From 344aaaef5e7d21d4e5580b29435f345b64bb3dfc Mon Sep 17 00:00:00 2001 From: sapphi-red Date: Sun, 24 Jul 2022 00:54:38 +0900 Subject: [PATCH 1/3] feat: show warning on 431 response --- packages/vite/src/node/http.ts | 25 +++++++++++++++++++++++++ packages/vite/src/node/preview.ts | 8 +++++++- packages/vite/src/node/server/index.ts | 11 ++++++++++- 3 files changed, 42 insertions(+), 2 deletions(-) diff --git a/packages/vite/src/node/http.ts b/packages/vite/src/node/http.ts index 18ce37f6a327e1..621c93d196492e 100644 --- a/packages/vite/src/node/http.ts +++ b/packages/vite/src/node/http.ts @@ -6,6 +6,7 @@ import type { } from 'node:http' import type { ServerOptions as HttpsServerOptions } from 'node:https' import type { Connect } from 'types/connect' +import colors from 'picocolors' import { isObject } from './utils' import type { ProxyOptions } from './server/middlewares/proxy' import type { Logger } from './logger' @@ -183,3 +184,27 @@ export async function httpServerStart( }) }) } + +export function setClientErrorHandler( + server: HttpServer, + logger: Logger +): void { + server.on('clientError', (err, socket) => { + if ((err as any).code === 'HPE_HEADER_OVERFLOW') { + if (!socket.writableEnded) { + socket.end( + 'HTTP/1.1 431 Request Header Fields Too Large\r\n\r\n' + + 'Request Header was too large. Node.js limits request header size. ' + + 'Use https://nodejs.org/api/cli.html#--max-http-header-sizesize to change max header size.' + ) + } + logger.warn( + colors.yellow( + 'Server / WS server responded with "431 Request Header Fields Too Large." ' + + 'Node.js limits request header size and the request was dropped. ' + + 'Use https://nodejs.org/api/cli.html#--max-http-header-sizesize to change max header size.' + ) + ) + } + }) +} diff --git a/packages/vite/src/node/preview.ts b/packages/vite/src/node/preview.ts index 7b2cc4bb1729b4..e870fb4bd0bb8e 100644 --- a/packages/vite/src/node/preview.ts +++ b/packages/vite/src/node/preview.ts @@ -6,7 +6,12 @@ import type { Connect } from 'types/connect' import corsMiddleware from 'cors' import type { ResolvedServerOptions, ResolvedServerUrls } from './server' import type { CommonServerOptions } from './http' -import { httpServerStart, resolveHttpServer, resolveHttpsConfig } from './http' +import { + httpServerStart, + resolveHttpServer, + resolveHttpsConfig, + setClientErrorHandler +} from './http' import { openBrowser } from './server/openBrowser' import compression from './server/middlewares/compression' import { proxyMiddleware } from './server/middlewares/proxy' @@ -78,6 +83,7 @@ export async function preview( app, await resolveHttpsConfig(config.preview?.https, config.cacheDir) ) + setClientErrorHandler(httpServer, config.logger) // apply server hooks from plugins const postHooks: ((() => void) | void)[] = [] diff --git a/packages/vite/src/node/server/index.ts b/packages/vite/src/node/server/index.ts index a8222be65ae7b2..98d7814e587751 100644 --- a/packages/vite/src/node/server/index.ts +++ b/packages/vite/src/node/server/index.ts @@ -12,7 +12,12 @@ import type { Connect } from 'types/connect' import launchEditorMiddleware from 'launch-editor-middleware' import type { SourceMap } from 'rollup' import type { CommonServerOptions } from '../http' -import { httpServerStart, resolveHttpServer, resolveHttpsConfig } from '../http' +import { + httpServerStart, + resolveHttpServer, + resolveHttpsConfig, + setClientErrorHandler +} from '../http' import type { InlineConfig, ResolvedConfig } from '../config' import { isDepsOptimizerEnabled, resolveConfig } from '../config' import { @@ -301,6 +306,10 @@ export async function createServer( : await resolveHttpServer(serverConfig, middlewares, httpsOptions) const ws = createWebSocketServer(httpServer, config, httpsOptions) + if (httpServer) { + setClientErrorHandler(httpServer, config.logger) + } + const { ignored = [], ...watchOptions } = serverConfig.watch || {} const watcher = chokidar.watch(path.resolve(root), { ignored: [ From 45fcf2313ec91a8869ef3fc0f3bf295240d53663 Mon Sep 17 00:00:00 2001 From: sapphi-red Date: Fri, 29 Jul 2022 21:33:58 +0900 Subject: [PATCH 2/3] feat: less warning and more docs --- docs/guide/troubleshooting.md | 11 +++++++++++ packages/vite/src/node/http.ts | 12 ++---------- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/docs/guide/troubleshooting.md b/docs/guide/troubleshooting.md index c7e558f0f08192..80f5e7956726fc 100644 --- a/docs/guide/troubleshooting.md +++ b/docs/guide/troubleshooting.md @@ -44,6 +44,17 @@ To solve this: $ sudo sysctl fs.inotify.max_user_watches=524288 ``` +### 431 Request Header Fields Too Large + +When the server / WebSocket server receives a large HTTP header, the request will be dropped and the following warning will be shown. + +> Server responded with status code 431. See https://vitejs.dev/guide/troubleshooting.html#_431-request-header-fields-too-large. + +This is because Node.js limits request header size to mitigate CVE-2018-12121. + +To avoid this, try to reduce your request header size. For example, if the cookie is long, delete it. +Or you can use [`--max-http-header-size`](https://nodejs.org/api/cli.html#--max-http-header-sizesize) to change max header size. + ## HMR ### Vite detects a file change but the HMR is not working diff --git a/packages/vite/src/node/http.ts b/packages/vite/src/node/http.ts index 621c93d196492e..306419274b1c0a 100644 --- a/packages/vite/src/node/http.ts +++ b/packages/vite/src/node/http.ts @@ -191,18 +191,10 @@ export function setClientErrorHandler( ): void { server.on('clientError', (err, socket) => { if ((err as any).code === 'HPE_HEADER_OVERFLOW') { - if (!socket.writableEnded) { - socket.end( - 'HTTP/1.1 431 Request Header Fields Too Large\r\n\r\n' + - 'Request Header was too large. Node.js limits request header size. ' + - 'Use https://nodejs.org/api/cli.html#--max-http-header-sizesize to change max header size.' - ) - } logger.warn( colors.yellow( - 'Server / WS server responded with "431 Request Header Fields Too Large." ' + - 'Node.js limits request header size and the request was dropped. ' + - 'Use https://nodejs.org/api/cli.html#--max-http-header-sizesize to change max header size.' + 'Server responded with status code 431. ' + + 'See https://vitejs.dev/guide/troubleshooting.html#_431-request-header-fields-too-large.' ) ) } From bdebe7b542899b05848268ca63425ecc21bc53be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=BF=A0=20/=20green?= Date: Sat, 30 Jul 2022 21:24:49 +0900 Subject: [PATCH 3/3] docs: thanks blu Co-authored-by: Bjorn Lu --- docs/guide/troubleshooting.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docs/guide/troubleshooting.md b/docs/guide/troubleshooting.md index 80f5e7956726fc..835c070b37b0b8 100644 --- a/docs/guide/troubleshooting.md +++ b/docs/guide/troubleshooting.md @@ -50,10 +50,9 @@ When the server / WebSocket server receives a large HTTP header, the request wil > Server responded with status code 431. See https://vitejs.dev/guide/troubleshooting.html#_431-request-header-fields-too-large. -This is because Node.js limits request header size to mitigate CVE-2018-12121. +This is because Node.js limits request header size to mitigate [CVE-2018-12121](https://www.cve.org/CVERecord?id=CVE-2018-12121). -To avoid this, try to reduce your request header size. For example, if the cookie is long, delete it. -Or you can use [`--max-http-header-size`](https://nodejs.org/api/cli.html#--max-http-header-sizesize) to change max header size. +To avoid this, try to reduce your request header size. For example, if the cookie is long, delete it. Or you can use [`--max-http-header-size`](https://nodejs.org/api/cli.html#--max-http-header-sizesize) to change max header size. ## HMR