTP message (i.e. actual text representation of the message), not the specific field name/value. Just down below in that section, we can see
field-name = token
And the token is
token = 1*<any CHAR except CTLs or separators>

Therefore there shouldn't be any leading whitespace in the user-provided value for header name which our http/1 implementation is enforcing correctly (by throwing ERR_INVALID_HTTP_TOKEN).

It's fine to do that in a follow-up PR, I just mentioned it so that we won't forget about it.

[codecov-commenter]

Codecov Report

Merging #33161 into master will increase coverage by 0.44%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master   #33161      +/-   ##
==========================================
+ Coverage   96.26%   96.71%   +0.44%     
==========================================
  Files         197      203       +6     
  Lines       65980    67388    +1408     
==========================================
+ Hits        63518    65171    +1653     
+ Misses       2462     2217     -245     

Impacted Files	Coverage Δ
lib/internal/idna.js	66.66% <0.00%> (-33.34%)	⬇️
lib/internal/net.js	75.00% <0.00%> (-25.00%)	⬇️
lib/internal/inspector_async_hook.js	86.84% <0.00%> (-13.16%)	⬇️
lib/internal/source_map/source_map.js	84.50% <0.00%> (-11.71%)	⬇️
lib/internal/fs/rimraf.js	67.90% <0.00%> (-11.49%)	⬇️
lib/internal/v8_prof_processor.js	92.85% <0.00%> (-4.77%)	⬇️
lib/inspector.js	94.30% <0.00%> (-4.39%)	⬇️
lib/internal/source_map/source_map_cache.js	80.21% <0.00%> (-3.77%)	⬇️
lib/internal/modules/cjs/loader.js	94.85% <0.00%> (-3.06%)	⬇️
lib/internal/fs/utils.js	94.97% <0.00%> (-1.99%)	⬇️
... and 113 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cd4052c...2ffb264. Read the comment docs.

[mcollina]

lgtm

[mcollina]

still lgtm

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/31858/

[mcollina]

@rexagod there are still a few comments to fix, then we can land.

[rexagod]

@mcollina I think all the comments have been resolved now. Please let me know if there's anything else left to fix here.

[lundibundi]

LGTM.

Making explicit that IMO the leading whitespace in header names can be handled in a follow-up PR since this PR already improves things in compat layer a bit and there is no need to handle everything in one PR.

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/31889/