├── .eslintignore ├── test ├── .eslintrc.yml ├── known-upstream-hashes.json ├── upstream.js └── test.js ├── .gitignore ├── .eslintrc.yml ├── scripts ├── upstream-common.js ├── update-upstream-hashes.js └── version-history.js ├── .github ├── dependabot.yml └── workflows │ ├── upstream.yml │ ├── codeql.yml │ ├── scorecard.yml │ └── ci.yml ├── HISTORY.md ├── LICENSE ├── package.json ├── README.md └── index.js /.eslintignore: -------------------------------------------------------------------------------- 1 | coverage 2 | node_modules 3 | -------------------------------------------------------------------------------- /test/.eslintrc.yml: -------------------------------------------------------------------------------- 1 | env: 2 | mocha: true 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | coverage 2 | node_modules 3 | npm-debug.log 4 | package-lock.json 5 | -------------------------------------------------------------------------------- /.eslintrc.yml: -------------------------------------------------------------------------------- 1 | root: true 2 | extends: standard 3 | rules: 4 | no-param-reassign: error 5 | -------------------------------------------------------------------------------- /scripts/upstream-common.js: -------------------------------------------------------------------------------- 1 | const crypto = require('crypto') 2 | const http = require('http') 3 | 4 | function getFunctionHash (fn) { 5 | const src = fn.toString().replace(/\s+/g, '') // normalize whitespace 6 | return crypto.createHash('sha256').update(src).digest('hex') 7 | } 8 | 9 | module.exports = { 10 | getFunctionHash, 11 | httpServerResponsePrototype: http.ServerResponse.prototype 12 | } 13 | -------------------------------------------------------------------------------- /test/known-upstream-hashes.json: -------------------------------------------------------------------------------- 1 | { 2 | "knownAppendHeaderHash": "0deb9f70c3bba63993321cca9281fb4607e2567bed1436b8574c5b86698125a8", 3 | "knownRemoveHeaderHash": "3ad5ccb0a858beb6268f281492bd8d42c9815f5316cc3c4f7f735e142fcd29d9", 4 | "knownSetHeaderHash": "2d4f95e92586d28bfd4d3137a8eaacb82b255967d8c26413015c6b56daf0afe7", 5 | "knownWriteHeadHash": "281e0d02084a69893b8c3b8692e3c7c4de2ce22a626217fcf597fa6ddf6955a9" 6 | } 7 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: github-actions 4 | directory: / 5 | schedule: 6 | interval: monthly 7 | 8 | - package-ecosystem: npm 9 | directory: / 10 | schedule: 11 | interval: monthly 12 | time: "23:00" 13 | timezone: Europe/London 14 | open-pull-requests-limit: 10 15 | ignore: 16 | - dependency-name: "*" 17 | update-types: ["version-update:semver-major"] 18 | -------------------------------------------------------------------------------- /HISTORY.md: -------------------------------------------------------------------------------- 1 | 1.1.0 / 2025-07-17 2 | ================== 3 | * Fix [CVE-2025-7339](https://www.cve.org/CVERecord?id=CVE-2025-7339) ([GHSA-76c9-3jph-rj3q](https://github.com/jshttp/on-headers/security/advisories/GHSA-76c9-3jph-rj3q)) 4 | 5 | 6 | 1.0.2 / 2019-02-21 7 | ================== 8 | 9 | * Fix `res.writeHead` patch missing return value 10 | 11 | 1.0.1 / 2015-09-29 12 | ================== 13 | 14 | * perf: enable strict mode 15 | 16 | 1.0.0 / 2014-08-10 17 | ================== 18 | 19 | * Honor `res.statusCode` change in `listener` 20 | * Move to `jshttp` organization 21 | * Prevent `arguments`-related de-opt 22 | 23 | 0.0.0 / 2014-05-13 24 | ================== 25 | 26 | * Initial implementation 27 | -------------------------------------------------------------------------------- /scripts/update-upstream-hashes.js: -------------------------------------------------------------------------------- 1 | const fs = require('fs') 2 | const path = require('path') 3 | const { getFunctionHash, httpServerResponsePrototype: res } = require('../scripts/upstream-common') 4 | 5 | const updatedHashes = { 6 | knownAppendHeaderHash: getFunctionHash(res.appendHeader), 7 | knownRemoveHeaderHash: getFunctionHash(res.removeHeader), 8 | knownSetHeaderHash: getFunctionHash(res.setHeader), 9 | knownWriteHeadHash: getFunctionHash(res.writeHead) 10 | } 11 | 12 | const filename = 'known-upstream-hashes.json' 13 | 14 | const filePath = path.join(__dirname, `../test/${filename}`) 15 | fs.writeFileSync(filePath, JSON.stringify(updatedHashes, null, 2) + '\n', 'utf8') 16 | 17 | console.log(`✅ updated '${filename}' with current method hashes.