I have a simple node script to process some data from my home automation API. Everything worked fine till last Node update. Now, with Node version 4.3.0 or 5.6.0, the http module gives me this error:
{ [Error: Parse Error] bytesParsed: 193, code: 'HPE_UNEXPECTED_CONTENT_LENGTH' }
An example of the API call causing the error, it just returns one number (a temperature):
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 5
Content-Type: application/json
Transfer-Encoding: chunked
21.81
And a code to reproduce an error:
const http = require("http");
const url = "http://127.0.0.1:8083/ZWaveAPI/Run/devices[11].instances[2].commandClasses[49].data[1].val.value";
http.get(url, (res) => {
    // consume response body
    res.resume();
}).on("error", (e) => {
    console.log(e);
});
I think that error related to the CVE-2016-2216 Response Splitting Vulnerability, but I tried to run the script with mentioned there --security-revert=CVE-2016-2216 flag and it didn't help. Any ideas?
I found this commit log. The problem seems is Content-Length and Transfer-encoding: chunked headers exist together:
the server is sending both a Content-Length header and a Transfer-Encoding: chunked header, which is a violation of the HTTP spec.
As said in the previous answer this is node design as per HTTP standards. i got this issue when I was trying to access REST-API (a content disposition call) in my DEV server from my Angular App running in my local machine. API was not adding these headers Content-Length and Transfer Encoding. The issue resolved when the app was also deployed to Dev server (Angular App and REST API in same server).
From what I understood, Remove one header if both are being added in API or Try deploying app in Server.
This is a useful link on this issue - https://github.com/request/request/issues/2091
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With