fix: support Connection header with connection-specific header names per RFC 7230 (#4775)

mcollina · web-flow · commit feef62bfe0b4 · 2026-03-22T22:49:40.000+01:00
diff --git a/lib/core/request.js b/lib/core/request.js
@@ -412,13 +412,21 @@ function processHeader (request, key, val) {
   } else if (headerName === 'transfer-encoding' || headerName === 'keep-alive' || headerName === 'upgrade') {
     throw new InvalidArgumentError(`invalid ${headerName} header`)
   } else if (headerName === 'connection') {
-    const value = typeof val === 'string' ? val.toLowerCase() : null
-    if (value !== 'close' && value !== 'keep-alive') {
+    // Per RFC 7230 Section 6.1, Connection header can contain
+    // a comma-separated list of connection option tokens (header names)
+    const value = typeof val === 'string' ? val : null
+    if (value === null) {
       throw new InvalidArgumentError('invalid connection header')
     }
 
-    if (value === 'close') {
-      request.reset = true
+    for (const token of value.toLowerCase().split(',')) {
+      const trimmed = token.trim()
+      if (!isValidHTTPToken(trimmed)) {
+        throw new InvalidArgumentError('invalid connection header')
+      }
+      if (trimmed === 'close') {
+        request.reset = true
+      }
     }
   } else if (headerName === 'expect') {
     throw new NotSupportedError('expect header not supported')
diff --git a/test/invalid-headers.js b/test/invalid-headers.js
@@ -51,7 +51,7 @@ test('invalid headers', (t) => {
     path: '/',
     method: 'GET',
     headers: {
-      connection: 'asd'
+      connection: 'invalid header with spaces'
     }
   }, (err, data) => {
     t.ok(err instanceof errors.InvalidArgumentError)
diff --git a/test/request.js b/test/request.js
@@ -539,3 +539,100 @@ test('request should include statusText in response', async t => {
   await body.dump()
   t.ok('request completed')
 })
+
+describe('connection header per RFC 7230', () => {
+  test('should allow close', async (t) => {
+    t = tspl(t, { plan: 1 })
+
+    const server = createServer((req, res) => {
+      res.end('ok')
+    })
+
+    after(() => server.close())
+    await new Promise((resolve) => server.listen(0, resolve))
+
+    const { statusCode, body } = await request({
+      method: 'GET',
+      origin: `http://localhost:${server.address().port}`,
+      headers: { connection: 'close' }
+    })
+    await body.dump()
+    t.strictEqual(statusCode, 200)
+  })
+
+  test('should allow keep-alive', async (t) => {
+    t = tspl(t, { plan: 1 })
+
+    const server = createServer((req, res) => {
+      res.end('ok')
+    })
+
+    after(() => server.close())
+    await new Promise((resolve) => server.listen(0, resolve))
+
+    const { statusCode, body } = await request({
+      method: 'GET',
+      origin: `http://localhost:${server.address().port}`,
+      headers: { connection: 'keep-alive' }
+    })
+    await body.dump()
+    t.strictEqual(statusCode, 200)
+  })
+
+  test('should allow custom header name as connection option', async (t) => {
+    t = tspl(t, { plan: 1 })
+
+    const server = createServer((req, res) => {
+      res.end('ok')
+    })
+
+    after(() => server.close())
+    await new Promise((resolve) => server.listen(0, resolve))
+
+    const { statusCode, body } = await request({
+      method: 'GET',
+      origin: `http://localhost:${server.address().port}`,
+      headers: {
+        'x-custom-header': 'value',
+        connection: 'x-custom-header'
+      }
+    })
+    await body.dump()
+    t.strictEqual(statusCode, 200)
+  })
+
+  test('should allow comma-separated list of connection options', async (t) => {
+    t = tspl(t, { plan: 1 })
+
+    const server = createServer((req, res) => {
+      res.end('ok')
+    })
+
+    after(() => server.close())
+    await new Promise((resolve) => server.listen(0, resolve))
+
+    const { statusCode, body } = await request({
+      method: 'GET',
+      origin: `http://localhost:${server.address().port}`,
+      headers: {
+        'x-custom-header': 'value',
+        connection: 'close, x-custom-header'
+      }
+    })
+    await body.dump()
+    t.strictEqual(statusCode, 200)
+  })
+
+  test('should reject invalid tokens in connection header', async (t) => {
+    t = tspl(t, { plan: 2 })
+
+    await request({
+      method: 'GET',
+      origin: 'http://localhost:1234',
+      headers: { connection: 'invalid header with spaces' }
+    }).catch((err) => {
+      t.ok(err instanceof errors.InvalidArgumentError)
+      t.strictEqual(err.message, 'invalid connection header')
+    })
+  })
+})

Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@ test('invalid headers', (t) => {`
`51`	`51`	`path: '/',`
`52`	`52`	`method: 'GET',`
`53`	`53`	`headers: {`
`54`		`- connection: 'asd'`
	`54`	`+ connection: 'invalid header with spaces'`
`55`	`55`	`}`
`56`	`56`	`}, (err, data) => {`
`57`	`57`	`t.ok(err instanceof errors.InvalidArgumentError)`