2

I'm calling an API that returns 5 keys in the header including Transfer-encoding:chunked and Content-Length values, in the header.

According to stackoverflow question, and this below, this is illegal:

"...Node.js server returns a parse error with code HPE_UNEXPECTED_CONTENT_LENGTH when consuming the endpoint, because the response headers contains both Transfer-encoding:chunked and Content-Length values. This is considered has an error as specified in RFC 7230 section 3.3.3.3 : If a message is received with both a Transfer-Encoding and a Content-Length header field, the Transfer-Encoding overrides the Content-Length. Such a message might indicate an attempt to perform request smuggling (Section 9.5) or response splitting (Section 9.4) and ought to be handled as an error. A sender MUST remove the received Content-Length field prior to forwarding such a message downstream." (1)

I'm using node.js and npm-request module to send the request and try and parse the response. The function being called is 

function createPostAPI(req, res, userid, detailText, title, location, custImpact){
 var myJSONObject = {
    "userId" : userid,
    "apiKey" : "{API-Key}",
    "detail" : {
      "detailText" : detailText
    },
    "info" : {
      "title":title
      "location" : location,
      "priority" : 0,
      "customerImpact" : custImpact
    }
  }   

  request1({
    url: "http://theAPIurl", 
    method: "POST",
    body:JSON.stringify(myJSONObject)
    json: true,   // <--Very important!!!
    body: myJSONObject    
  }, function (error, response, body){          
      console.log(error);
      console.log(response);
      console.log(body);          
  });
}

This is the error i get as expected :

{ Error: Parse Error
at Error (native)
at Socket.socketOnData (_http_client.js:362:20)
at emitOne (events.js:96:13)
at Socket.emit (events.js:188:7)
at readableAddChunk (_stream_readable.js:176:18)
at Socket.Readable.push (_stream_readable.js:134:10)
at TCP.onread (net.js:547:20) bytesParsed: 194, code: 'HPE_UNEXPECTED_CONTENT_LENGTH' }

However, I can see that the API call is working, since I can visually verify that it's working! Also using Postman I can see the response that I need!

Postman Response:

The header with the 2 headers (content-length and transfer-encoding): enter image description here

The response body that I need that i can see being returned: body returned correctly via postman

So finally my question is, is there anything i can do from my side (client) to avoid the error and read that http response from the server (even though the format is wrong)? How come I can see the body in Postman? Any ideas would be truly appreciated!

Using node v6.10.3

Reference: (1) https://jira.spring.io/browse/SPR-15212

ajivani
  • 414
  • 1
  • 6
  • 11

0 Answers0