http: llhttp opt-in insecure HTTP header parsing

Allow insecure HTTP header parsing. Make clear it is insecure. See: - https://github.com/nodejs/node/pull/30553 - https://github.com/nodejs/node/issues/27711#issuecomment-556265881 - https://github.com/nodejs/node/issues/30515 PR-URL: https://github.com/nodejs/node/pull/30567 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Denys Otrishko <shishugi@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
author: Sam Roberts <vieuxtech@gmail.com> 2019-11-20 11:48:58 -0800
committer: Sam Roberts <vieuxtech@gmail.com> 2019-12-09 09:56:16 -0800
commit: 02a0c74861c3107e6a9a1752e91540f8d4c49a76 (patch)
tree: 53a80ba610ef1bf7a965b8d0b1ee60c1f2c497d6 /doc/node.1
parent: d7b8ae72d97557571c577a865c37e7a5b196a332 (diff)
download: node-new-02a0c74861c3107e6a9a1752e91540f8d4c49a76.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/node.1 b/doc/node.1
index 5f98ba7091..5ea38be56e 100644
--- a/doc/node.1
+++ b/doc/node.1
@@ -213,6 +213,12 @@ Specify the
 .Ar module
 to use as a custom module loader.
 .
+.It Fl -insecure-http-parser
+Use an insecure HTTP parser that accepts invalid HTTP headers. This may allow
+interoperability with non-conformant HTTP implementations. It may also allow
+request smuggling and other HTTP attacks that rely on invalid headers being
+accepted. Avoid using this option.
+.
 .It Fl -max-http-header-size Ns = Ns Ar size
 Specify the maximum size of HTTP headers in bytes. Defaults to 8KB.
 .
author	Sam Roberts <vieuxtech@gmail.com>	2019-11-20 11:48:58 -0800
committer	Sam Roberts <vieuxtech@gmail.com>	2019-12-09 09:56:16 -0800
commit	02a0c74861c3107e6a9a1752e91540f8d4c49a76 (patch)
tree	53a80ba610ef1bf7a965b8d0b1ee60c1f2c497d6 /doc/node.1
parent	d7b8ae72d97557571c577a865c37e7a5b196a332 (diff)
download	node-new-02a0c74861c3107e6a9a1752e91540f8d4c49a76.tar.gz