2 | Node.js v18.20.8 Documentation (original) (raw)

HTTP/2#

Source Code: lib/http2.js

The node:http2 module provides an implementation of the HTTP/2 protocol. It can be accessed using:

const http2 = require('node:http2');

Determining if crypto support is unavailable#

It is possible for Node.js to be built without including support for thenode:crypto module. In such cases, attempting to import from node:http2 or calling require('node:http2') will result in an error being thrown.

When using CommonJS, the error thrown can be caught using try/catch:

let http2; try { http2 = require('node:http2'); } catch (err) { console.error('http2 support is disabled!'); }

When using the lexical ESM import keyword, the error can only be caught if a handler for process.on('uncaughtException') is registered_before_ any attempt to load the module is made (using, for instance, a preload module).

When using ESM, if there is a chance that the code may be run on a build of Node.js where crypto support is not enabled, consider using theimport() function instead of the lexical import keyword:

let http2; try { http2 = await import('node:http2'); } catch (err) { console.error('http2 support is disabled!'); }

Core API#

The Core API provides a low-level interface designed specifically around support for HTTP/2 protocol features. It is specifically not designed for compatibility with the existing HTTP/1 module API. However, the Compatibility API is.

The http2 Core API is much more symmetric between client and server than thehttp API. For instance, most events, like 'error', 'connect' and'stream', can be emitted either by client-side code or server-side code.

Server-side example#

The following illustrates a simple HTTP/2 server using the Core API. Since there are no browsers known that supportunencrypted HTTP/2, the use ofhttp2.createSecureServer() is necessary when communicating with browser clients.

`const http2 = require('node:http2'); const fs = require('node:fs');

const server = http2.createSecureServer({ key: fs.readFileSync('localhost-privkey.pem'), cert: fs.readFileSync('localhost-cert.pem'), }); server.on('error', (err) => console.error(err));

server.on('stream', (stream, headers) => { // stream is a Duplex stream.respond({ 'content-type': 'text/html; charset=utf-8', ':status': 200, }); stream.end('

Hello World

'); });

server.listen(8443);`

To generate the certificate and key for this example, run:

openssl req -x509 -newkey rsa:2048 -nodes -sha256 -subj '/CN=localhost' \ -keyout localhost-privkey.pem -out localhost-cert.pem

Client-side example#

The following illustrates an HTTP/2 client:

`` const http2 = require('node:http2'); const fs = require('node:fs'); const client = http2.connect('https://localhost:8443', { ca: fs.readFileSync('localhost-cert.pem'), }); client.on('error', (err) => console.error(err));

const req = client.request({ ':path': '/' });

req.on('response', (headers, flags) => { for (const name in headers) { console.log(${name}: ${headers[name]}); } });

req.setEncoding('utf8'); let data = ''; req.on('data', (chunk) => { data += chunk; }); req.on('end', () => { console.log(\n${data}); client.close(); }); req.end(); ``

Class: Http2Session#

Added in: v8.4.0

Instances of the http2.Http2Session class represent an active communications session between an HTTP/2 client and server. Instances of this class are _not_intended to be constructed directly by user code.

Each Http2Session instance will exhibit slightly different behaviors depending on whether it is operating as a server or a client. Thehttp2session.type property can be used to determine the mode in which anHttp2Session is operating. On the server side, user code should rarely have occasion to work with the Http2Session object directly, with most actions typically taken through interactions with either the Http2Server orHttp2Stream objects.

User code will not create Http2Session instances directly. Server-sideHttp2Session instances are created by the Http2Server instance when a new HTTP/2 connection is received. Client-side Http2Session instances are created using the http2.connect() method.

Http2Session and sockets#

Every Http2Session instance is associated with exactly one net.Socket ortls.TLSSocket when it is created. When either the Socket or theHttp2Session are destroyed, both will be destroyed.

Because of the specific serialization and processing requirements imposed by the HTTP/2 protocol, it is not recommended for user code to read data from or write data to a Socket instance bound to a Http2Session. Doing so can put the HTTP/2 session into an indeterminate state causing the session and the socket to become unusable.

Once a Socket has been bound to an Http2Session, user code should rely solely on the API of the Http2Session.

Event: 'close'#

Added in: v8.4.0

The 'close' event is emitted once the Http2Session has been destroyed. Its listener does not expect any arguments.

Event: 'connect'#

Added in: v8.4.0

The 'connect' event is emitted once the Http2Session has been successfully connected to the remote peer and communication may begin.

User code will typically not listen for this event directly.

Event: 'error'#

Added in: v8.4.0

The 'error' event is emitted when an error occurs during the processing of an Http2Session.

Event: 'frameError'#

Added in: v8.4.0

The 'frameError' event is emitted when an error occurs while attempting to send a frame on the session. If the frame that could not be sent is associated with a specific Http2Stream, an attempt to emit a 'frameError' event on theHttp2Stream is made.

If the 'frameError' event is associated with a stream, the stream will be closed and destroyed immediately following the 'frameError' event. If the event is not associated with a stream, the Http2Session will be shut down immediately following the 'frameError' event.

Event: 'goaway'#

Added in: v8.4.0

The 'goaway' event is emitted when a GOAWAY frame is received.

The Http2Session instance will be shut down automatically when the 'goaway'event is emitted.

Event: 'localSettings'#

Added in: v8.4.0

The 'localSettings' event is emitted when an acknowledgment SETTINGS frame has been received.

When using http2session.settings() to submit new settings, the modified settings do not take effect until the 'localSettings' event is emitted.

`session.settings({ enablePush: false });

session.on('localSettings', (settings) => { /* Use the new settings */ });`

Event: 'ping'#

Added in: v10.12.0

The 'ping' event is emitted whenever a PING frame is received from the connected peer.

Event: 'remoteSettings'#

Added in: v8.4.0

The 'remoteSettings' event is emitted when a new SETTINGS frame is received from the connected peer.

session.on('remoteSettings', (settings) => { /* Use the new settings */ });

Event: 'stream'#

Added in: v8.4.0

The 'stream' event is emitted when a new Http2Stream is created.

const http2 = require('node:http2'); session.on('stream', (stream, headers, flags) => { const method = headers[':method']; const path = headers[':path']; // ... stream.respond({ ':status': 200, 'content-type': 'text/plain; charset=utf-8', }); stream.write('hello '); stream.end('world'); });

On the server side, user code will typically not listen for this event directly, and would instead register a handler for the 'stream' event emitted by thenet.Server or tls.Server instances returned by http2.createServer() andhttp2.createSecureServer(), respectively, as in the example below:

`const http2 = require('node:http2');

// Create an unencrypted HTTP/2 server const server = http2.createServer();

server.on('stream', (stream, headers) => { stream.respond({ 'content-type': 'text/html; charset=utf-8', ':status': 200, }); stream.on('error', (error) => console.error(error)); stream.end('

Hello World

'); });

server.listen(8000);`

Even though HTTP/2 streams and network sockets are not in a 1:1 correspondence, a network error will destroy each individual stream and must be handled on the stream level, as shown above.

Event: 'timeout'#

Added in: v8.4.0

After the http2session.setTimeout() method is used to set the timeout period for this Http2Session, the 'timeout' event is emitted if there is no activity on the Http2Session after the configured number of milliseconds. Its listener does not expect any arguments.

session.setTimeout(2000); session.on('timeout', () => { /* .. */ });

http2session.alpnProtocol#

Added in: v9.4.0

Value will be undefined if the Http2Session is not yet connected to a socket, h2c if the Http2Session is not connected to a TLSSocket, or will return the value of the connected TLSSocket's own alpnProtocolproperty.

http2session.close([callback])#

Added in: v9.4.0

Gracefully closes the Http2Session, allowing any existing streams to complete on their own and preventing new Http2Stream instances from being created. Once closed, http2session.destroy() might be called if there are no open Http2Stream instances.

If specified, the callback function is registered as a handler for the'close' event.

http2session.closed#

Added in: v9.4.0

Will be true if this Http2Session instance has been closed, otherwisefalse.

http2session.connecting#

Added in: v10.0.0

Will be true if this Http2Session instance is still connecting, will be set to false before emitting connect event and/or calling the http2.connectcallback.

http2session.destroy([error][, code])#

Added in: v8.4.0

Immediately terminates the Http2Session and the associated net.Socket ortls.TLSSocket.

Once destroyed, the Http2Session will emit the 'close' event. If erroris not undefined, an 'error' event will be emitted immediately before the'close' event.

If there are any remaining open Http2Streams associated with theHttp2Session, those will also be destroyed.

http2session.destroyed#

Added in: v8.4.0

Will be true if this Http2Session instance has been destroyed and must no longer be used, otherwise false.

http2session.encrypted#

Added in: v9.4.0

Value is undefined if the Http2Session session socket has not yet been connected, true if the Http2Session is connected with a TLSSocket, and false if the Http2Session is connected to any other kind of socket or stream.

http2session.goaway([code[, lastStreamID[, opaqueData]]])#

Added in: v9.4.0

Transmits a GOAWAY frame to the connected peer without shutting down theHttp2Session.

http2session.localSettings#

Added in: v8.4.0

A prototype-less object describing the current local settings of thisHttp2Session. The local settings are local to this Http2Session instance.

http2session.originSet#

Added in: v9.4.0

If the Http2Session is connected to a TLSSocket, the originSet property will return an Array of origins for which the Http2Session may be considered authoritative.

