fix(http-request): prevent uncaught exceptions in async hooks#5392
Conversation
This PR fixes several issues that can cause uncaught exceptions and crash Node-RED: 1. Fixed typo: `toLowercase()` -> `toLowerCase()` in getHeaderValue() 2. Added try-catch to beforeRequest hook 3. Added try-catch to beforeRedirect hook 4. Added try-catch to afterResponse hook (digest auth) 5. Added input validation to extractCookies() with array check 6. Added input validation to buildDigestHeader() for nonce/realm These changes ensure that malformed responses or invalid data from servers don't crash the entire Node-RED runtime. Fixes: Uncaught exceptions in HTTP request node
|
Hi, thanks for this, we will review it properly later, A quick check, the |
|
Thanks for the quick response! You're right about We've tested these fixes on our fleet of 2400+ devices running Node-RED in production, and the uncaught exception issues have been resolved. The main culprits were the unprotected async hooks and malformed server responses causing crashes. (ZJ and knoleary know me - Dennis from Smart-e-Grid) |
|
Tests pass on my fork: https://github.com/Dennis-SEG/node-red/actions/runs/20619051251 The CI failure on this PR is an unrelated flaky test in the trigger node ( |
|
@Dennis-SEG thanks for this. I'm back at my desk after the Christmas break. Will get this reviewed and (hopefully) into this week's maintenance release. |
Removed 'fix/**' branch from push triggers.
3 participants
This PR fixes several issues that can cause uncaught exceptions and crash Node-RED:
toLowercase()->toLowerCase()in getHeaderValue()These changes ensure that malformed responses or invalid data from servers don't crash the entire Node-RED runtime.
Fixes: Uncaught exceptions in HTTP request node
Proposed changes
Checklist
npm run testto verify the unit tests pass