Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ERR_INVALID_CHAR when response.setHeader() #21509

Closed
Somebi opened this issue Jun 24, 2018 · 4 comments
Closed

ERR_INVALID_CHAR when response.setHeader() #21509

Somebi opened this issue Jun 24, 2018 · 4 comments
Labels
http Issues or PRs related to the http subsystem. invalid Issues and PRs that are invalid.

Comments

@Somebi
Copy link

Somebi commented Jun 24, 2018

v10.5.0

_http_outgoing.js:465
    throw err;
    ^

TypeError [ERR_INVALID_CHAR]: Invalid character in header content ["set-cookie"]
    at ServerResponse.setHeader (_http_outgoing.js:474:3)
    at ClientRequest.getHttp.request.on.destResp (/app.js:77:8)
    at ClientRequest.emit (events.js:182:13)
    at HTTPParser.parserOnIncomingClient [as onIncoming] (_http_client.js:546:21)
    at HTTPParser.parserOnHeadersComplete (_http_common.js:109:17)
    at TLSSocket.socketOnData (_http_client.js:432:20)
    at TLSSocket.emit (events.js:182:13)
    at addChunk (_stream_readable.js:283:12)
    at readableAddChunk (_stream_readable.js:264:11)
    at TLSSocket.Readable.push (_stream_readable.js:219:10)

[ 'ASP.NET_SessionId=xqf01rjz5pjz3rbbus5xrci5; path=/; HttpOnly',
 'PCTR=638232021456825698; domain=.example.com; expires=Sat, 24-Jun-2023 18:15:45 GMT; path=/',
 'UserPrefsCookie=languageId=2&priceStyle=decimal&linesTypeView=c&device=d&languageGroup=all; domain=.example.com; expires=Tue, 24-Jul-2018 18:15:45 GMT; path=/',
 'psCDN=CDN1; domain=.example.com; expires=Thu, 24-Jun-2021 18:15:45 GMT; path=/',
 'visid_incap_801031=Emf8gIVHQf+3J7VJh12IqdDfL1sAAAAAQUIPAAAAAABCbZpNqDRMI1vWsDMXDa4H; expires=Mon, 24 Jun 2019 07:52:32 GMT; path=/; Domain=.example.com',
 'incap_ses_473_801031=2PKoDGDp4EjiWeL38m+QBtDfL1sAAAAAy8XlOsjePLPdpDeegKlRLg==; path=/; Domain=.example.com',
 '___utmvmtEuYYEz=hCwVZbrIQLz; path=/; Max-Age=900',
 '___utmvatEuYYEz=cXf\u0001GjxA; path=/; Max-Age=900',
 '___utmvbtEuYYEz=RZt    XUTOQalb: stW; path=/; Max-Age=900' ],

Presumably it's \u0001 , is identified an unicode? That's not my server response headers, so it's being served for a long time and others server are accepting it without any issues... So why node.js is not willing to accept that one when i'm trying to proxy request further by setting it via .setHeader() ?
@bnoordhuis
Copy link
Member

The \u0001 turns into a control character when encoded to ASCII or UTF-8 and those are rejected as a security measure. That's working as expected.

@bnoordhuis bnoordhuis added invalid Issues and PRs that are invalid. http Issues or PRs related to the http subsystem. labels Jun 24, 2018
@TheHanna
Copy link

For anyone else that comes across this issue:

The cookies are coming from Imperva's Incapsula product. You can request that they not inject those cookies by reaching out to their support team.

@nkostadinov
Copy link

I have an image proxy built with node js that throws this error every couple of minutes and I cannot find a way to handle this error. Does anyone have a solution for this ?

@gajus
Copy link

gajus commented Aug 8, 2019

I have documented a solution in this thread.

#22064 (comment)

@jasnell jasnell mentioned this issue Sep 25, 2019
Closed
@stevenvachon stevenvachon mentioned this issue Sep 25, 2019
Closed
@asbermudez asbermudez mentioned this issue Nov 4, 2019
Open
@snyk-bot snyk-bot mentioned this issue Mar 18, 2020
Open
@parshap parshap mentioned this issue Feb 10, 2023
Closed
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
http Issues or PRs related to the http subsystem. invalid Issues and PRs that are invalid.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@TheHanna @bnoordhuis @Somebi @gajus @nkostadinov