fix: validate BiDi request headers before sending to prevent Firefox connection crash

Firefox closes the WebSocket connection when sent header values containing CR/LF,
crashing the test host. Pre-validate headers in ContinueAsync and RespondAsync to
throw PuppeteerException before the invalid data reaches Firefox.

Also guard ContinueAsync/RespondAsync/AbortAsync against calls when page-level
interception is not enabled, preventing async-void handler crashes in edge cases.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: kblok

lib/PuppeteerSharp/Bidi/BidiHttpRequest.cs

@@ -124,13 +124,20 @@ public override InterceptResolutionState InterceptResolutionState
     /// <inheritdoc />
     public override async Task ContinueAsync(Payload payloadOverrides = null, int? priority = null)
     {
+        if (!PageLevelInterceptionEnabled)
+        {
+            return;
+        }
+
         VerifyInterception();
 
         if (!CanBeIntercepted())
         {
             return;
         }
 
+        ValidateHeaderValues(payloadOverrides?.Headers);
+
         if (priority is null)
         {
             await ContinueInternalAsync(payloadOverrides).ConfigureAwait(false);
@@ -165,13 +172,20 @@ public override async Task RespondAsync(ResponseData response, int? priority = n
             throw new ArgumentNullException(nameof(response));
         }
 
+        if (!PageLevelInterceptionEnabled)
+        {
+            return;
+        }
+
         VerifyInterception();
 
         if (!CanBeIntercepted())
         {
             return;
         }
 
+        ValidateResponseHeaderValues(response.Headers);
+
         if (priority is null)
         {
             await RespondInternalAsync(response).ConfigureAwait(false);
@@ -200,6 +214,11 @@ public override async Task RespondAsync(ResponseData response, int? priority = n
     /// <inheritdoc />
     public override async Task AbortAsync(RequestAbortErrorCode errorCode = RequestAbortErrorCode.Failed, int? priority = null)
     {
+        if (!PageLevelInterceptionEnabled)
+        {
+            return;
+        }
+
         VerifyInterception();
 
         if (!CanBeIntercepted())
@@ -310,6 +329,53 @@ protected override void VerifyInterception()
     /// <inheritdoc/>
     protected override bool CanBeIntercepted() => _request.IsBlocked;
 
+    private static void ValidateHeaderValues(Dictionary<string, string> headers)
+    {
+        if (headers == null)
+        {
+            return;
+        }
+
+        foreach (var kvp in headers)
+        {
+            if (kvp.Value != null && kvp.Value.IndexOfAny(new[] { '\n', '\r', '\0' }) >= 0)
+            {
+                throw new PuppeteerException($"Invalid header value for '{kvp.Key}'");
+            }
+        }
+    }
+
+    private static void ValidateResponseHeaderValues(Dictionary<string, object> headers)
+    {
+        if (headers == null)
+        {
+            return;
+        }
+
+        foreach (var kvp in headers)
+        {
+            if (kvp.Value is ICollection collection)
+            {
+                foreach (var item in collection)
+                {
+                    var strValue = item?.ToString();
+                    if (strValue != null && strValue.IndexOfAny(new[] { '\n', '\r', '\0' }) >= 0)
+                    {
+                        throw new PuppeteerException($"Invalid header value for '{kvp.Key}'");
+                    }
+                }
+            }
+            else
+            {
+                var strValue = kvp.Value?.ToString();
+                if (strValue != null && strValue.IndexOfAny(new[] { '\n', '\r', '\0' }) >= 0)
+                {
+                    throw new PuppeteerException($"Invalid header value for '{kvp.Key}'");
+                }
+            }
+        }
+    }
+
     private static List<Header> ConvertToBidiHeaders(Dictionary<string, string> headers)
     {
         if (headers == null || headers.Count == 0)