-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http: add setDefaultHeaders option to http.request #56112
http: add setDefaultHeaders option to http.request #56112
Conversation
Review requested:
|
This makes it possible to disable the various default headers directly from the constructor. While this is possible for many use cases by manually calling removeHeader on the request object instead, when passing a raw header array to the request constructor the headers are serialized and prepared to send immediately, and removeHeader cannot subsequently be used. With this change, it's now possible to 100% control sent request headers by passing 'setDefaultHeaders: false' and a raw headers array to http.request.
9a5540f
to
950b50b
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #56112 +/- ##
==========================================
+ Coverage 88.00% 88.53% +0.52%
==========================================
Files 656 657 +1
Lines 189002 189864 +862
Branches 36003 36447 +444
==========================================
+ Hits 166335 168091 +1756
+ Misses 15838 14981 -857
+ Partials 6829 6792 -37
|
I'd love a couple of @nodejs/http reviews here when anybody has a minute. Tests all passing in CI already. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
test/parallel/test-http-dont-set-default-headers-with-set-header.js
Outdated
Show resolved
Hide resolved
test/parallel/test-http-dont-set-default-headers-with-setHost.js
Outdated
Show resolved
Hide resolved
Suggestions from review Co-authored-by: Luigi Pinca <luigipinca@gmail.com>
Landed in 7a40aa7 |
This makes it possible to disable the various default headers directly from the constructor. While this is possible for many use cases by manually calling removeHeader on the request object instead, when passing a raw header array to the request constructor the headers are serialized and prepared to send immediately, and removeHeader cannot subsequently be used. With this change, it's now possible to 100% control sent request headers by passing 'setDefaultHeaders: false' and a raw headers array to http.request. PR-URL: #56112 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
This makes it possible to disable the various default headers directly from the constructor. While this is possible for many use cases by manually calling removeHeader on the request object instead, when passing a raw header array to the request constructor the headers are serialized and prepared to send immediately, and removeHeader cannot subsequently be used. With this change, it's now possible to 100% control sent request headers by passing 'setDefaultHeaders: false' and a raw headers array to http.request. PR-URL: #56112 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
This makes it possible to disable the various default headers directly from the constructor. While this is possible for many use cases by manually calling removeHeader on the request object instead, when passing a raw header array to the request constructor the headers are serialized and prepared to send immediately, and removeHeader cannot subsequently be used. With this change, it's now possible to 100% control sent request headers by passing 'setDefaultHeaders: false' and a raw headers array to http.request. PR-URL: #56112 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