`) 18 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | (The MIT License) 2 | 3 | Copyright (c) 2014 Douglas Christopher Wilson 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining 6 | a copy of this software and associated documentation files (the 7 | 'Software'), to deal in the Software without restriction, including 8 | without limitation the rights to use, copy, modify, merge, publish, 9 | distribute, sublicense, and/or sell copies of the Software, and to 10 | permit persons to whom the Software is furnished to do so, subject to 11 | the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be 14 | included in all copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, 17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 19 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 20 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 21 | TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 22 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 23 | -------------------------------------------------------------------------------- /.github/workflows/upstream.yml: -------------------------------------------------------------------------------- 1 | name: upstream 2 | 3 | on: 4 | workflow_dispatch: 5 | schedule: 6 | - cron: "33 3 * * 3" # weekly 7 | 8 | permissions: 9 | contents: read 10 | issues: write # to create issues if the upstream check fails 11 | 12 | jobs: 13 | test: 14 | runs-on: ubuntu-latest 15 | strategy: 16 | fail-fast: false 17 | matrix: 18 | node-version: ['latest'] 19 | steps: 20 | - uses: actions/checkout@v4 21 | - name: Use Node.js 22 | uses: actions/setup-node@v4 23 | with: 24 | node-version: ${{ matrix.node-version }} 25 | - run: npm install 26 | - run: npm run upstream 27 | - name: Handle error 28 | if: ${{ failure() }} 29 | uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 30 | with: 31 | script: | 32 | const { owner, repo } = context.repo; 33 | const nodeVersion = process.version; 34 | const issueTitle = `Upstream check failed`; 35 | const issueBody = `Node ${nodeVersion} has made changes to the functions this module depends on. Please review the new function changes, determine if this module requires changes because of them, and update the function hashes. Add a comment below with your findings.`; 36 | 37 | const issue = await github.rest.issues.create({ 38 | owner, 39 | repo, 40 | title: issueTitle, 41 | body: issueBody, 42 | }); 43 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "on-headers", 3 | "description": "Execute a listener when a response is about to write headers", 4 | "version": "1.1.0", 5 | "author": "Douglas Christopher Wilson ", 6 | "license": "MIT", 7 | "keywords": [ 8 | "event", 9 | "headers", 10 | "http", 11 | "onheaders" 12 | ], 13 | "repository": "jshttp/on-headers", 14 | "funding": { 15 | "type": "opencollective", 16 | "url": "https://opencollective.com/express" 17 | }, 18 | "devDependencies": { 19 | "eslint": "6.8.0", 20 | "eslint-config-standard": "14.1.1", 21 | "eslint-plugin-import": "2.21.2", 22 | "eslint-plugin-markdown": "1.0.2", 23 | "eslint-plugin-node": "11.1.0", 24 | "eslint-plugin-promise": "4.2.1", 25 | "eslint-plugin-standard": "4.0.1", 26 | "mocha": "10.2.0", 27 | "nyc": "15.1.0", 28 | "supertest": "4.0.2" 29 | }, 30 | "files": [ 31 | "LICENSE", 32 | "HISTORY.md", 33 | "README.md", 34 | "index.js" 35 | ], 36 | "engines": { 37 | "node": ">= 0.8" 38 | }, 39 | "scripts": { 40 | "lint": "eslint --plugin markdown --ext js,md .", 41 | "test": "mocha --reporter spec --check-leaks test/test.js", 42 | "test-ci": "nyc --reporter=lcov --reporter=text npm test", 43 | "test-cov": "nyc --reporter=html --reporter=text npm test", 44 | "update-upstream-hashes": "node scripts/update-upstream-hashes.js", 45 | "upstream": "mocha --reporter spec --check-leaks test/upstream.js", 46 | "version": "node scripts/version-history.js && git add HISTORY.md" 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /test/upstream.js: -------------------------------------------------------------------------------- 1 | // NOTE: this is a temporary solution to tell us if future changes to the monkey-patched methods 2 | // could impact this package. Recognizing this is not an ideal solution, we plan to address this when 3 | // we can drop the monkey-patching entirely. 