Parse Error: Invalid header value char

[meap]

I send a request to https://gateway.ancestry.com/tree/trees/listtrees and fails with Parse Error: Invalid header value char.

const https = require('https')

const options = {
  hostname: 'gateway.ancestry.com',
  port: 443,
  path: '/tree/trees/listtrees',
  method: 'GET',
  headers: {
    Authorization:
      'Bearer DR~us-east-1~b3b258e8bbddb92f94d85b89bd68bce1d4d5fe33e877d3610f713xx8e5dd3844',
    Accept: 'application/json',
    'Content-Type': 'application/json',
  },
}

const req = https.request(options, (response) => {
  console.log(`statusCode: ${response.statusCode}`)

  response.on('data', (data) => {
    process.stdout.write(data)
  })
})

req.on('error', (err) => {
  console.error(err)
})

req.end()

Response:

Error: Parse Error: Invalid header value char
    at TLSSocket.socketOnData (_http_client.js:469:22)
    at TLSSocket.emit (events.js:315:20)
    at addChunk (_stream_readable.js:295:12)
    at readableAddChunk (_stream_readable.js:271:9)
    at TLSSocket.Readable.push (_stream_readable.js:212:10)
    at TLSWrap.onStreamRead (internal/stream_base_commons.js:186:23) {
  bytesParsed: 451,
  code: 'HPE_INVALID_HEADER_TOKEN',
  reason: 'Invalid header value char',
  rawPacket: <Buffer 48 54 54 50 2f 31 2e 31 20 34 30 31 20 55 6e 61 75 74 68 6f 72 69 7a 65 64 0d 0a 44 61 74 65 3a 20 54 75 65 2c 20 30 34 20 41 75 67 20 32 30 32 30 20 ... 645 more bytes>

The response looks:

curl -I "https://gateway.ancestry.com/tree/trees/listtrees" \
     -H 'Accept: application/json' \
     -H 'Content-Type: application/json' \
     -H 'Authorization: Bearer DR~us-east-1~b3b258e8bbddb92f94d85b89bd68bce1d4d5fe33e877d3610f713xx8e5dd3844'

HTTP/2 404
date: Tue, 04 Aug 2020 11:23:53 GMT
set-cookie: nlbi_1598068=q9zjHGLO7guXmNdNti1J4QAAAABULlhQpT00kfdB5RrPUKok; path=/
set-cookie: incap_ses_1080_1598068=HquXCNzFrE4pzCxmbO78DkhFKV8AAAAAZchZ8vOL8Rqwq/RNPwaGPg==; path=/
x-cdn: Incapsula
x-iinfo: 0-29635-29636 NNNN CT(99 99 0) RT(1596540232159 0) q(0 0 2 -1) r(3 3) U5

The issue is the same as here request/request#3187 and probably #27711.

Node.js version: v12.18.3, v13.14.0, v14.7.0
OS: OS X 10.14.6

[bnoordhuis]

Try passing --http1.1 to curl, then you'll see what the problem is:

$ curl --http1.1 -I "https://gateway.ancestry.com/tree/trees/listtrees" -H 'Accept: application/json' -H 'Content-Type: application/json' -H 'Authorization: Bearer DR~us-east-1~b3b258e8bbddb92f94d85b89bd68bce1d4d5fe33e877d3610f713xx8e5dd3844'
HTTP/1.1 404 Not Found
Date: Tue, 04 Aug 2020 18:52:03 GMT
Connection: keep-alive
Set-Cookie: nlbi_1598068=VMfQeN0UWX4l0gbDti1J4QAAAAAjX7foIqYcF4GdSj/zHP4C; path=/
Set-Cookie: incap_ses_247_1598068=dMLqa7n/Zg7wKjBJQYVtA1OuKV8AAAAA7utIjvIETWiSDw3VHn2MMQ==; path=/
Set-Cookie: ___utmvmzVuKszaB=WuMpRdHYAXQ; path=/; Max-Age=900
Set-Cookie: ___utmvazVuKszaB=JXsNHEu; path=/; Max-Age=900
Set-Cookie: ___utmvbzVuKszaB=YZw
    XoMOMalm: AtL; path=/; Max-Age=900
X-CDN: Incapsula
X-Iinfo: 8-1824852-1824854 NNNN CT(103 198 0) RT(1596567122677 40) q(0 0 3 -1) r(4 4) U5

That XoMOMalm header is the problem, header names are not allowed to have leading (or trailing) whitespace. I guess it's supposed to be part of the preceding Set-Cookie header because it varies with each request.

I'm going to close this out because node's parser is right to reject it but as a workaround try require('http2').