This makes it possible to disable the various default headers directly from the constructor. While this is possible for many use cases by manually calling removeHeader on the request object instead, when passing a raw header array to the request constructor the headers are serialized and prepared to send immediately, and removeHeader cannot subsequently be used. With this change, it's now possible to 100% control sent request headers by passing 'setDefaultHeaders: false' and a raw headers array to http.request. PR-URL: #56112 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [node](https://nodejs.org) ([source](https://github.com/nodejs/node)) | minor | `23.4.0` -> `23.5.0` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>nodejs/node (node)</summary> ### [`v23.5.0`](https://github.com/nodejs/node/releases/tag/v23.5.0): 2024-12-19, Version 23.5.0 (Current), @​aduh95 [Compare Source](nodejs/node@v23.4.0...v23.5.0) ##### Notable Changes ##### WebCryptoAPI [`Ed25519`](nodejs/node@Ed25519) and X25519 algorithms are now stable Following the merge of Curve25519 into the [Web Cryptography API Editor's Draft](https://w3c.github.io/webcrypto/) the `Ed25519` and `X25519` algorithm identifiers are now stable and will no longer emit an ExperimentalWarning upon use. Contributed by Filip Skokan in [#​56142](nodejs/node#56142). ##### On-thread hooks are back This release introduces `module.registerHooks()` for registering module loader customization hooks that are run for all modules loaded by `require()`, `import` and functions returned by `createRequire()` in the same thread, which makes them easier for CJS monkey-patchers to migrate to. ```mjs import assert from 'node:assert'; import { registerHooks, createRequire } from 'node:module'; import { writeFileSync } from 'node:fs'; writeFileSync('./bar.js', 'export const id = 123;', 'utf8'); registerHooks({ resolve(specifier, context, nextResolve) { const replaced = specifier.replace('foo', 'bar'); return nextResolve(replaced, context); }, load(url, context, nextLoad) { const result = nextLoad(url, context); return { ...result, source: result.source.toString().replace('123', '456'), }; }, }); // Checks that it works with require. const require = createRequire(import.meta.url); const required = require('./foo.js'); // Redirected by resolve hook to bar.js assert.strictEqual(required.id, 456); // Replaced by load hook to 456 // Checks that it works with import. const imported = await import('./foo.js'); // Redirected by resolve hook to bar.js assert.strictEqual(imported.id, 456); // Replaced by load hook to 456 ``` This complements the `module.register()` hooks - the new hooks fit better internally and cover all corners in the module graph; whereas `module.register()` previously could not cover `require()` while it was on-thread, and still cannot cover `createRequire()` after being moved off-thread. They are also run in the same thread as the modules being loaded and where the hooks are registered, which means they are easier to debug (no more `console.log()` getting lost) and do not have the many deadlock issues haunting the `module.register()` hooks. The new API also takes functions directly so that it's easier for intermediate loader packages to take user options from files that the hooks can't be aware of, like many existing CJS monkey-patchers do. Contributed by Joyee Cheung in [#​55698](nodejs/node#55698). ##### Other notable changes - \[[`59cae91465`](nodejs/node@59cae91465)] - **(SEMVER-MINOR)** **dgram**: support blocklist in udp (theanarkh) [#​56087](nodejs/node#56087) - \[[`72f79b44ed`](nodejs/node@72f79b44ed)] - **doc**: stabilize util.styleText (Rafael Gonzaga) [#​56265](nodejs/node#56265) - \[[`b5a2c0777d`](nodejs/node@b5a2c0777d)] - **(SEMVER-MINOR)** **module**: add prefix-only modules to `module.builtinModules` (Jordan Harband) [#​56185](nodejs/node#56185) - \[[`9863d27566`](nodejs/node@9863d27566)] - **(SEMVER-MINOR)** **module**: only emit require(esm) warning under --trace-require-module (Joyee Cheung) [#​56194](nodejs/node#56194) - \[[`8e780bc5ae`](nodejs/node@8e780bc5ae)] - **(SEMVER-MINOR)** **module**: use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) [#​55698](nodejs/node#55698) - \[[`65bc8e847f`](nodejs/node@65bc8e847f)] - **(SEMVER-MINOR)** **report**: fix typos in report keys and bump the version (Yuan-Ming Hsu) [#​56068](nodejs/node#56068) - \[[`0ab36e1937`](nodejs/node@0ab36e1937)] - **(SEMVER-MINOR)** **sqlite**: aggregate constants in a single property (Edigleysson Silva (Edy)) [#​56213](nodejs/node#56213) - \[[`efcc5d90c5`](nodejs/node@efcc5d90c5)] - **(SEMVER-MINOR)** **src,lib**: stabilize permission model (Rafael Gonzaga) [#​56201](nodejs/node#56201) ##### Commits - \[[`2314e4916e`](nodejs/node@2314e4916e)] - **assert**: make Maps be partially compared in partialDeepStrictEqual (Giovanni Bucci) [#​56195](nodejs/node#56195) - \[[`cfbdff7b45`](nodejs/node@cfbdff7b45)] - **assert**: make partialDeepStrictEqual work with ArrayBuffers (Giovanni Bucci) [#​56098](nodejs/node#56098) - \[[`f264dd6d20`](nodejs/node@f264dd6d20)] - **buffer**: document concat zero-fill (Duncan) [#​55562](nodejs/node#55562) - \[[`4831b87d83`](nodejs/node@4831b87d83)] - **build**: set DESTCPU correctly for 'make binary' on loongarch64 (吴小白) [#​56271](nodejs/node#56271) - \[[`1497bb405e`](nodejs/node@1497bb405e)] - **build**: fix missing fp16 dependency in d8 builds (Joyee Cheung) [#​56266](nodejs/node#56266) - \[[`445c8c7489`](nodejs/node@445c8c7489)] - **build**: add major release action (Rafael Gonzaga) [#​56199](nodejs/node#56199) - \[[`f4faedfa69`](nodejs/node@f4faedfa69)] - **build**: fix C string encoding for `PRODUCT_DIR_ABS` (Anna Henningsen) [#​56111](nodejs/node#56111) - \[[`6f49c8006c`](nodejs/node@6f49c8006c)] - **build**: use variable for simdutf path (Shelley Vohr) [#​56196](nodejs/node#56196) - \[[`fcaa2c82a6`](nodejs/node@fcaa2c82a6)] - **build**: fix GN build on macOS (Joyee Cheung) [#​56141](nodejs/node#56141) - \[[`08e5309f4f`](nodejs/node@08e5309f4f)] - ***Revert*** "**build**: avoid compiling with VS v17.12" (Gerhard Stöbich) [#​56151](nodejs/node#56151) - \[[`c2fb38cfdf`](nodejs/node@c2fb38cfdf)] - **crypto**: graduate WebCryptoAPI [`Ed25519`](nodejs/node@Ed25519) and X25519 algorithms as stable (Filip Skokan) [#​56142](nodejs/node#56142) - \[[`8658833884`](nodejs/node@8658833884)] - **deps**: update nghttp3 to 1.6.0 (Node.js GitHub Bot) [#​56258](nodejs/node#56258) - \[[`7c941d4610`](nodejs/node@7c941d4610)] - **deps**: update simdutf to 5.6.4 (Node.js GitHub Bot) [#​56255](nodejs/node#56255) - \[[`4e9113eada`](nodejs/node@4e9113eada)] - **deps**: update libuv to 1.49.2 (Luigi Pinca) [#​56224](nodejs/node#56224) - \[[`db6aba12e4`](nodejs/node@db6aba12e4)] - **deps**: update c-ares to v1.34.4 (Node.js GitHub Bot) [#​56256](nodejs/node#56256) - \[[`25bb462bc2`](nodejs/node@25bb462bc2)] - **deps**: define V8\_PRESERVE_MOST as no-op on Windows (Stefan Stojanovic) [#​56238](nodejs/node#56238) - \[[`54308c51bb`](nodejs/node@54308c51bb)] - **deps**: update sqlite to 3.47.2 (Node.js GitHub Bot) [#​56178](nodejs/node#56178) - \[[`59cae91465`](nodejs/node@59cae91465)] - **(SEMVER-MINOR)** **dgram**: support blocklist in udp (theanarkh) [#​56087](nodejs/node#56087) - \[[`52c18e605e`](nodejs/node@52c18e605e)] - **doc**: fix color contrast issue in light mode (Rich Trott) [#​56272](nodejs/node#56272) - \[[`72f79b44ed`](nodejs/node@72f79b44ed)] - **doc**: stabilize util.styleText (Rafael Gonzaga) [#​56265](nodejs/node#56265) - \[[`0d08756d0c`](nodejs/node@0d08756d0c)] - **doc**: clarify util.aborted resource usage (Kunal Kumar) [#​55780](nodejs/node#55780) - \[[`f94f21080b`](nodejs/node@f94f21080b)] - **doc**: add esm examples to node:repl (Alfredo González) [#​55432](nodejs/node#55432) - \[[`7a10ef88d9`](nodejs/node@7a10ef88d9)] - **doc**: add esm examples to node:readline (Alfredo González) [#​55335](nodejs/node#55335) - \[[`cc7a7c391b`](nodejs/node@cc7a7c391b)] - **doc**: fix 'which' to 'that' and add commas (Selveter Senitro) [#​56216](nodejs/node#56216) - \[[`c5b086250e`](nodejs/node@c5b086250e)] - **doc**: fix winget config path (Alex Yang) [#​56233](nodejs/node#56233) - \[[`71c38a24d4`](nodejs/node@71c38a24d4)] - **doc**: add esm examples to node:tls (Alfredo González) [#​56229](nodejs/node#56229) - \[[`394fffbbde`](nodejs/node@394fffbbde)] - **doc**: add esm examples to node:perf_hooks (Alfredo