diff options
author | Gerrard Lindsay <gerrardalindsay@gmail.com> | 2023-05-13 13:09:26 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-05-13 17:09:26 +0000 |
commit | 5ec0f39a7a565b5a82fe90ba9f095731a7b8b005 (patch) | |
tree | 20c8778d8d43f2862b59f97b3d84002753fd4759 /doc | |
parent | 23e6b12edb0b792b82ff948e3b6c5cb2038c17bf (diff) | |
download | node-new-5ec0f39a7a565b5a82fe90ba9f095731a7b8b005.tar.gz |
http: prevent writing to the body when not allowed by HTTP spec
PR-URL: https://github.com/nodejs/node/pull/47732
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/api/errors.md | 5 | ||||
-rw-r--r-- | doc/api/http.md | 7 |
2 files changed, 9 insertions, 3 deletions
diff --git a/doc/api/errors.md b/doc/api/errors.md index 992ab1e7a2..642d2445e5 100644 --- a/doc/api/errors.md +++ b/doc/api/errors.md @@ -1338,6 +1338,11 @@ When using [`fs.cp()`][], `src` or `dest` pointed to an invalid path. <a id="ERR_FS_CP_FIFO_PIPE"></a> +### `ERR_HTTP_BODY_NOT_ALLOWED` + +An error is thrown when writing to an HTTP response which does not allow +contents. <a id="ERR_HTTP_BODY_NOT_ALLOWED"></a> + ### `ERR_HTTP_CONTENT_LENGTH_MISMATCH` Response body size doesn't match with the specified content-length header value. diff --git a/doc/api/http.md b/doc/api/http.md index 9493c6a269..b6fa32a3c0 100644 --- a/doc/api/http.md +++ b/doc/api/http.md @@ -2144,9 +2144,10 @@ it will switch to implicit header mode and flush the implicit headers. This sends a chunk of the response body. This method may be called multiple times to provide successive parts of the body. -In the `node:http` module, the response body is omitted when the -request is a HEAD request. Similarly, the `204` and `304` responses -_must not_ include a message body. +Writing to the body is not allowed when the request method or response status +do not support content. If an attempt is made to write to the body for a +HEAD request or as part of a `204` or `304`response, a synchronous `Error` +with the code `ERR_HTTP_BODY_NOT_ALLOWED` is thrown. `chunk` can be a string or a buffer. If `chunk` is a string, the second parameter specifies how to encode it into a byte stream. |