The originSet property is only available when using a secure TLS connection.

http2session.pendingSettingsAck#

Added in: v8.4.0

Indicates whether the Http2Session is currently waiting for acknowledgment of a sent SETTINGS frame. Will be true after calling thehttp2session.settings() method. Will be false once all sent SETTINGSframes have been acknowledged.

http2session.ping([payload, ]callback)#

Sends a PING frame to the connected HTTP/2 peer. A callback function must be provided. The method will return true if the PING was sent, falseotherwise.

The maximum number of outstanding (unacknowledged) pings is determined by themaxOutstandingPings configuration option. The default maximum is 10.

If provided, the payload must be a Buffer, TypedArray, or DataViewcontaining 8 bytes of data that will be transmitted with the PING and returned with the ping acknowledgment.

The callback will be invoked with three arguments: an error argument that will be null if the PING was successfully acknowledged, a duration argument that reports the number of milliseconds elapsed since the ping was sent and the acknowledgment was received, and a Buffer containing the 8-byte PINGpayload.

session.ping(Buffer.from('abcdefgh'), (err, duration, payload) => { if (!err) { console.log(`Ping acknowledged in ${duration} milliseconds`); console.log(`With payload '${payload.toString()}'`); } });

If the payload argument is not specified, the default payload will be the 64-bit timestamp (little endian) marking the start of the PING duration.

http2session.ref()#

Added in: v9.4.0

Calls ref() on this Http2Sessioninstance's underlying net.Socket.

http2session.remoteSettings#

Added in: v8.4.0

A prototype-less object describing the current remote settings of thisHttp2Session. The remote settings are set by the connected HTTP/2 peer.

http2session.setLocalWindowSize(windowSize)#

Added in: v15.3.0, v14.18.0

Sets the local endpoint's window size. The windowSize is the total window size to set, not the delta.

`const http2 = require('node:http2');

const server = http2.createServer(); const expectedWindowSize = 2 ** 20; server.on('connect', (session) => {

// Set local window size to be 2 ** 20 session.setLocalWindowSize(expectedWindowSize); });`

http2session.setTimeout(msecs, callback)#

Used to set a callback function that is called when there is no activity on the Http2Session after msecs milliseconds. The given callback is registered as a listener on the 'timeout' event.

http2session.socket#

Added in: v8.4.0

Returns a Proxy object that acts as a net.Socket (or tls.TLSSocket) but limits available methods to ones safe to use with HTTP/2.

destroy, emit, end, pause, read, resume, and write will throw an error with code ERR_HTTP2_NO_SOCKET_MANIPULATION. SeeHttp2Session and Sockets for more information.

setTimeout method will be called on this Http2Session.

All other interactions will be routed directly to the socket.

http2session.state#

Added in: v8.4.0

Provides miscellaneous information about the current state of theHttp2Session.

An object describing the current status of this Http2Session.

http2session.settings([settings][, callback])#

Updates the current local settings for this Http2Session and sends a newSETTINGS frame to the connected HTTP/2 peer.

Once called, the http2session.pendingSettingsAck property will be truewhile the session is waiting for the remote peer to acknowledge the new settings.

The new settings will not become effective until the SETTINGS acknowledgment is received and the 'localSettings' event is emitted. It is possible to send multiple SETTINGS frames while acknowledgment is still pending.

http2session.type#

Added in: v8.4.0

The http2session.type will be equal tohttp2.constants.NGHTTP2_SESSION_SERVER if this Http2Session instance is a server, and http2.constants.NGHTTP2_SESSION_CLIENT if the instance is a client.

http2session.unref()#

Added in: v9.4.0

Calls unref() on this Http2Sessioninstance's underlying net.Socket.

Class: ServerHttp2Session#

Added in: v8.4.0

serverhttp2session.altsvc(alt, originOrStream)#

Added in: v9.4.0

Submits an ALTSVC frame (as defined by RFC 7838) to the connected client.

`const http2 = require('node:http2');

const server = http2.createServer(); server.on('session', (session) => { // Set altsvc for origin https://example.org:80 session.altsvc('h2=":8000"', 'https://example.org:80'); });

server.on('stream', (stream) => { // Set altsvc for a specific stream stream.session.altsvc('h2=":8000"', stream.id); });`

Sending an ALTSVC frame with a specific stream ID indicates that the alternate service is associated with the origin of the given Http2Stream.

The alt and origin string must contain only ASCII bytes and are strictly interpreted as a sequence of ASCII bytes. The special value 'clear'may be passed to clear any previously set alternative service for a given domain.

When a string is passed for the originOrStream argument, it will be parsed as a URL and the origin will be derived. For instance, the origin for the HTTP URL 'https://example.org/foo/bar' is the ASCII string'https://example.org'. An error will be thrown if either the given string cannot be parsed as a URL or if a valid origin cannot be derived.

A URL object, or any object with an origin property, may be passed asoriginOrStream, in which case the value of the origin property will be used. The value of the origin property must be a properly serialized ASCII origin.

Specifying alternative services#

The format of the alt parameter is strictly defined by RFC 7838 as an ASCII string containing a comma-delimited list of "alternative" protocols associated with a specific host and port.

For example, the value 'h2="example.org:81"' indicates that the HTTP/2 protocol is available on the host 'example.org' on TCP/IP port 81. The host and port must be contained within the quote (") characters.

Multiple alternatives may be specified, for instance: 'h2="example.org:81", h2=":82"'.

The protocol identifier ('h2' in the examples) may be any validALPN Protocol ID.

The syntax of these values is not validated by the Node.js implementation and are passed through as provided by the user or received from the peer.

serverhttp2session.origin(...origins)#

Added in: v10.12.0

Submits an ORIGIN frame (as defined by RFC 8336) to the connected client to advertise the set of origins for which the server is capable of providing authoritative responses.

const http2 = require('node:http2'); const options = getSecureOptionsSomehow(); const server = http2.createSecureServer(options); server.on('stream', (stream) => { stream.respond(); stream.end('ok'); }); server.on('session', (session) => { session.origin('https://example.com', 'https://example.org'); });

When a string is passed as an origin, it will be parsed as a URL and the origin will be derived. For instance, the origin for the HTTP URL'https://example.org/foo/bar' is the ASCII string'https://example.org'. An error will be thrown if either the given string cannot be parsed as a URL or if a valid origin cannot be derived.

A URL object, or any object with an origin property, may be passed as an origin, in which case the value of the origin property will be used. The value of the origin property must be a properly serialized ASCII origin.

Alternatively, the origins option may be used when creating a new HTTP/2 server using the http2.createSecureServer() method:

const http2 = require('node:http2'); const options = getSecureOptionsSomehow(); options.origins = ['https://example.com', 'https://example.org']; const server = http2.createSecureServer(options); server.on('stream', (stream) => { stream.respond(); stream.end('ok'); });

Class: ClientHttp2Session#

Added in: v8.4.0

Event: 'altsvc'#

Added in: v9.4.0

The 'altsvc' event is emitted whenever an ALTSVC frame is received by the client. The event is emitted with the ALTSVC value, origin, and stream ID. If no origin is provided in the ALTSVC frame, origin will be an empty string.

`const http2 = require('node:http2'); const client = http2.connect('https://example.org');

client.on('altsvc', (alt, origin, streamId) => { console.log(alt); console.log(origin); console.log(streamId); });`

Event: 'origin'#

Added in: v10.12.0

The 'origin' event is emitted whenever an ORIGIN frame is received by the client. The event is emitted with an array of origin strings. Thehttp2session.originSet will be updated to include the received origins.

`const http2 = require('node:http2'); const client = http2.connect('https://example.org');

client.on('origin', (origins) => { for (let n = 0; n < origins.length; n++) console.log(origins[n]); });`

The 'origin' event is only emitted when using a secure TLS connection.

clienthttp2session.request(headers[, options])#

Added in: v8.4.0

For HTTP/2 Client Http2Session instances only, the http2session.request()creates and returns an Http2Stream instance that can be used to send an HTTP/2 request to the connected server.

When a ClientHttp2Session is first created, the socket may not yet be connected. if clienthttp2session.request() is called during this time, the actual request will be deferred until the socket is ready to go. If the session is closed before the actual request be executed, anERR_HTTP2_GOAWAY_SESSION is thrown.

This method is only available if http2session.type is equal tohttp2.constants.NGHTTP2_SESSION_CLIENT.

`const http2 = require('node:http2'); const clientSession = http2.connect('https://localhost:1234'); const { HTTP2_HEADER_PATH, HTTP2_HEADER_STATUS, } = http2.constants;

const req = clientSession.request({ [HTTP2_HEADER_PATH]: '/' }); req.on('response', (headers) => { console.log(headers[HTTP2_HEADER_STATUS]); req.on('data', (chunk) => { /* .. / }); req.on('end', () => { / .. */ }); });`

When the options.waitForTrailers option is set, the 'wantTrailers' event is emitted immediately after queuing the last chunk of payload data to be sent. The http2stream.sendTrailers() method can then be called to send trailing headers to the peer.