4 | const assert = require('assert') 5 | const knownHashes = require('./known-upstream-hashes.json') 6 | const { getFunctionHash, httpServerResponsePrototype: res } = require('../scripts/upstream-common') 7 | 8 | const { knownAppendHeaderHash, knownRemoveHeaderHash, knownSetHeaderHash, knownWriteHeadHash } = knownHashes 9 | 10 | describe('function verification', function () { 11 | it('should match the known function hash of writeHead', function () { 12 | const currentHash = getFunctionHash(res.writeHead) 13 | assert.strictEqual(currentHash, knownWriteHeadHash, 'writeHead hash has changed') 14 | }) 15 | 16 | it('should match the known function hash of setHeader', function () { 17 | const currentHash = getFunctionHash(res.setHeader) 18 | assert.strictEqual(currentHash, knownSetHeaderHash, 'setHeader hash has changed') 19 | }) 20 | 21 | it('should match the known function hash of appendHeader', function () { 22 | const currentHash = getFunctionHash(res.appendHeader) 23 | assert.strictEqual(currentHash, knownAppendHeaderHash, 'appendHeader hash has changed') 24 | }) 25 | 26 | it('should match the known function hash of removeHeader', function () { 27 | const currentHash = getFunctionHash(res.removeHeader) 28 | assert.strictEqual(currentHash, knownRemoveHeaderHash, 'removeHeader hash has changed') 29 | }) 30 | }) 31 | -------------------------------------------------------------------------------- /scripts/version-history.js: -------------------------------------------------------------------------------- 1 | 'use strict' 2 | 3 | var fs = require('fs') 4 | var path = require('path') 5 | 6 | var HISTORY_FILE_PATH = path.join(__dirname, '..', 'HISTORY.md') 7 | var MD_HEADER_REGEXP = /^====*$/ 8 | var VERSION = process.env.npm_package_version 9 | var VERSION_PLACEHOLDER_REGEXP = /^(?:unreleased|(\d+\.)+x)$/ 10 | 11 | var historyFileLines = fs.readFileSync(HISTORY_FILE_PATH, 'utf-8').split('\n') 12 | 13 | if (!MD_HEADER_REGEXP.test(historyFileLines[1])) { 14 | console.error('Missing header in HISTORY.md') 15 | process.exit(1) 16 | } 17 | 18 | if (!VERSION_PLACEHOLDER_REGEXP.test(historyFileLines[0])) { 19 | console.error('Missing placegolder version in HISTORY.md') 20 | process.exit(1) 21 | } 22 | 23 | if (historyFileLines[0].indexOf('x') !== -1) { 24 | var versionCheckRegExp = new RegExp('^' + historyFileLines[0].replace('x', '.+') + '$') 25 | 26 | if (!versionCheckRegExp.test(VERSION)) { 27 | console.error('Version %s does not match placeholder %s', VERSION, historyFileLines[0]) 28 | process.exit(1) 29 | } 30 | } 31 | 32 | historyFileLines[0] = VERSION + ' / ' + getLocaleDate() 33 | historyFileLines[1] = repeat('=', historyFileLines[0].length) 34 | 35 | fs.writeFileSync(HISTORY_FILE_PATH, historyFileLines.join('\n')) 36 | 37 | function getLocaleDate () { 38 | var now = new Date() 39 | 40 | return zeroPad(now.getFullYear(), 4) + '-' + 41 | zeroPad(now.getMonth() + 1, 2) + '-' + 42 | zeroPad(now.getDate(), 2) 43 | } 44 | 45 | function repeat (str, length) { 46 | var out = '' 47 | 48 | for (var i = 0; i < length; i++) { 49 | out += str 50 | } 51 | 52 | return out 53 | } 54 | 55 | function zeroPad (number, length) { 56 | var num = number.toString() 57 | 58 | while (num.length < length) { 59 | num = '0' + num 60 | } 61 | 62 | return num 63 | } 64 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # on-headers 2 | 3 | [![NPM Version][npm-version-image]][npm-url] 4 | [![NPM Downloads][npm-downloads-image]][npm-url] 5 | [![Node.js Version][node-image]][node-url] 6 | [![Build Status][ci-image]][ci-url] 7 | [![Coverage Status][coveralls-image]][coveralls-url] 8 | 9 | Execute a listener when a response is about to write headers. 10 | 11 | ## Installation 12 | 13 | This is a [Node.js](https://nodejs.org/en/) module available through the 14 | [npm registry](https://www.npmjs.com/). Installation is done using the 15 | [`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally): 16 | 17 | ```sh 18 | $ npm install on-headers 19 | ``` 20 | 21 | ## API 22 | 23 | 24 | 25 | ```js 26 | var onHeaders = require('on-headers') 27 | ``` 28 | 29 | ### onHeaders(res, listener) 30 | 31 | This will add the listener `listener` to fire when headers are emitted for `res`. 32 | The listener is passed the `response` object as it's context (`this`). Headers are 33 | considered to be emitted only once, right before they are sent to the client. 34 | 35 | When this is called multiple times on the same `res`, the `listener`s are fired 36 | in the reverse order they were added. 37 | 38 | ## Examples 39 | 40 | ```js 41 | var http = require('http') 42 | var onHeaders = require('on-headers') 43 | 44 | http 45 | .createServer(onRequest) 46 | .listen(3000) 47 | 48 | function addPoweredBy () { 49 | // set if not set by end of request 50 | if (!this.getHeader('X-Powered-By')) { 51 | this.setHeader('X-Powered-By', 'Node.js') 52 | } 53 | } 54 | 55 | function onRequest (req, res) { 56 | onHeaders(res, addPoweredBy) 57 | 58 | res.setHeader('Content-Type', 'text/plain') 59 | res.end('hello!') 60 | } 61 | ``` 62 | 63 | ## Testing 64 | 65 | ```sh 66 | $ npm test 67 | ``` 68 | 69 | ## License 70 | 71 | [MIT](LICENSE) 72 | 73 | [ci-image]: https://badgen.net/github/checks/jshttp/on-headers/master?label=ci 74 | [ci-url]: https://github.com/jshttp/on-headers/actions/workflows/ci.yml 75 | [coveralls-image]: https://badgen.net/coveralls/c/github/jshttp/on-headers/master 76 | [coveralls-url]: https://coveralls.io/r/jshttp/on-headers?branch=master 77 | [node-image]: https://badgen.net/npm/node/on-headers 78 | [node-url]: https://nodejs.org/en/download 79 | [npm-downloads-image]: https://badgen.net/npm/dm/on-headers 80 | [npm-url]: https://npmjs.org/package/on-headers 81 | [npm-version-image]: https://badgen.net/npm/v/on-headers 82 | -------------------------------------------------------------------------------- /.github/workflows/codeql.yml: -------------------------------------------------------------------------------- 1 | # For most projects, this workflow file will not need changing; you simply need 2 | # to commit it to your repository. 3 | # 4 | # You may wish to alter this file to override the set of languages analyzed, 5 | # or to provide custom queries or build logic. 6 | # 7 | # ******** NOTE ******** 8 | # We have attempted to detect the languages in your repository. Please check 9 | # the `language` matrix defined below to confirm you have the correct set of 10 | # supported CodeQL languages. 11 | # 12 | name: "CodeQL" 13 | 14 | on: 15 | push: 16 | branches: ["master"] 17 | pull_request: 18 | # The branches below must be a subset of the branches above 19 | branches: ["master"] 20 | schedule: 21 | - cron: "0 0 * * 1" 22 | 23 | permissions: 24 | contents: read 25 | 26 | jobs: 27 | analyze: 28 | name: Analyze 29 | runs-on: ubuntu-latest 30 | permissions: 31 | actions: read 32 | contents: read 33 | security-events: write 34 | 35 | strategy: 36 | fail-fast: false 37 | matrix: 38 | language: ["javascript"] 39 | # CodeQL supports [ $supported-codeql-languages ] 40 | # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support 41 | 42 | steps: 43 | - name: Checkout repository 44 | uses: actions/checkout@v4 45 | 46 | # Initializes the CodeQL tools for scanning. 47 | - name: Initialize CodeQL 48 | uses: github/codeql-action/init@v3 49 | with: 50 | languages: ${{ matrix.language }} 51 | # If you wish to specify custom queries, you can do so here or in a config file. 52 | # By default, queries listed here will override any specified in a config file. 53 | # Prefix the list here with "+" to use these queries and those in the config file. 54 | 55 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). 