From fdad2fa66e77739583591f9991360a87532cb3c7 Mon Sep 17 00:00:00 2001 From: islandryu Date: Sun, 29 Dec 2024 13:41:34 +0900 Subject: [PATCH] http2: omit server name when HTTP2 host is IP address Fixes: https://github.com/nodejs/node/issues/56189 PR-URL: https://github.com/nodejs/node/pull/56530 Reviewed-By: Matteo Collina Reviewed-By: Yongsheng Zhang Reviewed-By: Luigi Pinca --- lib/internal/http2/core.js | 24 ++++++---- test/parallel/test-http2-ip-address-host.js | 53 +++++++++++++++++++++ 2 files changed, 68 insertions(+), 9 deletions(-) create mode 100644 test/parallel/test-http2-ip-address-host.js diff --git a/lib/internal/http2/core.js b/lib/internal/http2/core.js index b41e1baee24644..4f2392c9829cc3 100644 --- a/lib/internal/http2/core.js +++ b/lib/internal/http2/core.js @@ -636,15 +636,21 @@ function initOriginSet(session) { if (originSet === undefined) { const socket = session[kSocket]; session[kState].originSet = originSet = new SafeSet(); - if (socket.servername != null) { - let originString = `https://${socket.servername}`; - if (socket.remotePort != null) - originString += `:${socket.remotePort}`; - // We have to ensure that it is a properly serialized - // ASCII origin string. The socket.servername might not - // be properly ASCII encoded. - originSet.add(getURLOrigin(originString)); + let hostName = socket.servername; + if (hostName === null || hostName === false) { + if (socket.remoteFamily === 'IPv6') { + hostName = `[${socket.remoteAddress}]`; + } else { + hostName = socket.remoteAddress; + } } + let originString = `https://${hostName}`; + if (socket.remotePort != null) + originString += `:${socket.remotePort}`; + // We have to ensure that it is a properly serialized + // ASCII origin string. The socket.servername might not + // be properly ASCII encoded. + originSet.add(getURLOrigin(originString)); } return originSet; } @@ -3333,7 +3339,7 @@ function connect(authority, options, listener) { socket = net.connect({ port, host, ...options }); break; case 'https:': - socket = tls.connect(port, host, initializeTLSOptions(options, host)); + socket = tls.connect(port, host, initializeTLSOptions(options, net.isIP(host) ? undefined : host)); break; default: throw new ERR_HTTP2_UNSUPPORTED_PROTOCOL(protocol); diff --git a/test/parallel/test-http2-ip-address-host.js b/test/parallel/test-http2-ip-address-host.js new file mode 100644 index 00000000000000..c0699a89169153 --- /dev/null +++ b/test/parallel/test-http2-ip-address-host.js @@ -0,0 +1,53 @@ +'use strict'; + +const common = require('../common'); +if (!common.hasCrypto) { common.skip('missing crypto'); }; +const assert = require('assert'); +const fixtures = require('../common/fixtures'); +const h2 = require('http2'); + +function loadKey(keyname) { + return fixtures.readKey(keyname, 'binary'); +} + +const key = loadKey('agent8-key.pem'); +const cert = fixtures.readKey('agent8-cert.pem'); + +const server = h2.createSecureServer({ key, cert }); +const hasIPv6 = common.hasIPv6; +const testCount = hasIPv6 ? 2 : 1; + +server.on('stream', common.mustCall((stream) => { + const session = stream.session; + assert.strictEqual(session.servername, undefined); + stream.respond({ 'content-type': 'application/json' }); + stream.end(JSON.stringify({ + servername: session.servername, + originSet: session.originSet + }) + ); +}, testCount)); + +let done = 0; + +server.listen(0, common.mustCall(() => { + function handleRequest(url) { + const client = h2.connect(url, + { rejectUnauthorized: false }); + const req = client.request(); + let data = ''; + req.setEncoding('utf8'); + req.on('data', (d) => data += d); + req.on('end', common.mustCall(() => { + const originSet = req.session.originSet; + assert.strictEqual(originSet[0], url); + client.close(); + if (++done === testCount) server.close(); + })); + } + + const ipv4Url = `https://127.0.0.1:${server.address().port}`; + const ipv6Url = `https://[::1]:${server.address().port}`; + handleRequest(ipv4Url); + if (hasIPv6) handleRequest(ipv6Url); +}));