When options.waitForTrailers is set, the Http2Stream will not automatically close when the final DATA frame is transmitted. User code must call eitherhttp2stream.sendTrailers() or http2stream.close() to close theHttp2Stream.

When options.signal is set with an AbortSignal and then abort on the corresponding AbortController is called, the request will emit an 'error'event with an AbortError error.

The :method and :path pseudo-headers are not specified within headers, they respectively default to:

Class: Http2Stream#

Added in: v8.4.0

Each instance of the Http2Stream class represents a bidirectional HTTP/2 communications stream over an Http2Session instance. Any single Http2Sessionmay have up to 231-1 Http2Stream instances over its lifetime.

User code will not construct Http2Stream instances directly. Rather, these are created, managed, and provided to user code through the Http2Sessioninstance. On the server, Http2Stream instances are created either in response to an incoming HTTP request (and handed off to user code via the 'stream'event), or in response to a call to the http2stream.pushStream() method. On the client, Http2Stream instances are created and returned when either thehttp2session.request() method is called, or in response to an incoming'push' event.

The Http2Stream class is a base for the ServerHttp2Stream andClientHttp2Stream classes, each of which is used specifically by either the Server or Client side, respectively.

All Http2Stream instances are Duplex streams. The Writable side of theDuplex is used to send data to the connected peer, while the Readable side is used to receive data sent by the connected peer.

The default text character encoding for an Http2Stream is UTF-8. When using anHttp2Stream to send text, use the 'content-type' header to set the character encoding.

stream.respond({ 'content-type': 'text/html; charset=utf-8', ':status': 200, });

Http2Stream Lifecycle#
Creation#

On the server side, instances of ServerHttp2Stream are created either when:

On the client side, instances of ClientHttp2Stream are created when thehttp2session.request() method is called.

On the client, the Http2Stream instance returned by http2session.request()may not be immediately ready for use if the parent Http2Session has not yet been fully established. In such cases, operations called on the Http2Streamwill be buffered until the 'ready' event is emitted. User code should rarely, if ever, need to handle the 'ready' event directly. The ready status of anHttp2Stream can be determined by checking the value of http2stream.id. If the value is undefined, the stream is not yet ready for use.

Destruction#

All Http2Stream instances are destroyed either when:

When an Http2Stream instance is destroyed, an attempt will be made to send anRST_STREAM frame to the connected peer.

When the Http2Stream instance is destroyed, the 'close' event will be emitted. Because Http2Stream is an instance of stream.Duplex, the'end' event will also be emitted if the stream data is currently flowing. The 'error' event may also be emitted if http2stream.destroy() was called with an Error passed as the first argument.

After the Http2Stream has been destroyed, the http2stream.destroyedproperty will be true and the http2stream.rstCode property will specify theRST_STREAM error code. The Http2Stream instance is no longer usable once destroyed.

Event: 'aborted'#

Added in: v8.4.0

The 'aborted' event is emitted whenever a Http2Stream instance is abnormally aborted in mid-communication. Its listener does not expect any arguments.

The 'aborted' event will only be emitted if the Http2Stream writable side has not been ended.

Event: 'close'#

Added in: v8.4.0

The 'close' event is emitted when the Http2Stream is destroyed. Once this event is emitted, the Http2Stream instance is no longer usable.

The HTTP/2 error code used when closing the stream can be retrieved using the http2stream.rstCode property. If the code is any value other thanNGHTTP2_NO_ERROR (0), an 'error' event will have also been emitted.

Event: 'error'#

Added in: v8.4.0

The 'error' event is emitted when an error occurs during the processing of an Http2Stream.

Event: 'frameError'#

Added in: v8.4.0

The 'frameError' event is emitted when an error occurs while attempting to send a frame. When invoked, the handler function will receive an integer argument identifying the frame type, and an integer argument identifying the error code. The Http2Stream instance will be destroyed immediately after the'frameError' event is emitted.

Event: 'ready'#

Added in: v8.4.0

The 'ready' event is emitted when the Http2Stream has been opened, has been assigned an id, and can be used. The listener does not expect any arguments.

Event: 'timeout'#

Added in: v8.4.0

The 'timeout' event is emitted after no activity is received for thisHttp2Stream within the number of milliseconds set usinghttp2stream.setTimeout(). Its listener does not expect any arguments.

Event: 'trailers'#

Added in: v8.4.0

The 'trailers' event is emitted when a block of headers associated with trailing header fields is received. The listener callback is passed theHTTP/2 Headers Object and flags associated with the headers.

This event might not be emitted if http2stream.end() is called before trailers are received and the incoming data is not being read or listened for.

stream.on('trailers', (headers, flags) => { console.log(headers); });

Event: 'wantTrailers'#

Added in: v10.0.0

The 'wantTrailers' event is emitted when the Http2Stream has queued the final DATA frame to be sent on a frame and the Http2Stream is ready to send trailing headers. When initiating a request or response, the waitForTrailersoption must be set for this event to be emitted.

http2stream.aborted#

Added in: v8.4.0

Set to true if the Http2Stream instance was aborted abnormally. When set, the 'aborted' event will have been emitted.

http2stream.bufferSize#

Added in: v11.2.0, v10.16.0

This property shows the number of characters currently buffered to be written. See net.Socket.bufferSize for details.

http2stream.close(code[, callback])#

Closes the Http2Stream instance by sending an RST_STREAM frame to the connected HTTP/2 peer.

http2stream.closed#

Added in: v9.4.0

Set to true if the Http2Stream instance has been closed.

http2stream.destroyed#

Added in: v8.4.0

Set to true if the Http2Stream instance has been destroyed and is no longer usable.

http2stream.endAfterHeaders#

Added in: v10.11.0

Set to true if the END_STREAM flag was set in the request or response HEADERS frame received, indicating that no additional data should be received and the readable side of the Http2Stream will be closed.

http2stream.id#

Added in: v8.4.0

The numeric stream identifier of this Http2Stream instance. Set to undefinedif the stream identifier has not yet been assigned.

http2stream.pending#

Added in: v9.4.0

Set to true if the Http2Stream instance has not yet been assigned a numeric stream identifier.

http2stream.priority(options)#

Added in: v8.4.0

Updates the priority for this Http2Stream instance.

http2stream.rstCode#

Added in: v8.4.0

Set to the RST_STREAM error code reported when the Http2Stream is destroyed after either receiving an RST_STREAM frame from the connected peer, calling http2stream.close(), or http2stream.destroy(). Will beundefined if the Http2Stream has not been closed.

http2stream.sentHeaders#

Added in: v9.5.0

An object containing the outbound headers sent for this Http2Stream.

http2stream.sentInfoHeaders#

Added in: v9.5.0

An array of objects containing the outbound informational (additional) headers sent for this Http2Stream.

http2stream.sentTrailers#

Added in: v9.5.0

An object containing the outbound trailers sent for this HttpStream.

http2stream.session#

Added in: v8.4.0

A reference to the Http2Session instance that owns this Http2Stream. The value will be undefined after the Http2Stream instance is destroyed.

http2stream.setTimeout(msecs, callback)#

`const http2 = require('node:http2'); const client = http2.connect('http://example.org:8000'); const { NGHTTP2_CANCEL } = http2.constants; const req = client.request({ ':path': '/' });

// Cancel the stream if there's no activity after 5 seconds req.setTimeout(5000, () => req.close(NGHTTP2_CANCEL));`

http2stream.state#

Added in: v8.4.0

Provides miscellaneous information about the current state of theHttp2Stream.

A current state of this Http2Stream.

http2stream.sendTrailers(headers)#

Added in: v10.0.0

Sends a trailing HEADERS frame to the connected HTTP/2 peer. This method will cause the Http2Stream to be immediately closed and must only be called after the 'wantTrailers' event has been emitted. When sending a request or sending a response, the options.waitForTrailers option must be set in order to keep the Http2Stream open after the final DATA frame so that trailers can be sent.

const http2 = require('node:http2'); const server = http2.createServer(); server.on('stream', (stream) => { stream.respond(undefined, { waitForTrailers: true }); stream.on('wantTrailers', () => { stream.sendTrailers({ xyz: 'abc' }); }); stream.end('Hello World'); });

The HTTP/1 specification forbids trailers from containing HTTP/2 pseudo-header fields (e.g. ':method', ':path', etc).

Class: ClientHttp2Stream#

Added in: v8.4.0

The ClientHttp2Stream class is an extension of Http2Stream that is used exclusively on HTTP/2 Clients. Http2Stream instances on the client provide events such as 'response' and 'push' that are only relevant on the client.

Event: 'continue'#

Added in: v8.5.0

Emitted when the server sends a 100 Continue status, usually because the request contained Expect: 100-continue. This is an instruction that the client should send the request body.

Event: 'headers'#

Added in: v8.4.0

The 'headers' event is emitted when an additional block of headers is received for a stream, such as when a block of 1xx informational headers is received. The listener callback is passed the HTTP/2 Headers Object and flags associated with the headers.

stream.on('headers', (headers, flags) => { console.log(headers); });

Event: 'push'#

Added in: v8.4.0

The 'push' event is emitted when response headers for a Server Push stream are received. The listener callback is passed the HTTP/2 Headers Object and flags associated with the headers.

stream.on('push', (headers, flags) => { console.log(headers); });

Event: 'response'#

Added in: v8.4.0

The 'response' event is emitted when a response HEADERS frame has been received for this stream from the connected HTTP/2 server. The listener is invoked with two arguments: an Object containing the receivedHTTP/2 Headers Object, and flags associated with the headers.

const http2 = require('node:http2'); const client = http2.connect('https://localhost'); const req = client.request({ ':path': '/' }); req.on('response', (headers, flags) => { console.log(headers[':status']); });

Class: ServerHttp2Stream#

Added in: v8.4.0

The ServerHttp2Stream class is an extension of Http2Stream that is used exclusively on HTTP/2 Servers. Http2Stream instances on the server provide additional methods such as http2stream.pushStream() andhttp2stream.respond() that are only relevant on the server.

http2stream.additionalHeaders(headers)#

Added in: v8.4.0

Sends an additional informational HEADERS frame to the connected HTTP/2 peer.

http2stream.headersSent#

Added in: v8.4.0

True if headers were sent, false otherwise (read-only).

http2stream.pushAllowed#

Added in: v8.4.0

Read-only property mapped to the SETTINGS_ENABLE_PUSH flag of the remote client's most recent SETTINGS frame. Will be true if the remote peer accepts push streams, false otherwise. Settings are the same for everyHttp2Stream in the same Http2Session.

http2stream.pushStream(headers[, options], callback)#

Initiates a push stream. The callback is invoked with the new Http2Streaminstance created for the push stream passed as the second argument, or anError passed as the first argument.

const http2 = require('node:http2'); const server = http2.createServer(); server.on('stream', (stream) => { stream.respond({ ':status': 200 }); stream.pushStream({ ':path': '/' }, (err, pushStream, headers) => { if (err) throw err; pushStream.respond({ ':status': 200 }); pushStream.end('some pushed data'); }); stream.end('some data'); });

Setting the weight of a push stream is not allowed in the HEADERS frame. Pass a weight value to http2stream.priority with the silent option set totrue to enable server-side bandwidth balancing between concurrent streams.

Calling http2stream.pushStream() from within a pushed stream is not permitted and will throw an error.

http2stream.respond([headers[, options]])#

const http2 = require('node:http2'); const server = http2.createServer(); server.on('stream', (stream) => { stream.respond({ ':status': 200 }); stream.end('some data'); });

Initiates a response. When the options.waitForTrailers option is set, the'wantTrailers' event will be emitted immediately after queuing the last chunk of payload data to be sent. The http2stream.sendTrailers() method can then be used to sent trailing header fields to the peer.

When options.waitForTrailers is set, the Http2Stream will not automatically close when the final DATA frame is transmitted. User code must call eitherhttp2stream.sendTrailers() or http2stream.close() to close theHttp2Stream.

const http2 = require('node:http2'); const server = http2.createServer(); server.on('stream', (stream) => { stream.respond({ ':status': 200 }, { waitForTrailers: true }); stream.on('wantTrailers', () => { stream.sendTrailers({ ABC: 'some value to send' }); }); stream.end('some data'); });

http2stream.respondWithFD(fd[, headers[, options]])#

Initiates a response whose data is read from the given file descriptor. No validation is performed on the given file descriptor. If an error occurs while attempting to read data using the file descriptor, the Http2Stream will be closed using an RST_STREAM frame using the standard INTERNAL_ERROR code.

When used, the Http2Stream object's Duplex interface will be closed automatically.

`const http2 = require('node:http2'); const fs = require('node:fs');

const server = http2.createServer(); server.on('stream', (stream) => { const fd = fs.openSync('/some/file', 'r');

const stat = fs.fstatSync(fd); const headers = { 'content-length': stat.size, 'last-modified': stat.mtime.toUTCString(), 'content-type': 'text/plain; charset=utf-8', }; stream.respondWithFD(fd, headers); stream.on('close', () => fs.closeSync(fd)); });`

The optional options.statCheck function may be specified to give user code an opportunity to set additional content headers based on the fs.Stat details of the given fd. If the statCheck function is provided, thehttp2stream.respondWithFD() method will perform an fs.fstat() call to collect details on the provided file descriptor.

The offset and length options may be used to limit the response to a specific range subset. This can be used, for instance, to support HTTP Range requests.

The file descriptor or FileHandle is not closed when the stream is closed, so it will need to be closed manually once it is no longer needed. Using the same file descriptor concurrently for multiple streams is not supported and may result in data loss. Re-using a file descriptor after a stream has finished is supported.

When the options.waitForTrailers option is set, the 'wantTrailers' event will be emitted immediately after queuing the last chunk of payload data to be sent. The http2stream.sendTrailers() method can then be used to sent trailing header fields to the peer.

When options.waitForTrailers is set, the Http2Stream will not automatically close when the final DATA frame is transmitted. User code must call eitherhttp2stream.sendTrailers() or http2stream.close() to close theHttp2Stream.

`const http2 = require('node:http2'); const fs = require('node:fs');

const server = http2.createServer(); server.on('stream', (stream) => { const fd = fs.openSync('/some/file', 'r');

const stat = fs.fstatSync(fd); const headers = { 'content-length': stat.size, 'last-modified': stat.mtime.toUTCString(), 'content-type': 'text/plain; charset=utf-8', }; stream.respondWithFD(fd, headers, { waitForTrailers: true }); stream.on('wantTrailers', () => { stream.sendTrailers({ ABC: 'some value to send' }); });

stream.on('close', () => fs.closeSync(fd)); });`

http2stream.respondWithFile(path[, headers[, options]])#

Sends a regular file as the response. The path must specify a regular file or an 'error' event will be emitted on the Http2Stream object.

When used, the Http2Stream object's Duplex interface will be closed automatically.

The optional options.statCheck function may be specified to give user code an opportunity to set additional content headers based on the fs.Stat details of the given file:

If an error occurs while attempting to read the file data, the Http2Streamwill be closed using an RST_STREAM frame using the standard INTERNAL_ERRORcode. If the onError callback is defined, then it will be called. Otherwise the stream will be destroyed.

Example using a file path:

`const http2 = require('node:http2'); const server = http2.createServer(); server.on('stream', (stream) => { function statCheck(stat, headers) { headers['last-modified'] = stat.mtime.toUTCString(); }

function onError(err) { // stream.respond() can throw if the stream has been destroyed by // the other side. try { if (err.code === 'ENOENT') { stream.respond({ ':status': 404 }); } else { stream.respond({ ':status': 500 }); } } catch (err) { // Perform actual error handling. console.error(err); } stream.end(); }

stream.respondWithFile('/some/file', { 'content-type': 'text/plain; charset=utf-8' }, { statCheck, onError }); });`

The options.statCheck function may also be used to cancel the send operation by returning false. For instance, a conditional request may check the stat results to determine if the file has been modified to return an appropriate304 response:

const http2 = require('node:http2'); const server = http2.createServer(); server.on('stream', (stream) => { function statCheck(stat, headers) { // Check the stat here... stream.respond({ ':status': 304 }); return false; // Cancel the send operation } stream.respondWithFile('/some/file', { 'content-type': 'text/plain; charset=utf-8' }, { statCheck }); });

The content-length header field will be automatically set.

The offset and length options may be used to limit the response to a specific range subset. This can be used, for instance, to support HTTP Range requests.

The options.onError function may also be used to handle all the errors that could happen before the delivery of the file is initiated. The default behavior is to destroy the stream.

When the options.waitForTrailers option is set, the 'wantTrailers' event will be emitted immediately after queuing the last chunk of payload data to be sent. The http2stream.sendTrailers() method can then be used to sent trailing header fields to the peer.

When options.waitForTrailers is set, the Http2Stream will not automatically close when the final DATA frame is transmitted. User code must call eitherhttp2stream.sendTrailers() or http2stream.close() to close theHttp2Stream.

const http2 = require('node:http2'); const server = http2.createServer(); server.on('stream', (stream) => { stream.respondWithFile('/some/file', { 'content-type': 'text/plain; charset=utf-8' }, { waitForTrailers: true }); stream.on('wantTrailers', () => { stream.sendTrailers({ ABC: 'some value to send' }); }); });

Class: Http2Server#

Added in: v8.4.0

Instances of Http2Server are created using the http2.createServer()function. The Http2Server class is not exported directly by thenode:http2 module.

Event: 'checkContinue'#

Added in: v8.5.0

If a 'request' listener is registered or http2.createServer() is supplied a callback function, the 'checkContinue' event is emitted each time a request with an HTTP Expect: 100-continue is received. If this event is not listened for, the server will automatically respond with a status100 Continue as appropriate.

Handling this event involves calling response.writeContinue() if the client should continue to send the request body, or generating an appropriate HTTP response (e.g. 400 Bad Request) if the client should not continue to send the request body.

When this event is emitted and handled, the 'request' event will not be emitted.

Event: 'connection'#

Added in: v8.4.0

This event is emitted when a new TCP stream is established. socket is typically an object of type net.Socket. Usually users will not want to access this event.

This event can also be explicitly emitted by users to inject connections into the HTTP server. In that case, any Duplex stream can be passed.

