fix: return 431 status code on HTTP header overflow error

fastify · Jun 27, 2023 · 59a7d01 · 59a7d01
1 parent 6e06229
commit 59a7d01
Show file tree

Hide file tree

Showing 2 changed files with 70 additions and 0 deletions.
diff --git a/fastify.js b/fastify.js
@@ -653,6 +653,11 @@ function fastify (options) {
       errorStatus = http.STATUS_CODES[errorCode]
       body = `{"error":"${errorStatus}","message":"Client Timeout","statusCode":408}`
       errorLabel = 'timeout'
+    } else if (err.code === 'HPE_HEADER_OVERFLOW') {
+      errorCode = '431'
+      errorStatus = http.STATUS_CODES[errorCode]
+      body = `{"error":"${errorStatus}","message":"Exceeded maximum allowed HTTP header size","statusCode":431}`
+      errorLabel = 'header_overflow'
     } else {
       errorCode = '400'
       errorStatus = http.STATUS_CODES[errorCode]

diff --git a/test/header-overflow.test.js b/test/header-overflow.test.js
@@ -0,0 +1,65 @@
+'use strict'
+
+const t = require('tap')
+const test = t.test
+const Fastify = require('..')
+const sget = require('simple-get').concat
+
+const maxHeaderSize = 1024
+
+test('Should return 431 if request header fields are too large', t => {
+  t.plan(3)
+
+  const fastify = Fastify({ http: { maxHeaderSize } })
+  fastify.route({
+    method: 'GET',
+    url: '/',
+    handler: (_req, reply) => {
+      reply.send({ hello: 'world' })
+    }
+  })
+
+  fastify.listen({ port: 0 }, function (err) {
+    t.error(err)
+
+    sget({
+      method: 'GET',
+      url: 'http://localhost:' + fastify.server.address().port,
+      headers: {
+        'Large-Header': 'a'.repeat(maxHeaderSize)
+      }
+    }, (err, res) => {
+      t.error(err)
+      t.equal(res.statusCode, 431)
+    })
+  })
+
+  t.teardown(() => fastify.close())
+})
+
+test('Should return 431 if URI is too long', t => {
+  t.plan(3)
+
+  const fastify = Fastify({ http: { maxHeaderSize } })
+  fastify.route({
+    method: 'GET',
+    url: '/',
+    handler: (_req, reply) => {
+      reply.send({ hello: 'world' })
+    }
+  })
+
+  fastify.listen({ port: 0 }, function (err) {
+    t.error(err)
+
+    sget({
+      method: 'GET',
+      url: 'http://localhost:' + fastify.server.address().port + `/${'a'.repeat(maxHeaderSize)}`
+    }, (err, res) => {
+      t.error(err)
+      t.equal(res.statusCode, 431)
+    })
+  })
+
+  t.teardown(() => fastify.close())
+})