Problem with insecureHttpHeader Node.js v16

[BrunoMBento]

Hi! First of all thank you for this great lib!

I've been using webdav client for a few months and recently I am getting this error while trying to send a CustomRequest:

ERROR Error: Parse Error: Missing expected CR after header value

Mon, Jul 25 2022 5:41:05 pm | at TLSSocket.socketOnData (node:_http_client:494:22)
Mon, Jul 25 2022 5:41:05 pm | at TLSSocket.emit (node:events:527:28)
Mon, Jul 25 2022 5:41:05 pm | at addChunk (node:internal/streams/readable:315:12)
Mon, Jul 25 2022 5:41:05 pm | at readableAddChunk (node:internal/streams/readable:289:9)
Mon, Jul 25 2022 5:41:05 pm | at TLSSocket.Readable.push (node:internal/streams/readable:228:10)
Mon, Jul 25 2022 5:41:05 pm | at TLSWrap.onStreamRead (node:internal/stream_base_commons:190:23)

I've made some research and found this:

https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/

Nodes 14, 16 and 18 were updated to solve this vulnerability. The problem is the server i connect is probably responding with a header considered vulnerable.

While using native http Node client, now it's possible to use the insecureHttpParser option to make requests and bypass this problem.

Could webdav client add this option to?

Best regards!

[perry-mitchell]

Hi @BrunoMBento - Yes I would allow such an option to be added to the configuration of the client. I'd accept a PR for this. The default should obviously be undefined, following the default value of other libraries (and axios for that matter, as we use it here).

[perry-mitchell]

In the mean time you could just pass --insecure-http-parser to your node app, which would negate the need for this.