http: fix keep-alive not timing out after post-request empty line #58178
+50
−2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Review requested:
|
nodejs-github-bot
added
http
|
Lines 1040 to 1041 in c46b2b9 The timing for resetting the keep-alive timeout should be limited to this part—specifically, when llhttp determines that parsing is necessary. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #58178 +/- ##
==========================================
- Coverage 90.21% 90.13% -0.09%
==========================================
Files 630 630
Lines 186391 186782 +391
Branches 36608 36654 +46
==========================================
+ Hits 168161 168357 +196
- Misses 11052 11203 +151
- Partials 7178 7222 +44
🚀 New features to boost your workflow:
|
github-actions
bot
added
request-ci-failed
Failed to start CI⚠ No approving reviews found ✘ Refusing to run CI on potentially unsafe PRhttps://github.com/nodejs/node/actions/runs/14841662619 |
lpinca
reviewed
May 6, 2025
|
|
||
| server.listen(0); | ||
|
|
||
| const client = connect({ |
There was a problem hiding this comment.
I would create the connection after the server emits the 'listening' event.
| }, 100); | ||
|
|
||
| client.on('data', (data) => { | ||
| const status = data.toString().split(' ')[1]; |
There was a problem hiding this comment.
There is no guarantee that all data will be received in a single chunk.
There was a problem hiding this comment.
Thx, fixed test code.
ShogunPanda
added
request-ci
github-actions
bot
removed
the
request-ci
mcollina
added
the
commit-queue
RafaelGSS
added
the
author ready
nodejs-github-bot
added
commit-queue-failed
Commit Queue failed- Loading data for nodejs/node/pull/58178 ✔ Done loading data for nodejs/node/pull/58178 ----------------------------------- PR info ------------------------------------ Title http: fix keep-alive not timing out after post-request empty line (#58178) ⚠ Could not retrieve the email or name of the PR author's from user's GitHub profile! Branch islandryu:fix/httpEmptyLine -> nodejs:main Labels http, author ready, needs-ci Commits 2 - http: fix keep-alive not timing out after post-request empty line - fix test Committers 1 - islandryu <[email protected]> PR-URL: https://github.com/nodejs/node/pull/58178 Fixes: https://github.com/nodejs/node/issues/58140 Reviewed-By: Paolo Insogna <[email protected]> Reviewed-By: Matteo Collina <[email protected]> ------------------------------ Generated metadata ------------------------------ PR-URL: https://github.com/nodejs/node/pull/58178 Fixes: https://github.com/nodejs/node/issues/58140 Reviewed-By: Paolo Insogna <[email protected]> Reviewed-By: Matteo Collina <[email protected]> -------------------------------------------------------------------------------- ℹ This PR was created on Mon, 05 May 2025 08:46:23 GMT ✔ Approvals: 2 ✔ - Paolo Insogna (@ShogunPanda) (TSC): https://github.com/nodejs/node/pull/58178#pullrequestreview-2829062997 ✔ - Matteo Collina (@mcollina) (TSC): https://github.com/nodejs/node/pull/58178#pullrequestreview-2829334728 ✘ Last GitHub CI failed ℹ Last Full PR CI on 2025-05-09T18:21:27Z: https://ci.nodejs.org/job/node-test-pull-request/66736/ - Querying data for job/node-test-pull-request/66736/ ✔ Last Jenkins CI successful -------------------------------------------------------------------------------- ✔ Aborted `git node land` session in /home/runner/work/node/node/.ncuhttps://github.com/nodejs/node/actions/runs/14936022305 |
|
@islandryu Can you please fix failing test so we can move this forward? |
|
@ShogunPanda Separately, I used to be able to view the Jenkins results until recently, but now I’m getting a permission error and can no longer access them. |
|
CI is under security embargo. |
|
No worries, let's wait for the other PR to land and then you can rebase this. About your question, maybe @nodejs/build-infra has some idea? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes: #58140
As shown in the test code, sending an empty line after a request can result in a state where the keep-alive timer is reset, but neither requestTimeout nor keepAliveTimeout is active.
Unless a custom timeout is implemented, this allows the client to hold the socket indefinitely.
Modified behavior so that data like an empty line, which does not indicate the start of an HTTP message, no longer resets the keep-alive timeout.
FYI
Here is the behavior of other HTTP servers:
nginx: When client_header_timeout is set, sending an empty line after a request triggers a 408 timeout response once the timeout period expires.
Apache: When RequestReadTimeout header=5-10,MinRate=500 is configured, the connection times out after the specified duration, but no error code is sent.
However, since the timing for resetting the keep-alive timeout is not clearly defined in RFC 9112 or similar specifications, I believe this change is appropriate.