González) [#​55257](nodejs/node#55257) - \[[`7b2a6ee61e`](nodejs/node@7b2a6ee61e)] - **doc**: `sea.getRawAsset(key)` always returns an ArrayBuffer (沈鸿飞) [#​56206](nodejs/node#56206) - \[[`8092dcf27e`](nodejs/node@8092dcf27e)] - **doc**: update announce documentation for releases (Rafael Gonzaga) [#​56200](nodejs/node#56200) - \[[`2974667815`](nodejs/node@2974667815)] - **doc**: update blog link to /vulnerability (Rafael Gonzaga) [#​56198](nodejs/node#56198) - \[[`f3b3ff85e0`](nodejs/node@f3b3ff85e0)] - **doc**: call out import.meta is only supported in ES modules (Anton Kastritskii) [#​56186](nodejs/node#56186) - \[[`a9e67280e7`](nodejs/node@a9e67280e7)] - **doc**: add ambassador message - benefits of Node.js (Michael Dawson) [#​56085](nodejs/node#56085) - \[[`e4922ab15f`](nodejs/node@e4922ab15f)] - **doc**: fix incorrect link to style guide (Yuan-Ming Hsu) [#​56181](nodejs/node#56181) - \[[`114a3e5a05`](nodejs/node@114a3e5a05)] - **doc**: fix c++ addon hello world sample (Edigleysson Silva (Edy)) [#​56172](nodejs/node#56172) - \[[`f1c2d2f65e`](nodejs/node@f1c2d2f65e)] - **doc**: update blog release-post link (Ruy Adorno) [#​56123](nodejs/node#56123) - \[[`d48b5224c0`](nodejs/node@d48b5224c0)] - **doc**: fix module.md headings (Chengzhong Wu) [#​56131](nodejs/node#56131) - \[[`4cc0493a0b`](nodejs/node@4cc0493a0b)] - **fs**: make mutating `options` in Callback `readdir()` not affect results (LiviaMedeiros) [#​56057](nodejs/node#56057) - \[[`8d485f1c09`](nodejs/node@8d485f1c09)] - **fs**: make mutating `options` in Promises `readdir()` not affect results (LiviaMedeiros) [#​56057](nodejs/node#56057) - \[[`595851b5ed`](nodejs/node@595851b5ed)] - **fs,win**: fix readdir for named pipe (Hüseyin Açacak) [#​56110](nodejs/node#56110) - \[[`075b36b7b4`](nodejs/node@075b36b7b4)] - **http**: add setDefaultHeaders option to http.request (Tim Perry) [#​56112](nodejs/node#56112) - \[[`febd969c46`](nodejs/node@febd969c46)] - **http2**: remove duplicate codeblock (Vitaly Aminev) [#​55915](nodejs/node#55915) - \[[`b0ebd23e52`](nodejs/node@b0ebd23e52)] - **http2**: support ALPNCallback option (ZYSzys) [#​56187](nodejs/node#56187) - \[[`f10239fde7`](nodejs/node@f10239fde7)] - **lib**: remove redundant global regexps (Gürgün Dayıoğlu) [#​56182](nodejs/node#56182) - \[[`fd55d3cbdd`](nodejs/node@fd55d3cbdd)] - **lib**: clean up persisted signals when they are settled (Edigleysson Silva (Edy)) [#​56001](nodejs/node#56001) - \[[`889094fdbc`](nodejs/node@889094fdbc)] - **lib**: handle Float16Array in node:v8 serdes (Bartek Iwańczuk) [#​55996](nodejs/node#55996) - \[[`5aec513207`](nodejs/node@5aec513207)] - **lib**: disable default memory leak warning for AbortSignal (Lenz Weber-Tronic) [#​55816](nodejs/node#55816) - \[[`b5a2c0777d`](nodejs/node@b5a2c0777d)] - **(SEMVER-MINOR)** **module**: add prefix-only modules to `module.builtinModules` (Jordan Harband) [#​56185](nodejs/node#56185) - \[[`9863d27566`](nodejs/node@9863d27566)] - **(SEMVER-MINOR)** **module**: only emit require(esm) warning under --trace-require-module (Joyee Cheung) [#​56194](nodejs/node#56194) - \[[`5665e86da6`](nodejs/node@5665e86da6)] - **module**: prevent main thread exiting before esm worker ends (Shima Ryuhei) [#​56183](nodejs/node#56183) - \[[`8e780bc5ae`](nodejs/node@8e780bc5ae)] - **(SEMVER-MINOR)** **module**: use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) [#​55698](nodejs/node#55698) - \[[`e5bb6c2303`](nodejs/node@e5bb6c2303)] - **(SEMVER-MINOR)** **module**: implement module.registerHooks() (Joyee Cheung) [#​55698](nodejs/node#55698) - \[[`f883bedceb`](nodejs/node@f883bedceb)] - **node-api**: allow napi_delete_reference in finalizers (Chengzhong Wu) [#​55620](nodejs/node#55620) - \[[`65bc8e847f`](nodejs/node@65bc8e847f)] - **(SEMVER-MINOR)** **report**: fix typos in report keys and bump the version (Yuan-Ming Hsu) [#​56068](nodejs/node#56068) - \[[`a6f0cfa468`](nodejs/node@a6f0cfa468)] - **sea**: