24027259782

Committed 06 Apr 2026 09:50AM UTC coverage: 80.536% (-0.04%) from 80.571%

Build # 24027259782

Build Type

Pull #973

github

Committed by

web-flow

Commit Message

Merge c8ecb4a20 into 553a6101f

Pull Request Pull Request #973: fix: allocate less in interim

Coverage Stats

3155 of 4092 branches covered (77.1%)

Branch coverage included in aggregate %.

103 of 111 new or added lines in 5 files covered. (92.79%)

17 existing lines in 2 files now uncovered.

30108 of 37210 relevant lines covered (80.91%)

315.35 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

91.04

/src/http/plugins/header-validator.ts

import { ERRORS } from '@internal/errors'
import { FastifyInstance, FastifyReply, FastifyRequest } from 'fastify'
import fastifyPlugin from 'fastify-plugin'

/**
 * Matches invalid HTTP header characters per RFC 7230 field-vchar specification.
 * Valid: TAB (0x09), visible ASCII (0x20-0x7E), obs-text (0x80-0xFF).
 * Invalid: control characters (0x00-0x1F except TAB) and DEL (0x7F).
 * @see https://tools.ietf.org/html/rfc7230#section-3.2
 */
const INVALID_HEADER_CHAR_PATTERN = /[^\t\x20-\x7e\x80-\xff]/

interface HeaderValidatorOptions {
  excludeUrls?: string[]
}

/**
 * Validates response headers before they're sent to prevent ERR_INVALID_CHAR crashes.
 *
 * Node.js throws ERR_INVALID_CHAR during writeHead() if headers contain control characters.
 * This hook validates headers in onSend (before writeHead) and throws InvalidHeaderChar error
 */
export const headerValidator = (options: HeaderValidatorOptions = {}) =>
  fastifyPlugin(
    async function headerValidatorPlugin(fastify: FastifyInstance) {
      fastify.addHook('onSend', async (request: FastifyRequest, reply: FastifyReply, payload) => {
        if (options.excludeUrls?.includes(request.url.toLowerCase())) {
          return payload
        }

        const headers = reply.getHeaders()
        for (const key in headers) {
          if (!Object.prototype.hasOwnProperty.call(headers, key)) {
            continue
          }
          const value = headers[key]
          if (typeof value === 'string' && INVALID_HEADER_CHAR_PATTERN.test(value)) {
            throw ERRORS.InvalidHeaderChar(key, value)
          } else if (Array.isArray(value)) {
            for (const item of value) {
              if (typeof item === 'string' && INVALID_HEADER_CHAR_PATTERN.test(item)) {
                throw ERRORS.InvalidHeaderChar(key, item)
              }
            }
          }
        }

        return payload
      })
    },
    { name: 'header-validator' }
  )

1	import { ERRORS } from '@internal/errors'	1✔
2	import { FastifyInstance, FastifyReply, FastifyRequest } from 'fastify'	1✔
3	import fastifyPlugin from 'fastify-plugin'	1✔
4		1✔
5	/**	1✔
6	* Matches invalid HTTP header characters per RFC 7230 field-vchar specification.	1✔
7	* Valid: TAB (0x09), visible ASCII (0x20-0x7E), obs-text (0x80-0xFF).	1✔
8	* Invalid: control characters (0x00-0x1F except TAB) and DEL (0x7F).	1✔
9	* @see https://tools.ietf.org/html/rfc7230#section-3.2	1✔
10	*/	1✔
11	const INVALID_HEADER_CHAR_PATTERN = /[^\t\x20-\x7e\x80-\xff]/	1✔
12		1✔
13	interface HeaderValidatorOptions {	1✔
14	excludeUrls?: string[]	1✔
15	}	1✔
16		1✔
17	/**	1✔
18	* Validates response headers before they're sent to prevent ERR_INVALID_CHAR crashes.	1✔
19	*	1✔
20	* Node.js throws ERR_INVALID_CHAR during writeHead() if headers contain control characters.	1✔
21	* This hook validates headers in onSend (before writeHead) and throws InvalidHeaderChar error	1✔
22	*/	1✔
23	export const headerValidator = (options: HeaderValidatorOptions = {}) =>	1✔
24	fastifyPlugin(	257✔
25	async function headerValidatorPlugin(fastify: FastifyInstance) {	257✔
26	fastify.addHook('onSend', async (request: FastifyRequest, reply: FastifyReply, payload) => {	257✔
27	if (options.excludeUrls?.includes(request.url.toLowerCase())) {	1,124!
28	return payload	×
29	}	×
30		1,124✔
31	const headers = reply.getHeaders()	1,124✔
32	for (const key in headers) {	1,124✔
33	if (!Object.prototype.hasOwnProperty.call(headers, key)) {	1,321!
NEW 34	continue	×
NEW 35	}	×
36	const value = headers[key]	1,321✔
37	if (typeof value === 'string' && INVALID_HEADER_CHAR_PATTERN.test(value)) {	1,321✔
38	throw ERRORS.InvalidHeaderChar(key, value)	6✔
39	} else if (Array.isArray(value)) {	1,321✔
40	for (const item of value) {	4✔
41	if (typeof item === 'string' && INVALID_HEADER_CHAR_PATTERN.test(item)) {	12✔
42	throw ERRORS.InvalidHeaderChar(key, item)	3✔
43	}	3✔
44	}	12✔
45	}	1✔
46	}	1,321✔
47		1,115✔
48	return payload	1,115✔
49	})	257✔
50	},	257✔
51	{ name: 'header-validator' }	257✔
52	)	1✔

supabase / storage / 24027259782

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous