http: fix validation of "Link" header

Updated regex for "Link" header validation to better match the specification in RFC 8288 section 3. Does not check for valid URI format but handles the rest of the header more permissively than before. Alternative to another outstanding PR that disables validation entirely. Fixes: #46453 Refs: https://www.rfc-editor.org/rfc/rfc8288.html#section-3 Refs: #46464
nodejs · Feb 2, 2023 · ffdb710 · ffdb710
1 parent 8e42d8c
commit ffdb710
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/lib/internal/validators.js b/lib/internal/validators.js
@@ -459,7 +459,7 @@ function validateUnion(value, name, union) {
   }
 }
 
-const linkValueRegExp = /^(?:<[^>]*>;)\s*(?:rel=(")?[^;"]*\1;?)\s*(?:(?:as|anchor|title|crossorigin|disabled|fetchpriority|rel|referrerpolicy)=(")?[^;"]*\2)?$/;
+const linkValueRegExp = /^(?:<[^>]*>)(?:\s*;\s*[^;"]+(?:=(")?[^;"]*\1)?)*$/;
 
 /**
  * @param {any} value
@@ -473,7 +473,7 @@ function validateLinkHeaderFormat(value, name) {
     throw new ERR_INVALID_ARG_VALUE(
       name,
       value,
-      'must be an array or string of format "</styles.css>; rel=preload; as=style"'
+      'must be an array or string of format \'</styles.css>; rel=preload; as="style"\''
     );
   }
 }