only assert snapshot main function for main threads (Joyee Cheung) [#​56120](nodejs/node#56120) - \[[`0ab36e1937`](nodejs/node@0ab36e1937)] - **(SEMVER-MINOR)** **sqlite**: aggregate constants in a single property (Edigleysson Silva (Edy)) [#​56213](nodejs/node#56213) - \[[`4745798225`](nodejs/node@4745798225)] - **sqlite**: add support for custom functions (Colin Ihrig) [#​55985](nodejs/node#55985) - \[[`53cc0cc744`](nodejs/node@53cc0cc744)] - **sqlite**: support `db.loadExtension` (Alex Yang) [#​53900](nodejs/node#53900) - \[[`3968599702`](nodejs/node@3968599702)] - **src**: fix outdated js2c.cc references (Chengzhong Wu) [#​56133](nodejs/node#56133) - \[[`efcc5d90c5`](nodejs/node@efcc5d90c5)] - **(SEMVER-MINOR)** **src,lib**: stabilize permission model (Rafael Gonzaga) [#​56201](nodejs/node#56201) - \[[`a4a83613cb`](nodejs/node@a4a83613cb)] - **stream**: commit pull-into descriptors after filling from queue (Mattias Buelens) [#​56072](nodejs/node#56072) - \[[`3298ef4891`](nodejs/node@3298ef4891)] - **test**: remove test-sqlite-statement-sync flaky designation (Luigi Pinca) [#​56051](nodejs/node#56051) - \[[`1d8cc6179d`](nodejs/node@1d8cc6179d)] - **test**: use --permission over --experimental-permission (Rafael Gonzaga) [#​56239](nodejs/node#56239) - \[[`5d252b7a67`](nodejs/node@5d252b7a67)] - **test**: remove exludes for sea tests on PPC (Michael Dawson) [#​56217](nodejs/node#56217) - \[[`8288f57724`](nodejs/node@8288f57724)] - **test**: fix test-abortsignal-drop-settled-signals flakiness (Edigleysson Silva (Edy)) [#​56197](nodejs/node#56197) - \[[`683cc15796`](nodejs/node@683cc15796)] - **test**: move localizationd data from `test-icu-env` to external file (Livia Medeiros) [#​55618](nodejs/node#55618) - \[[`a0c4a5f122`](nodejs/node@a0c4a5f122)] - **test**: update WPT for url to [`6fa3fe8`](nodejs/node@6fa3fe8a92) (Node.js GitHub Bot) [#​56136](nodejs/node#56136) - \[[`a0e3926285`](nodejs/node@a0e3926285)] - **test**: remove `hasOpenSSL3x` utils (Antoine du Hamel) [#​56164](nodejs/node#56164) - \[[`041a49094e`](nodejs/node@041a49094e)] - **test**: update streams wpt (Mattias Buelens) [#​56072](nodejs/node#56072) - \[[`ea9a675f56`](nodejs/node@ea9a675f56)] - **test_runner**: exclude test files from coverage by default (Pietro Marchini) [#​56060](nodejs/node#56060) - \[[`118cd9998f`](nodejs/node@118cd9998f)] - **tools**: fix `node:` enforcement for docs (Antoine du Hamel) [#​56284](nodejs/node#56284) - \[[`c4c56daae8`](nodejs/node@c4c56daae8)] - **tools**: update github_reporter to 1.7.2 (Node.js GitHub Bot) [#​56205](nodejs/node#56205) - \[[`78743b1533`](nodejs/node@78743b1533)] - **tools**: add REPLACEME check to workflow (Mert Can Altin) [#​56251](nodejs/node#56251) - \[[`002ee71d9b`](nodejs/node@002ee71d9b)] - **tools**: use `github.actor` instead of bot username for release proposals (Antoine du Hamel) [#​56232](nodejs/node#56232) - \[[`d25d16efeb`](nodejs/node@d25d16efeb)] - ***Revert*** "**tools**: disable automated libuv updates" (Luigi Pinca) [#​56223](nodejs/node#56223) - \[[`b395e0c8c9`](nodejs/node@b395e0c8c9)] - **tools**: update gyp-next to 0.19.1 (Anna Henningsen) [#​56111](nodejs/node#56111) - \[[`a5aaf31c50`](nodejs/node@a5aaf31c50)] - **tools**: fix release proposal linter to support more than 1 folk preparing (Antoine du Hamel) [#​56203](nodejs/node#56203) - \[[`fa667d609e`](nodejs/node@fa667d609e)] - **tools**: remove has_absl_stringify from gyp file (Michaël Zasso) [#​56157](nodejs/node#56157) - \[[`65b541e70e`](nodejs/node@65b541e70e)] - **tools**: enable linter for `tools/icu/**` (Livia Medeiros) [#​56176](nodejs/node#56176) - \[[`28a4b6ff58`](nodejs/node@28a4b6ff58)] - **tools**: use commit title as MR title when creating release proposal (Antoine du Hamel) [#​56165](nodejs/node#56165) - \[[`e20eef659f`](nodejs/node@e20eef659f)] - **tools**: update gyp-next to 0.19.0 (Node.js GitHub