Event: 'request'#

Added in: v8.4.0

Emitted each time there is a request. There may be multiple requests per session. See the Compatibility API.

Event: 'session'#

Added in: v8.4.0

The 'session' event is emitted when a new Http2Session is created by theHttp2Server.

Event: 'sessionError'#

Added in: v8.4.0

The 'sessionError' event is emitted when an 'error' event is emitted by an Http2Session object associated with the Http2Server.

Event: 'stream'#

Added in: v8.4.0

The 'stream' event is emitted when a 'stream' event has been emitted by an Http2Session associated with the server.

See also Http2Session's 'stream' event.

`const http2 = require('node:http2'); const { HTTP2_HEADER_METHOD, HTTP2_HEADER_PATH, HTTP2_HEADER_STATUS, HTTP2_HEADER_CONTENT_TYPE, } = http2.constants;

const server = http2.createServer(); server.on('stream', (stream, headers, flags) => { const method = headers[HTTP2_HEADER_METHOD]; const path = headers[HTTP2_HEADER_PATH]; // ... stream.respond({ [HTTP2_HEADER_STATUS]: 200, [HTTP2_HEADER_CONTENT_TYPE]: 'text/plain; charset=utf-8', }); stream.write('hello '); stream.end('world'); });`

Event: 'timeout'#

The 'timeout' event is emitted when there is no activity on the Server for a given number of milliseconds set using http2server.setTimeout().Default: 0 (no timeout)

server.close([callback])#

Added in: v8.4.0

Stops the server from establishing new sessions. This does not prevent new request streams from being created due to the persistent nature of HTTP/2 sessions. To gracefully shut down the server, call http2session.close() on all active sessions.

If callback is provided, it is not invoked until all active sessions have been closed, although the server has already stopped allowing new sessions. Seenet.Server.close() for more details.

server.setTimeout([msecs][, callback])#

Used to set the timeout value for http2 server requests, and sets a callback function that is called when there is no activity on the Http2Server after msecs milliseconds.

The given callback is registered as a listener on the 'timeout' event.

In case if callback is not a function, a new ERR_INVALID_ARG_TYPEerror will be thrown.

server.timeout#

The number of milliseconds of inactivity before a socket is presumed to have timed out.

A value of 0 will disable the timeout behavior on incoming connections.

The socket timeout logic is set up on connection, so changing this value only affects new connections to the server, not any existing connections.

server.updateSettings([settings])#

Added in: v15.1.0, v14.17.0

Used to update the server with the provided settings.

Throws ERR_HTTP2_INVALID_SETTING_VALUE for invalid settings values.

Throws ERR_INVALID_ARG_TYPE for invalid settings argument.

Class: Http2SecureServer#

Added in: v8.4.0

Instances of Http2SecureServer are created using thehttp2.createSecureServer() function. The Http2SecureServer class is not exported directly by the node:http2 module.

Event: 'checkContinue'#

Added in: v8.5.0

If a 'request' listener is registered or http2.createSecureServer()is supplied a callback function, the 'checkContinue' event is emitted each time a request with an HTTP Expect: 100-continue is received. If this event is not listened for, the server will automatically respond with a status100 Continue as appropriate.

Handling this event involves calling response.writeContinue() if the client should continue to send the request body, or generating an appropriate HTTP response (e.g. 400 Bad Request) if the client should not continue to send the request body.

When this event is emitted and handled, the 'request' event will not be emitted.

Event: 'connection'#

Added in: v8.4.0

This event is emitted when a new TCP stream is established, before the TLS handshake begins. socket is typically an object of type net.Socket. Usually users will not want to access this event.

This event can also be explicitly emitted by users to inject connections into the HTTP server. In that case, any Duplex stream can be passed.

Event: 'request'#

Added in: v8.4.0

Emitted each time there is a request. There may be multiple requests per session. See the Compatibility API.

Event: 'session'#

Added in: v8.4.0

The 'session' event is emitted when a new Http2Session is created by theHttp2SecureServer.

Event: 'sessionError'#

Added in: v8.4.0

The 'sessionError' event is emitted when an 'error' event is emitted by an Http2Session object associated with the Http2SecureServer.

Event: 'stream'#

Added in: v8.4.0

The 'stream' event is emitted when a 'stream' event has been emitted by an Http2Session associated with the server.

See also Http2Session's 'stream' event.

`const http2 = require('node:http2'); const { HTTP2_HEADER_METHOD, HTTP2_HEADER_PATH, HTTP2_HEADER_STATUS, HTTP2_HEADER_CONTENT_TYPE, } = http2.constants;

const options = getOptionsSomehow();

const server = http2.createSecureServer(options); server.on('stream', (stream, headers, flags) => { const method = headers[HTTP2_HEADER_METHOD]; const path = headers[HTTP2_HEADER_PATH]; // ... stream.respond({ [HTTP2_HEADER_STATUS]: 200, [HTTP2_HEADER_CONTENT_TYPE]: 'text/plain; charset=utf-8', }); stream.write('hello '); stream.end('world'); });`

Event: 'timeout'#

Added in: v8.4.0

The 'timeout' event is emitted when there is no activity on the Server for a given number of milliseconds set using http2secureServer.setTimeout().Default: 2 minutes.

Event: 'unknownProtocol'#

Added in: v8.4.0

The 'unknownProtocol' event is emitted when a connecting client fails to negotiate an allowed protocol (i.e. HTTP/2 or HTTP/1.1). The event handler receives the socket for handling. If no listener is registered for this event, the connection is terminated. A timeout may be specified using the'unknownProtocolTimeout' option passed to http2.createSecureServer(). See the Compatibility API.

server.close([callback])#

Added in: v8.4.0

Stops the server from establishing new sessions. This does not prevent new request streams from being created due to the persistent nature of HTTP/2 sessions. To gracefully shut down the server, call http2session.close() on all active sessions.

If callback is provided, it is not invoked until all active sessions have been closed, although the server has already stopped allowing new sessions. Seetls.Server.close() for more details.

server.setTimeout([msecs][, callback])#

Used to set the timeout value for http2 secure server requests, and sets a callback function that is called when there is no activity on the Http2SecureServer after msecs milliseconds.

The given callback is registered as a listener on the 'timeout' event.

In case if callback is not a function, a new ERR_INVALID_ARG_TYPEerror will be thrown.

server.timeout#

The number of milliseconds of inactivity before a socket is presumed to have timed out.

A value of 0 will disable the timeout behavior on incoming connections.

The socket timeout logic is set up on connection, so changing this value only affects new connections to the server, not any existing connections.

server.updateSettings([settings])#

Added in: v15.1.0, v14.17.0

Used to update the server with the provided settings.

Throws ERR_HTTP2_INVALID_SETTING_VALUE for invalid settings values.

Throws ERR_INVALID_ARG_TYPE for invalid settings argument.

http2.createServer([options][, onRequestHandler])#

Returns a net.Server instance that creates and manages Http2Sessioninstances.

Since there are no browsers known that supportunencrypted HTTP/2, the use ofhttp2.createSecureServer() is necessary when communicating with browser clients.

`` const http2 = require('node:http2');

// Create an unencrypted HTTP/2 server. // Since there are no browsers known that support // unencrypted HTTP/2, the use of http2.createSecureServer() // is necessary when communicating with browser clients. const server = http2.createServer();

server.on('stream', (stream, headers) => { stream.respond({ 'content-type': 'text/html; charset=utf-8', ':status': 200, }); stream.end('

Hello World

'); });

server.listen(8000); ``

http2.createSecureServer(options[, onRequestHandler])#

Returns a tls.Server instance that creates and manages Http2Sessioninstances.

`const http2 = require('node:http2'); const fs = require('node:fs');

const options = { key: fs.readFileSync('server-key.pem'), cert: fs.readFileSync('server-cert.pem'), };

// Create a secure HTTP/2 server const server = http2.createSecureServer(options);

server.on('stream', (stream, headers) => { stream.respond({ 'content-type': 'text/html; charset=utf-8', ':status': 200, }); stream.end('

Hello World

'); });

server.listen(8443);`

http2.connect(authority[, options][, listener])

Returns a ClientHttp2Session instance.

`const http2 = require('node:http2'); const client = http2.connect('https://localhost:1234');

/* Use the client */

client.close();`

http2.constants#

Added in: v8.4.0

Error codes for RST_STREAM and GOAWAY#
Value Name Constant
0x00 No Error http2.constants.NGHTTP2_NO_ERROR
0x01 Protocol Error http2.constants.NGHTTP2_PROTOCOL_ERROR
0x02 Internal Error http2.constants.NGHTTP2_INTERNAL_ERROR
0x03 Flow Control Error http2.constants.NGHTTP2_FLOW_CONTROL_ERROR
0x04 Settings Timeout http2.constants.NGHTTP2_SETTINGS_TIMEOUT
0x05 Stream Closed http2.constants.NGHTTP2_STREAM_CLOSED
0x06 Frame Size Error http2.constants.NGHTTP2_FRAME_SIZE_ERROR
0x07 Refused Stream http2.constants.NGHTTP2_REFUSED_STREAM
0x08 Cancel http2.constants.NGHTTP2_CANCEL
0x09 Compression Error http2.constants.NGHTTP2_COMPRESSION_ERROR
0x0a Connect Error http2.constants.NGHTTP2_CONNECT_ERROR
0x0b Enhance Your Calm http2.constants.NGHTTP2_ENHANCE_YOUR_CALM
0x0c Inadequate Security http2.constants.NGHTTP2_INADEQUATE_SECURITY
0x0d HTTP/1.1 Required http2.constants.NGHTTP2_HTTP_1_1_REQUIRED

The 'timeout' event is emitted when there is no activity on the Server for a given number of milliseconds set using http2server.setTimeout().

http2.getDefaultSettings()#

Added in: v8.4.0

Returns an object containing the default settings for an Http2Sessioninstance. This method returns a new object instance every time it is called so instances returned may be safely modified for use.

http2.getPackedSettings([settings])#

Added in: v8.4.0

Returns a Buffer instance containing serialized representation of the given HTTP/2 settings as specified in the HTTP/2 specification. This is intended for use with the HTTP2-Settings header field.