56 | # If this step fails, then you should remove it and run the build manually (see below) 57 | - name: Autobuild 58 | uses: github/codeql-action/autobuild@v3 59 | 60 | # ℹ️ Command-line programs to run using the OS shell. 61 | # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun 62 | 63 | # If the Autobuild fails above, remove it and uncomment the following three lines. 64 | # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. 65 | 66 | # - run: | 67 | # echo "Run, Build Application using script" 68 | # ./location_of_script_within_repo/buildscript.sh 69 | 70 | - name: Perform CodeQL Analysis 71 | uses: github/codeql-action/analyze@v3 72 | with: 73 | category: "/language:${{matrix.language}}" 74 | -------------------------------------------------------------------------------- /.github/workflows/scorecard.yml: -------------------------------------------------------------------------------- 1 | # This workflow uses actions that are not certified by GitHub. They are provided 2 | # by a third-party and are governed by separate terms of service, privacy 3 | # policy, and support documentation. 4 | 5 | name: Scorecard supply-chain security 6 | on: 7 | # For Branch-Protection check. Only the default branch is supported. See 8 | # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection 9 | branch_protection_rule: 10 | # To guarantee Maintained check is occasionally updated. See 11 | # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained 12 | schedule: 13 | - cron: '16 21 * * 1' 14 | push: 15 | branches: [ "master" ] 16 | 17 | # Declare default permissions as read only. 18 | permissions: read-all 19 | 20 | jobs: 21 | analysis: 22 | name: Scorecard analysis 23 | runs-on: ubuntu-latest 24 | permissions: 25 | # Needed to upload the results to code-scanning dashboard. 26 | security-events: write 27 | # Needed to publish results and get a badge (see publish_results below). 28 | id-token: write 29 | # Uncomment the permissions below if installing in a private repository. 30 | # contents: read 31 | # actions: read 32 | 33 | steps: 34 | - name: "Checkout code" 35 | uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 36 | with: 37 | persist-credentials: false 38 | 39 | - name: "Run analysis" 40 | uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6 41 | with: 42 | results_file: results.sarif 43 | results_format: sarif 44 | # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: 45 | # - you want to enable the Branch-Protection check on a *public* repository, or 46 | # - you are installing Scorecard on a *private* repository 47 | # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. 48 | # repo_token: ${{ secrets.SCORECARD_TOKEN }} 49 | 50 | # Public repositories: 51 | # - Publish results to OpenSSF REST API for easy access by consumers 52 | # - Allows the repository to include the Scorecard badge. 53 | # - See https://github.com/ossf/scorecard-action#publishing-results. 54 | # For private repositories: 55 | # - `publish_results` will always be set to `false`, regardless 56 | # of the value entered here. 57 | publish_results: true 58 | 59 | # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF 60 | # format to the repository Actions tab. 61 | - name: "Upload artifact" 62 | uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 63 | with: 64 | name: SARIF file 65 | path: results.sarif 66 | retention-days: 5 67 | 68 | # Upload the results to GitHub's code scanning dashboard. 69 | - name: "Upload to code-scanning" 70 | uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2 71 | with: 72 | sarif_file: results.sarif -------------------------------------------------------------------------------- /index.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * on-headers 3 | * Copyright(c) 2014 Douglas Christopher Wilson 4 | * MIT Licensed 5 | */ 6 | 7 | 'use strict' 8 | 9 | /** 10 | * Module exports. 11 | * @public 12 | */ 13 | 14 | module.exports = onHeaders 15 | 16 | var http = require('http') 17 | 18 | // older node versions don't have appendHeader 19 | var isAppendHeaderSupported = typeof http.ServerResponse.prototype.appendHeader === 'function' 20 | var set1dArray = isAppendHeaderSupported ? set1dArrayWithAppend : set1dArrayWithSet 21 | 22 | /** 23 | * Create a replacement writeHead method. 