diff options
author | Sam Roberts <vieuxtech@gmail.com> | 2019-11-20 11:48:58 -0800 |
---|---|---|
committer | Sam Roberts <vieuxtech@gmail.com> | 2019-12-09 09:56:16 -0800 |
commit | 02a0c74861c3107e6a9a1752e91540f8d4c49a76 (patch) | |
tree | 53a80ba610ef1bf7a965b8d0b1ee60c1f2c497d6 /doc/node.1 | |
parent | d7b8ae72d97557571c577a865c37e7a5b196a332 (diff) | |
download | node-new-02a0c74861c3107e6a9a1752e91540f8d4c49a76.tar.gz |
http: llhttp opt-in insecure HTTP header parsing
Allow insecure HTTP header parsing. Make clear it is insecure.
See:
- https://github.com/nodejs/node/pull/30553
- https://github.com/nodejs/node/issues/27711#issuecomment-556265881
- https://github.com/nodejs/node/issues/30515
PR-URL: https://github.com/nodejs/node/pull/30567
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Denys Otrishko <shishugi@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'doc/node.1')
-rw-r--r-- | doc/node.1 | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/node.1 b/doc/node.1 index 5f98ba7091..5ea38be56e 100644 --- a/doc/node.1 +++ b/doc/node.1 @@ -213,6 +213,12 @@ Specify the .Ar module to use as a custom module loader. . +.It Fl -insecure-http-parser +Use an insecure HTTP parser that accepts invalid HTTP headers. This may allow +interoperability with non-conformant HTTP implementations. It may also allow +request smuggling and other HTTP attacks that rely on invalid headers being +accepted. Avoid using this option. +. .It Fl -max-http-header-size Ns = Ns Ar size Specify the maximum size of HTTP headers in bytes. Defaults to 8KB. . |