`const http2 = require('node:http2');

const packed = http2.getPackedSettings({ enablePush: false });

console.log(packed.toString('base64')); // Prints: AAIAAAAA`

http2.getUnpackedSettings(buf)#

Added in: v8.4.0

Returns a HTTP/2 Settings Object containing the deserialized settings from the given Buffer as generated by http2.getPackedSettings().

http2.sensitiveHeaders#

Added in: v15.0.0, v14.18.0

This symbol can be set as a property on the HTTP/2 headers object with an array value in order to provide a list of headers considered sensitive. See Sensitive headers for more details.

Headers object#

Headers are represented as own-properties on JavaScript objects. The property keys will be serialized to lower-case. Property values should be strings (if they are not they will be coerced to strings) or an Array of strings (in order to send more than one value per header field).

`const headers = { ':status': '200', 'content-type': 'text-plain', 'ABC': ['has', 'more', 'than', 'one', 'value'], };

stream.respond(headers);`

Header objects passed to callback functions will have a null prototype. This means that normal JavaScript object methods such asObject.prototype.toString() and Object.prototype.hasOwnProperty() will not work.

For incoming headers:

const http2 = require('node:http2'); const server = http2.createServer(); server.on('stream', (stream, headers) => { console.log(headers[':path']); console.log(headers.ABC); });

Sensitive headers#

HTTP2 headers can be marked as sensitive, which means that the HTTP/2 header compression algorithm will never index them. This can make sense for header values with low entropy and that may be considered valuable to an attacker, for example Cookie or Authorization. To achieve this, add the header name to the [http2.sensitiveHeaders] property as an array:

`const headers = { ':status': '200', 'content-type': 'text-plain', 'cookie': 'some-cookie', 'other-sensitive-header': 'very secret data', [http2.sensitiveHeaders]: ['cookie', 'other-sensitive-header'], };

stream.respond(headers);`

For some headers, such as Authorization and short Cookie headers, this flag is set automatically.

This property is also set for received headers. It will contain the names of all headers marked as sensitive, including ones marked that way automatically.

Settings object#

The http2.getDefaultSettings(), http2.getPackedSettings(),http2.createServer(), http2.createSecureServer(),http2session.settings(), http2session.localSettings, andhttp2session.remoteSettings APIs either return or receive as input an object that defines configuration settings for an Http2Session object. These objects are ordinary JavaScript objects containing the following properties.

All additional properties on the settings object are ignored.

Error handling#

There are several types of error conditions that may arise when using thenode:http2 module:

Validation errors occur when an incorrect argument, option, or setting value is passed in. These will always be reported by a synchronous throw.

State errors occur when an action is attempted at an incorrect time (for instance, attempting to send data on a stream after it has closed). These will be reported using either a synchronous throw or via an 'error' event on the Http2Stream, Http2Session or HTTP/2 Server objects, depending on where and when the error occurs.

Internal errors occur when an HTTP/2 session fails unexpectedly. These will be reported via an 'error' event on the Http2Session or HTTP/2 Server objects.

Protocol errors occur when various HTTP/2 protocol constraints are violated. These will be reported using either a synchronous throw or via an 'error'event on the Http2Stream, Http2Session or HTTP/2 Server objects, depending on where and when the error occurs.

Invalid character handling in header names and values#

The HTTP/2 implementation applies stricter handling of invalid characters in HTTP header names and values than the HTTP/1 implementation.

Header field names are case-insensitive and are transmitted over the wire strictly as lower-case strings. The API provided by Node.js allows header names to be set as mixed-case strings (e.g. Content-Type) but will convert those to lower-case (e.g. content-type) upon transmission.

Header field-names must only contain one or more of the following ASCII characters: a-z, A-Z, 0-9, !, #, $, %, &, ', *, +,-, ., ^, _, ` (backtick), |, and ~.

Using invalid characters within an HTTP header field name will cause the stream to be closed with a protocol error being reported.

Header field values are handled with more leniency but should not contain new-line or carriage return characters and should be limited to US-ASCII characters, per the requirements of the HTTP specification.

Push streams on the client#

To receive pushed streams on the client, set a listener for the 'stream'event on the ClientHttp2Session:

`const http2 = require('node:http2');

const client = http2.connect('http://localhost');

client.on('stream', (pushedStream, requestHeaders) => { pushedStream.on('push', (responseHeaders) => { // Process response headers }); pushedStream.on('data', (chunk) => { /* handle pushed data */ }); });

const req = client.request({ ':path': '/' });`

Supporting the CONNECT method#

The CONNECT method is used to allow an HTTP/2 server to be used as a proxy for TCP/IP connections.

A simple TCP Server:

`` const net = require('node:net');

const server = net.createServer((socket) => { let name = ''; socket.setEncoding('utf8'); socket.on('data', (chunk) => name += chunk); socket.on('end', () => socket.end(hello ${name})); });

server.listen(8000); ``

An HTTP/2 CONNECT proxy:

`` const http2 = require('node:http2'); const { NGHTTP2_REFUSED_STREAM } = http2.constants; const net = require('node:net');

const proxy = http2.createServer(); proxy.on('stream', (stream, headers) => { if (headers[':method'] !== 'CONNECT') { // Only accept CONNECT requests stream.close(NGHTTP2_REFUSED_STREAM); return; } const auth = new URL(tcp://${headers[':authority']}); // It's a very good idea to verify that hostname and port are // things this proxy should be connecting to. const socket = net.connect(auth.port, auth.hostname, () => { stream.respond(); socket.pipe(stream); stream.pipe(socket); }); socket.on('error', (error) => { stream.close(http2.constants.NGHTTP2_CONNECT_ERROR); }); });

proxy.listen(8001); ``

An HTTP/2 CONNECT client:

`` const http2 = require('node:http2');

const client = http2.connect('http://localhost:8001');

// Must not specify the ':path' and ':scheme' headers // for CONNECT requests or an error will be thrown. const req = client.request({ ':method': 'CONNECT', ':authority': 'localhost:8000', });

req.on('response', (headers) => { console.log(headers[http2.constants.HTTP2_HEADER_STATUS]); }); let data = ''; req.setEncoding('utf8'); req.on('data', (chunk) => data += chunk); req.on('end', () => { console.log(The server says: ${data}); client.close(); }); req.end('Jane'); ``

The extended CONNECT protocol#

RFC 8441 defines an "Extended CONNECT Protocol" extension to HTTP/2 that may be used to bootstrap the use of an Http2Stream using the CONNECTmethod as a tunnel for other communication protocols (such as WebSockets).

The use of the Extended CONNECT Protocol is enabled by HTTP/2 servers by using the enableConnectProtocol setting:

const http2 = require('node:http2'); const settings = { enableConnectProtocol: true }; const server = http2.createServer({ settings });

Once the client receives the SETTINGS frame from the server indicating that the extended CONNECT may be used, it may send CONNECT requests that use the':protocol' HTTP/2 pseudo-header:

const http2 = require('node:http2'); const client = http2.connect('http://localhost:8080'); client.on('remoteSettings', (settings) => { if (settings.enableConnectProtocol) { const req = client.request({ ':method': 'CONNECT', ':protocol': 'foo' }); // ... } });

Compatibility API#

The Compatibility API has the goal of providing a similar developer experience of HTTP/1 when using HTTP/2, making it possible to develop applications that support both HTTP/1 and HTTP/2. This API targets only thepublic API of the HTTP/1. However many modules use internal methods or state, and those are not supported as it is a completely different implementation.

The following example creates an HTTP/2 server using the compatibility API:

const http2 = require('node:http2'); const server = http2.createServer((req, res) => { res.setHeader('Content-Type', 'text/html'); res.setHeader('X-Foo', 'bar'); res.writeHead(200, { 'Content-Type': 'text/plain; charset=utf-8' }); res.end('ok'); });

In order to create a mixed HTTPS and HTTP/2 server, refer to theALPN negotiation section. Upgrading from non-tls HTTP/1 servers is not supported.

The HTTP/2 compatibility API is composed of Http2ServerRequest andHttp2ServerResponse. They aim at API compatibility with HTTP/1, but they do not hide the differences between the protocols. As an example, the status message for HTTP codes is ignored.

