-
-
Notifications
You must be signed in to change notification settings - Fork 139
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problem with insecureHttpHeader Node.js v16 #310
Comments
Hi @BrunoMBento - Yes I would allow such an option to be added to the configuration of the client. I'd accept a PR for this. The default should obviously be |
In the mean time you could just pass |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi! First of all thank you for this great lib!
I've been using webdav client for a few months and recently I am getting this error while trying to send a CustomRequest:
ERROR Error: Parse Error: Missing expected CR after header value
Mon, Jul 25 2022 5:41:05 pm | at TLSSocket.socketOnData (node:_http_client:494:22)
Mon, Jul 25 2022 5:41:05 pm | at TLSSocket.emit (node:events:527:28)
Mon, Jul 25 2022 5:41:05 pm | at addChunk (node:internal/streams/readable:315:12)
Mon, Jul 25 2022 5:41:05 pm | at readableAddChunk (node:internal/streams/readable:289:9)
Mon, Jul 25 2022 5:41:05 pm | at TLSSocket.Readable.push (node:internal/streams/readable:228:10)
Mon, Jul 25 2022 5:41:05 pm | at TLSWrap.onStreamRead (node:internal/stream_base_commons:190:23)
I've made some research and found this:
https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
Nodes 14, 16 and 18 were updated to solve this vulnerability. The problem is the server i connect is probably responding with a header considered vulnerable.
While using native http Node client, now it's possible to use the insecureHttpParser option to make requests and bypass this problem.
Could webdav client add this option to?
Best regards!
The text was updated successfully, but these errors were encountered: