Node.js HTTP - TypeError: The header content contains invalid characters

Question

const http = require('http');

const req = http.request({
  method: 'POST',
  hostname: 'cloudsso‐test.myco.com',
  port: 80,
  path: '/as/token.oauth2',
  headers: {
    'Content-Type': 'application/json',
  },
  agent: false  // create a new agent just for this one request

}, function (res) {

  res.on('headers', function (h) {
    console.log('headers => ', h);
  });

  let data = '';

  res.on('data', function (d) {
    data += d;
  });

  res.once('end', function () {
    console.log('data => ', data);
  });

});

req.write(JSON.stringify({
  client_id: 'xxx',
  client_secret: 'secret',
  grant_type: 'refresh_token',
}));

req.end();

I run this code, and I get the following error:

_http_outgoing.js:358
    throw new TypeError('The header content contains invalid characters');
    ^

TypeError: The header content contains invalid characters
    at ClientRequest.OutgoingMessage.setHeader (_http_outgoing.js:358:11)
    at new ClientRequest (_http_client.js:105:12)
    at Object.exports.request (http.js:31:10)
    at Object.<anonymous> (/Users/alexamil/WebstormProjects/cisco/cdt-now/test/refresh-token.js:9:18)
    at Module._compile (module.js:570:32)
    at Object.Module._extensions..js (module.js:579:10)
    at Module.load (module.js:487:32)
    at tryModuleLoad (module.js:446:12)
    at Function.Module._load (module.js:438:3)
    at Module.runMain (module.js:604:10)

Cannot figure out where this error is coming from. I hear it's for security reasons in newer versions of Node but cannot figure out how to get around it.

score 23 · Answer 1 · answered Jan 18 '18 at 21:46

23

I had a similar issue where I was generating a jwt token for Authorization and it was inserting newline characters. Replacing those with token.replace(/\r?\n|\r/g, '') did the trick for me.

answered Jan 18 '18 at 21:46

Justin Kruse

1,020
12
27

1

had this also when pasting token to postman bearer field, accidentally copied new line character from console. – Darius.V Apr 28 '22 at 18:39
I was reading my token from a file, and the new line was in the file – Brad Parks Jan 21 '23 at 16:52

score 9 · Accepted Answer · edited May 27 '19 at 13:55

9

Straight up, looks like we need to use:

 headers: {
    'content-type': 'application/json',
  },

instead of

 headers: {
    'Content-Type': 'application/json',
  },

these types of vague error messages make me sad!

edited May 27 '19 at 13:55

halfer

19,824
17
99
186

answered Apr 03 '17 at 21:20

Alexander Mills

90,741
139
482
817

score 5 · Answer 3 · answered Feb 12 '19 at 03:58

5

That's not why. It's because your dash ‐ is not the standard dash:

> /-/.test('cloudsso‐test.myco.com')
false

> /‐/.test('cloudsso‐test.myco.com')
true

answered Feb 12 '19 at 03:58

Alin Galatan

258
2
9

1

there are 3 dashes - emdash endash and hyphen – Alexander Mills Feb 12 '19 at 07:35

score 2 · Answer 4 · answered Aug 15 '19 at 08:07

I faced with the same error message. Turned out - that response cookie header contained SOH ASCII command => \u0001:

'set-cookie': [ 'someCookieName=rHA\u0001sBlP; path=/; Max-Age=900' ],

So I had to rewrite each header:

Object.entries(headers).forEach(([key, value]) => {
  delete headers[key];
  if (Array.isArray(value)) {
    headers[key] = value.map(v => v.replace(/[\x01]/g, ''));
  } else {
    headers[key] = value.replace(/[\x01]/g, '');
  }
})

Node.js HTTP - TypeError: The header content contains invalid characters

4 Answers4