ALPN negotiation#

ALPN negotiation allows supporting both HTTPS and HTTP/2 over the same socket. The req and res objects can be either HTTP/1 or HTTP/2, and an application must restrict itself to the public API ofHTTP/1, and detect if it is possible to use the more advanced features of HTTP/2.

The following example creates a server that supports both protocols:

`const { createSecureServer } = require('node:http2'); const { readFileSync } = require('node:fs');

const cert = readFileSync('./cert.pem'); const key = readFileSync('./key.pem');

const server = createSecureServer( { cert, key, allowHTTP1: true }, onRequest, ).listen(4443);

function onRequest(req, res) { // Detects if it is a HTTPS request or HTTP/2 const { socket: { alpnProtocol } } = req.httpVersion === '2.0' ? req.stream.session : req; res.writeHead(200, { 'content-type': 'application/json' }); res.end(JSON.stringify({ alpnProtocol, httpVersion: req.httpVersion, })); }`

The 'request' event works identically on both HTTPS and HTTP/2.

Class: http2.Http2ServerRequest#

Added in: v8.4.0

A Http2ServerRequest object is created by http2.Server orhttp2.SecureServer and passed as the first argument to the'request' event. It may be used to access a request status, headers, and data.

Event: 'aborted'#

Added in: v8.4.0

The 'aborted' event is emitted whenever a Http2ServerRequest instance is abnormally aborted in mid-communication.

The 'aborted' event will only be emitted if the Http2ServerRequest writable side has not been ended.

Event: 'close'#

Added in: v8.4.0

Indicates that the underlying Http2Stream was closed. Just like 'end', this event occurs only once per response.

request.aborted#

Added in: v10.1.0

The request.aborted property will be true if the request has been aborted.

request.authority#

Added in: v8.4.0

The request authority pseudo header field. Because HTTP/2 allows requests to set either :authority or host, this value is derived fromreq.headers[':authority'] if present. Otherwise, it is derived fromreq.headers['host'].

request.complete#

Added in: v12.10.0

The request.complete property will be true if the request has been completed, aborted, or destroyed.

request.connection#

Added in: v8.4.0Deprecated since: v13.0.0

See request.socket.

request.destroy([error])#

Added in: v8.4.0

Calls destroy() on the Http2Stream that received the Http2ServerRequest. If error is provided, an 'error' event is emitted and error is passed as an argument to any listeners on the event.

It does nothing if the stream was already destroyed.

request.headers#

Added in: v8.4.0

The request/response headers object.

Key-value pairs of header names and values. Header names are lower-cased.

// Prints something like: // // { 'user-agent': 'curl/7.22.0', // host: '127.0.0.1:8000', // accept: '*/*' } console.log(request.headers);

See HTTP/2 Headers Object.

In HTTP/2, the request path, host name, protocol, and method are represented as special headers prefixed with the : character (e.g. ':path'). These special headers will be included in the request.headers object. Care must be taken not to inadvertently modify these special headers or errors may occur. For instance, removing all headers from the request will cause errors to occur:

removeAllHeaders(request.headers); assert(request.url); // Fails because the :path header has been removed

request.httpVersion#

Added in: v8.4.0

In case of server request, the HTTP version sent by the client. In the case of client response, the HTTP version of the connected-to server. Returns'2.0'.

Also message.httpVersionMajor is the first integer andmessage.httpVersionMinor is the second.

request.method#

Added in: v8.4.0

The request method as a string. Read-only. Examples: 'GET', 'DELETE'.

request.rawHeaders#

Added in: v8.4.0

The raw request/response headers list exactly as they were received.

The keys and values are in the same list. It is not a list of tuples. So, the even-numbered offsets are key values, and the odd-numbered offsets are the associated values.

Header names are not lowercased, and duplicates are not merged.

// Prints something like: // // [ 'user-agent', // 'this is invalid because there can be only one', // 'User-Agent', // 'curl/7.22.0', // 'Host', // '127.0.0.1:8000', // 'ACCEPT', // '*/*' ] console.log(request.rawHeaders);

request.rawTrailers#

Added in: v8.4.0

The raw request/response trailer keys and values exactly as they were received. Only populated at the 'end' event.

request.scheme#

Added in: v8.4.0

The request scheme pseudo header field indicating the scheme portion of the target URL.

request.setTimeout(msecs, callback)#

Added in: v8.4.0

Sets the Http2Stream's timeout value to msecs. If a callback is provided, then it is added as a listener on the 'timeout' event on the response object.

If no 'timeout' listener is added to the request, the response, or the server, then Http2Streams are destroyed when they time out. If a handler is assigned to the request, the response, or the server's 'timeout'events, timed out sockets must be handled explicitly.

request.socket#

Added in: v8.4.0

Returns a Proxy object that acts as a net.Socket (or tls.TLSSocket) but applies getters, setters, and methods based on HTTP/2 logic.

destroyed, readable, and writable properties will be retrieved from and set on request.stream.

destroy, emit, end, on and once methods will be called onrequest.stream.

setTimeout method will be called on request.stream.session.

pause, read, resume, and write will throw an error with codeERR_HTTP2_NO_SOCKET_MANIPULATION. See Http2Session and Sockets for more information.

All other interactions will be routed directly to the socket. With TLS support, use request.socket.getPeerCertificate() to obtain the client's authentication details.

request.stream#

Added in: v8.4.0

The Http2Stream object backing the request.

request.trailers#

Added in: v8.4.0

The request/response trailers object. Only populated at the 'end' event.

request.url#

Added in: v8.4.0

Request URL string. This contains only the URL that is present in the actual HTTP request. If the request is:

GET /status?name=ryan HTTP/1.1 Accept: text/plain

Then request.url will be:

'/status?name=ryan'

To parse the url into its parts, new URL() can be used:

`$ node

new URL('/status?name=ryan', 'http://example.com') URL { href: 'http://example.com/status?name=ryan', origin: 'http://example.com', protocol: 'http:', username: '', password: '', host: 'example.com', hostname: 'example.com', port: '', pathname: '/status', search: '?name=ryan', searchParams: URLSearchParams { 'name' => 'ryan' }, hash: '' }`

Class: http2.Http2ServerResponse#

Added in: v8.4.0

This object is created internally by an HTTP server, not by the user. It is passed as the second parameter to the 'request' event.

Event: 'close'#

Added in: v8.4.0

Indicates that the underlying Http2Stream was terminated beforeresponse.end() was called or able to flush.

Event: 'finish'#

Added in: v8.4.0

Emitted when the response has been sent. More specifically, this event is emitted when the last segment of the response headers and body have been handed off to the HTTP/2 multiplexing for transmission over the network. It does not imply that the client has received anything yet.

After this event, no more events will be emitted on the response object.

response.addTrailers(headers)#

Added in: v8.4.0

This method adds HTTP trailing headers (a header but at the end of the message) to the response.

Attempting to set a header field name or value that contains invalid characters will result in a TypeError being thrown.

response.connection#

Added in: v8.4.0Deprecated since: v13.0.0

See response.socket.

response.createPushResponse(headers, callback)#

Call http2stream.pushStream() with the given headers, and wrap the given Http2Stream on a newly created Http2ServerResponse as the callback parameter if successful. When Http2ServerRequest is closed, the callback is called with an error ERR_HTTP2_INVALID_STREAM.

response.end([data[, encoding]][, callback])#

This method signals to the server that all of the response headers and body have been sent; that server should consider this message complete. The method, response.end(), MUST be called on each response.

If data is specified, it is equivalent to callingresponse.write(data, encoding) followed by response.end(callback).

If callback is specified, it will be called when the response stream is finished.

response.finished#

Added in: v8.4.0Deprecated since: v13.4.0, v12.16.0

Boolean value that indicates whether the response has completed. Starts as false. After response.end() executes, the value will be true.

response.getHeader(name)#

Added in: v8.4.0

Reads out a header that has already been queued but not sent to the client. The name is case-insensitive.

const contentType = response.getHeader('content-type');

response.getHeaderNames()#

Added in: v8.4.0

Returns an array containing the unique names of the current outgoing headers. All header names are lowercase.

`response.setHeader('Foo', 'bar'); response.setHeader('Set-Cookie', ['foo=bar', 'bar=baz']);

const headerNames = response.getHeaderNames(); // headerNames === ['foo', 'set-cookie']`

response.getHeaders()#

Added in: v8.4.0

Returns a shallow copy of the current outgoing headers. Since a shallow copy is used, array values may be mutated without additional calls to various header-related http module methods. The keys of the returned object are the header names and the values are the respective header values. All header names are lowercase.

The object returned by the response.getHeaders() method _does not_prototypically inherit from the JavaScript Object. This means that typicalObject methods such as obj.toString(), obj.hasOwnProperty(), and others are not defined and will not work.

`response.setHeader('Foo', 'bar'); response.setHeader('Set-Cookie', ['foo=bar', 'bar=baz']);

const headers = response.getHeaders(); // headers === { foo: 'bar', 'set-cookie': ['foo=bar', 'bar=baz'] }`

response.hasHeader(name)#

Added in: v8.4.0

Returns true if the header identified by name is currently set in the outgoing headers. The header name matching is case-insensitive.

const hasContentType = response.hasHeader('content-type');

response.headersSent#

Added in: v8.4.0

True if headers were sent, false otherwise (read-only).

response.removeHeader(name)#

Added in: v8.4.0

Removes a header that has been queued for implicit sending.

response.removeHeader('Content-Encoding');

response.req#

Added in: v15.7.0

A reference to the original HTTP2 request object.

response.sendDate#

Added in: v8.4.0

When true, the Date header will be automatically generated and sent in the response if it is not already present in the headers. Defaults to true.