Bot) [#​56158](nodejs/node#56158) - \[[`efcc829085`](nodejs/node@efcc829085)] - **tools**: bump the eslint group in /tools/eslint with 4 updates (dependabot\[bot]) [#​56099](nodejs/node#56099) - \[[`5620b2be8a`](nodejs/node@5620b2be8a)] - **tools**: improve release proposal MR opening (Antoine du Hamel) [#​56161](nodejs/node#56161) - \[[`3e17a8e78e`](nodejs/node@3e17a8e78e)] - **util**: harden more built-in classes against prototype pollution (Antoine du Hamel) [#​56225](nodejs/node#56225) - \[[`13815417c7`](nodejs/node@13815417c7)] - **util**: fix Latin1 decoding to return string output (Mert Can Altin) [#​56222](nodejs/node#56222) - \[[`77397c5013`](nodejs/node@77397c5013)] - **util**: do not rely on mutable `Object` and `Function`' `constructor` prop (Antoine du Hamel) [#​56188](nodejs/node#56188) - \[[`84f98e0a74`](nodejs/node@84f98e0a74)] - **v8,tools**: expose experimental wasm revectorize feature (Yolanda-Chen) [#​54896](nodejs/node#54896) - \[[`8325fa5c04`](nodejs/node@8325fa5c04)] - **worker**: fix crash when a worker joins after exit (Stephen Belanger) [#​56191](nodejs/node#56191) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS43Ny4wIiwidXBkYXRlZEluVmVyIjoiMzkuNzcuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90Il19-->
When sending an HTTP request, for some use cases you want full control of the request headers: controlling the raw format directly and setting only the headers provided, with no other headers automatically included whatsoever.
That is not currently possible, because:
req.removeHeader
for each of them individually on a request instance, before the headers are sent. Otherwise these are set automatically, even if you pass a raw header array.http.request()
method, and when you do so the headers are passed to_storeHeader
and serialized into_header
immediately, meaning you can't callremoveHeader
afterwards.That means these two use cases (removing default headers & setting raw header formats) are mutually exclusive, which isn't great since they're closely related.
This PR fixes that by adding a
setDefaultHeaders
option tohttp.request
, defaulting totrue
. If you passsetDefaultHeaders: false
then you take responsibility for providing all required headers and Node gets out of the way and gives you full control.With this, you can now control all headers, in raw format, with:
Alternative ideas I've avoided, but might be interesting:
setContentLength
,setTransferEncoding
etc parameters, analogous to the existingsetHost
option. Results in too many options, and I think in the case where this is necessary you almost always want to control all headers. In fact, I think if this PR is merged we could consider deprecatingsetHost
entirely, and suggesting users migrate to this option instead (I expect mostsetHost: false
cases will want this too) but I haven't looked into that for now, we can wait and see how this is used instead.setHeaders
to allow setting raw headers after initial request construction, to handle this use case with justremoveHeader
+setHeaders
calls. This would require that eithersetHeaders
immediately serialize the raw headers to_headers
in this case (blocking any further changes like an implicit flushHeaders, but only in the raw header argument case, with potentially weird differences between setHeaders behaviour for requests vs responses), or some fairly major refactoring to change all internal HTTP header representation to support incrementally adding raw headers (all current raw header APIs -writeHead
andhttp.request
- always serialize & fix the headers immediately). The former is quite an awkward API, the latter is messy and risky, and I'd rather not.request.writeHeaders
method analogous toresponse.writeHead
. This works, but it's yet another headers API with subtly different behaviour that would really only exist for this one use case.http.request
- this seems sensible to me as an API, but it's a huge breaking change that isn't really practical imo.