Add support for HTTP2 pseudo headers (#55)

pcattori · MichaelDeBoey · commit 54a556500494 · 2025-04-07T13:50:16.000+02:00
* fix(headers): do not depend on `http` for header name validation

Node internally uses undici instead anyway

* fix(headers): support HTTP2 pseudo-headers

which begin with `:` e.g. `:authority`, `:method`, etc.

* test(headers): check that pseudo-headers are allowed
diff --git a/.changeset/wise-dogs-clean.md b/.changeset/wise-dogs-clean.md
@@ -0,0 +1,5 @@
+---
+"@remix-run/web-fetch": patch
+---
+
+Support HTTP2 pseudo-headers like `:authority`, `:method`, etc.
diff --git a/packages/fetch/src/headers.js b/packages/fetch/src/headers.js
@@ -8,27 +8,25 @@ import {types} from 'util';
 import http from 'http';
 import { isIterable } from './utils/is.js'
 
-const validators = /** @type {{validateHeaderName?:(name:string) => any, validateHeaderValue?:(name:string, value:string) => any}} */
-(http)
+/** @type {{validateHeaderValue?:(name:string, value:string) => any}} */
+const validators = (http)
 
-const validateHeaderName = typeof validators.validateHeaderName === 'function' ?
-	validators.validateHeaderName :
-	/**
-	 * @param {string} name 
-	 */
-	name => {
-		if (!/^[\^`\-\w!#$%&'*+.|~]+$/.test(name)) {
-			const err = new TypeError(`Header name must be a valid HTTP token [${name}]`);
-			Object.defineProperty(err, 'code', {value: 'ERR_INVALID_HTTP_TOKEN'});
-			throw err;
-		}
-	};
+/**
+ * @param {string} name
+ */
+const validateHeaderName = name => {
+	if (!/^[\^`\-\w!#$%&'*+.|~:]+$/.test(name)) {
+		const err = new TypeError(`Header name must be a valid HTTP token [${name}]`);
+		Object.defineProperty(err, 'code', {value: 'ERR_INVALID_HTTP_TOKEN'});
+		throw err;
+	}
+};
 
 const validateHeaderValue = typeof validators.validateHeaderValue === 'function' ?
 	validators.validateHeaderValue :
 	/**
-	 * @param {string} name 
-	 * @param {string} value 
+	 * @param {string} name
+	 * @param {string} value
 	 */
 	(name, value) => {
 		if (/[^\t\u0020-\u007E\u0080-\u00FF]/.test(value)) {
@@ -166,8 +164,8 @@ export default class Headers extends URLSearchParams {
 	}
 
 	/**
-	 * 
-	 * @param {string} name 
+	 *
+	 * @param {string} name
 	 */
 	get(name) {
 		const values = this.getAll(name);
@@ -184,8 +182,8 @@ export default class Headers extends URLSearchParams {
 	}
 
 	/**
-	 * @param {(value: string, key: string, parent: this) => void} callback 
-	 * @param {any} thisArg 
+	 * @param {(value: string, key: string, parent: this) => void} callback
+	 * @param {any} thisArg
 	 * @returns {void}
 	 */
 	forEach(callback, thisArg = undefined) {
diff --git a/packages/fetch/test/headers.js b/packages/fetch/test/headers.js
@@ -216,6 +216,19 @@ describe('Headers', () => {
 		expect(() => headers.append('', 'ok')).to.throw(TypeError);
 	});
 
+	it('should allow HTTP2 pseudo-headers', () => {
+		let headers = new Headers({':authority': 'something'});
+		headers.append(":method", "something else")
+
+		const result = [];
+		for (const pair of headers) {
+			result.push(pair);
+		}
+
+		expect(result).to.deep.equal([[':authority', 'something'], [':method', 'something else']]);
+
+	})
+
 	it('should ignore unsupported attributes while reading headers', () => {
 		const FakeHeader = function () { };
 		// Prototypes are currently ignored

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"@remix-run/web-fetch": patch
 +---
++
 +Support HTTP2 pseudo-headers like `:authority`, `:method`, etc.