This should only be disabled for testing; HTTP requires the Date header in responses.

response.setHeader(name, value)#

Added in: v8.4.0

Sets a single header value for implicit headers. If this header already exists in the to-be-sent headers, its value will be replaced. Use an array of strings here to send multiple headers with the same name.

response.setHeader('Content-Type', 'text/html; charset=utf-8');

or

response.setHeader('Set-Cookie', ['type=ninja', 'language=javascript']);

Attempting to set a header field name or value that contains invalid characters will result in a TypeError being thrown.

When headers have been set with response.setHeader(), they will be merged with any headers passed to response.writeHead(), with the headers passed to response.writeHead() given precedence.

// Returns content-type = text/plain const server = http2.createServer((req, res) => { res.setHeader('Content-Type', 'text/html; charset=utf-8'); res.setHeader('X-Foo', 'bar'); res.writeHead(200, { 'Content-Type': 'text/plain; charset=utf-8' }); res.end('ok'); });

response.setTimeout(msecs[, callback])#

Added in: v8.4.0

Sets the Http2Stream's timeout value to msecs. If a callback is provided, then it is added as a listener on the 'timeout' event on the response object.

If no 'timeout' listener is added to the request, the response, or the server, then Http2Streams are destroyed when they time out. If a handler is assigned to the request, the response, or the server's 'timeout'events, timed out sockets must be handled explicitly.

response.socket#

Added in: v8.4.0

Returns a Proxy object that acts as a net.Socket (or tls.TLSSocket) but applies getters, setters, and methods based on HTTP/2 logic.

destroyed, readable, and writable properties will be retrieved from and set on response.stream.

destroy, emit, end, on and once methods will be called onresponse.stream.

setTimeout method will be called on response.stream.session.

pause, read, resume, and write will throw an error with codeERR_HTTP2_NO_SOCKET_MANIPULATION. See Http2Session and Sockets for more information.

All other interactions will be routed directly to the socket.

const http2 = require('node:http2'); const server = http2.createServer((req, res) => { const ip = req.socket.remoteAddress; const port = req.socket.remotePort; res.end(`Your IP address is <span class="katex"><span class="katex-mathml"><math xmlns="http://www.w3.org/1998/Math/MathML"><semantics><mrow><mrow><mi>i</mi><mi>p</mi></mrow><mi>a</mi><mi>n</mi><mi>d</mi><mi>y</mi><mi>o</mi><mi>u</mi><mi>r</mi><mi>s</mi><mi>o</mi><mi>u</mi><mi>r</mi><mi>c</mi><mi>e</mi><mi>p</mi><mi>o</mi><mi>r</mi><mi>t</mi><mi>i</mi><mi>s</mi></mrow><annotation encoding="application/x-tex">{ip} and your source port is </annotation></semantics></math></span><span class="katex-html" aria-hidden="true"><span class="base"><span class="strut" style="height:0.8889em;vertical-align:-0.1944em;"></span><span class="mord"><span class="mord mathnormal">i</span><span class="mord mathnormal">p</span></span><span class="mord mathnormal">an</span><span class="mord mathnormal">d</span><span class="mord mathnormal">yo</span><span class="mord mathnormal">u</span><span class="mord mathnormal">rso</span><span class="mord mathnormal">u</span><span class="mord mathnormal">rce</span><span class="mord mathnormal">p</span><span class="mord mathnormal" style="margin-right:0.02778em;">or</span><span class="mord mathnormal">t</span><span class="mord mathnormal">i</span><span class="mord mathnormal">s</span></span></span></span>{port}.`); }).listen(3000);

response.statusCode#

Added in: v8.4.0

When using implicit headers (not calling response.writeHead() explicitly), this property controls the status code that will be sent to the client when the headers get flushed.

response.statusCode = 404;

After response header was sent to the client, this property indicates the status code which was sent out.

response.statusMessage#

Added in: v8.4.0

Status message is not supported by HTTP/2 (RFC 7540 8.1.2.4). It returns an empty string.

response.stream#

Added in: v8.4.0

The Http2Stream object backing the response.

response.writableEnded#

Added in: v12.9.0

Is true after response.end() has been called. This property does not indicate whether the data has been flushed, for this usewritable.writableFinished instead.

response.write(chunk[, encoding][, callback])#

Added in: v8.4.0

If this method is called and response.writeHead() has not been called, it will switch to implicit header mode and flush the implicit headers.

This sends a chunk of the response body. This method may be called multiple times to provide successive parts of the body.

In the node:http module, the response body is omitted when the request is a HEAD request. Similarly, the 204 and 304 responses_must not_ include a message body.

chunk can be a string or a buffer. If chunk is a string, the second parameter specifies how to encode it into a byte stream. By default the encoding is 'utf8'. callback will be called when this chunk of data is flushed.

This is the raw HTTP body and has nothing to do with higher-level multi-part body encodings that may be used.

The first time response.write() is called, it will send the buffered header information and the first chunk of the body to the client. The second time response.write() is called, Node.js assumes data will be streamed, and sends the new data separately. That is, the response is buffered up to the first chunk of the body.

Returns true if the entire data was flushed successfully to the kernel buffer. Returns false if all or part of the data was queued in user memory.'drain' will be emitted when the buffer is free again.

response.writeContinue()#

Added in: v8.4.0

Sends a status 100 Continue to the client, indicating that the request body should be sent. See the 'checkContinue' event on Http2Server andHttp2SecureServer.

response.writeEarlyHints(hints)#

Added in: v18.11.0

Sends a status 103 Early Hints to the client with a Link header, indicating that the user agent can preload/preconnect the linked resources. The hints is an object containing the values of headers to be sent with early hints message.

Example

`const earlyHintsLink = '</styles.css>; rel=preload; as=style'; response.writeEarlyHints({ 'link': earlyHintsLink, });

const earlyHintsLinks = [ '</styles.css>; rel=preload; as=style', '</scripts.js>; rel=preload; as=script', ]; response.writeEarlyHints({ 'link': earlyHintsLinks, });`

response.writeHead(statusCode[, statusMessage][, headers])#

Sends a response header to the request. The status code is a 3-digit HTTP status code, like 404. The last argument, headers, are the response headers.

Returns a reference to the Http2ServerResponse, so that calls can be chained.

For compatibility with HTTP/1, a human-readable statusMessage may be passed as the second argument. However, because the statusMessage has no meaning within HTTP/2, the argument will have no effect and a process warning will be emitted.

const body = 'hello world'; response.writeHead(200, { 'Content-Length': Buffer.byteLength(body), 'Content-Type': 'text/plain; charset=utf-8', });

Content-Length is given in bytes not characters. TheBuffer.byteLength() API may be used to determine the number of bytes in a given encoding. On outbound messages, Node.js does not check if Content-Length and the length of the body being transmitted are equal or not. However, when receiving messages, Node.js will automatically reject messages when theContent-Length does not match the actual payload size.

This method may be called at most one time on a message beforeresponse.end() is called.

If response.write() or response.end() are called before calling this, the implicit/mutable headers will be calculated and call this function.

When headers have been set with response.setHeader(), they will be merged with any headers passed to response.writeHead(), with the headers passed to response.writeHead() given precedence.

// Returns content-type = text/plain const server = http2.createServer((req, res) => { res.setHeader('Content-Type', 'text/html; charset=utf-8'); res.setHeader('X-Foo', 'bar'); res.writeHead(200, { 'Content-Type': 'text/plain; charset=utf-8' }); res.end('ok'); });

Attempting to set a header field name or value that contains invalid characters will result in a TypeError being thrown.

Collecting HTTP/2 performance metrics#

The Performance Observer API can be used to collect basic performance metrics for each Http2Session and Http2Stream instance.

`const { PerformanceObserver } = require('node:perf_hooks');

const obs = new PerformanceObserver((items) => { const entry = items.getEntries()[0]; console.log(entry.entryType); // prints 'http2' if (entry.name === 'Http2Session') { // Entry contains statistics about the Http2Session } else if (entry.name === 'Http2Stream') { // Entry contains statistics about the Http2Stream } }); obs.observe({ entryTypes: ['http2'] });`

The entryType property of the PerformanceEntry will be equal to 'http2'.

The name property of the PerformanceEntry will be equal to either'Http2Stream' or 'Http2Session'.

If name is equal to Http2Stream, the PerformanceEntry will contain the following additional properties:

If name is equal to Http2Session, the PerformanceEntry will contain the following additional properties:

Note on :authority and host#

HTTP/2 requires requests to have either the :authority pseudo-header or the host header. Prefer :authority when constructing an HTTP/2 request directly, and host when converting from HTTP/1 (in proxies, for instance).

The compatibility API falls back to host if :authority is not present. See request.authority for more information. However, if you don't use the compatibility API (or use req.headers directly), you need to implement any fall-back behavior yourself.