docs: forbidden headers not documented (original) (raw)
(We don't have a documentation template here, so please forgive the use of a blank issue)
I recently ran into an invalid connection header error on refactoring some older code from axios to undici. I found this error to be particularly curious, because it wasn't documented in this repo and I couldn't find any reference to that error in the Node docs. For what it's worth, here's some of the code being called:
const headers = { Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9', 'Accept-Language': 'en-US,en;q=0.9,he-IL;q=0.8,he;q=0.7', 'Cache-Control': 'no-cache', Connection: 'keep-alive', Pragma: 'no-cache', 'Sec-Fetch-Dest': 'document', 'Sec-Fetch-Site': 'same-origin', 'Sec-Fetch-Mode': 'navigate', 'Sec-Fetch-User': '?1', 'Upgrade-Insecure-Requests': '1', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36' };
...
const { body, statusCode } = await request(uri, { headers, bodyTimeout: 5e3 });
Tracing this in code, it looks like undici marks a connection header as invalid in two places:
| const forbiddenHeaderNames = [ |
|---|
and
| } else if ( |
|---|
| key.length === 10 && |
| key.toLowerCase() === 'connection' |
| ) { |
| throw new InvalidArgumentError('invalid connection header') |
With the latter being the spot that raised the error I ran into. Now, I don't believe the original dev was correct in their use of the keep-alive connection header here and it'll be removed, but I was really surprised that none of these forbidden headers were documented anywhere easily reachable, nor the conditions in which they are invalid. Perhaps this is another spot of documentation that was overlooked due to institutional knowledge of the contributors?
I love what's being done with this project, but documentation here seems to be more of an afterthought and that's a bummer.