24 | * 25 | * @param {function} prevWriteHead 26 | * @param {function} listener 27 | * @private 28 | */ 29 | 30 | function createWriteHead (prevWriteHead, listener) { 31 | var fired = false 32 | 33 | // return function with core name and argument list 34 | return function writeHead (statusCode) { 35 | // set headers from arguments 36 | var args = setWriteHeadHeaders.apply(this, arguments) 37 | 38 | // fire listener 39 | if (!fired) { 40 | fired = true 41 | listener.call(this) 42 | 43 | // pass-along an updated status code 44 | if (typeof args[0] === 'number' && this.statusCode !== args[0]) { 45 | args[0] = this.statusCode 46 | args.length = 1 47 | } 48 | } 49 | 50 | return prevWriteHead.apply(this, args) 51 | } 52 | } 53 | 54 | /** 55 | * Execute a listener when a response is about to write headers. 56 | * 57 | * @param {object} res 58 | * @return {function} listener 59 | * @public 60 | */ 61 | 62 | function onHeaders (res, listener) { 63 | if (!res) { 64 | throw new TypeError('argument res is required') 65 | } 66 | 67 | if (typeof listener !== 'function') { 68 | throw new TypeError('argument listener must be a function') 69 | } 70 | 71 | res.writeHead = createWriteHead(res.writeHead, listener) 72 | } 73 | 74 | /** 75 | * Set headers contained in array on the response object. 76 | * 77 | * @param {object} res 78 | * @param {array} headers 79 | * @private 80 | */ 81 | 82 | function setHeadersFromArray (res, headers) { 83 | if (headers.length && Array.isArray(headers[0])) { 84 | // 2D 85 | set2dArray(res, headers) 86 | } else { 87 | // 1D 88 | if (headers.length % 2 !== 0) { 89 | throw new TypeError('headers array is malformed') 90 | } 91 | 92 | set1dArray(res, headers) 93 | } 94 | } 95 | 96 | /** 97 | * Set headers contained in object on the response object. 98 | * 99 | * @param {object} res 100 | * @param {object} headers 101 | * @private 102 | */ 103 | 104 | function setHeadersFromObject (res, headers) { 105 | var keys = Object.keys(headers) 106 | for (var i = 0; i < keys.length; i++) { 107 | var k = keys[i] 108 | if (k) res.setHeader(k, headers[k]) 109 | } 110 | } 111 | 112 | /** 113 | * Set headers and other properties on the response object. 114 | * 115 | * @param {number} statusCode 116 | * @private 117 | */ 118 | 119 | function setWriteHeadHeaders (statusCode) { 120 | var length = arguments.length 121 | var headerIndex = length > 1 && typeof arguments[1] === 'string' 122 | ? 2 123 | : 1 124 | 125 | var headers = length >= headerIndex + 1 126 | ? arguments[headerIndex] 127 | : undefined 128 | 129 | this.statusCode = statusCode 130 | 131 | if (Array.isArray(headers)) { 132 | // handle array case 133 | setHeadersFromArray(this, headers) 134 | } else if (headers) { 135 | // handle object case 136 | setHeadersFromObject(this, headers) 137 | } 138 | 139 | // copy leading arguments 140 | var args = new Array(Math.min(length, headerIndex)) 141 | for (var i = 0; i < args.length; i++) { 142 | args[i] = arguments[i] 143 | } 144 | 145 | return args 146 | } 147 | 148 | function set2dArray (res, headers) { 149 | var key 150 | for (var i = 0; i < headers.length; i++) { 151 | key = headers[i][0] 152 | if (key) { 153 | res.setHeader(key, headers[i][1]) 154 | } 155 | } 156 | } 157 | 158 | function set1dArrayWithAppend (res, headers) { 159 | for (var i = 0; i < headers.length; i += 2) { 160 | res.removeHeader(headers[i]) 161 | } 162 | 163 | var key 164 | for (var j = 0; j < headers.length; j += 2) { 165 | key = headers[j] 166 | if (key) { 167 | res.appendHeader(key, headers[j + 1]) 168 | } 169 | } 170 | } 171 | 172 | function set1dArrayWithSet (res, headers) { 173 | var key 174 | for (var i = 0; i < headers.length; i += 2) { 175 | key = headers[i] 176 | if (key) { 177 | res.setHeader(key, headers[i + 1]) 178 | } 179 | } 180 | } 181 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: ci 2 | 3 | on: 4 | - pull_request 5 | - push 6 | 7 | permissions: 8 | contents: read 9 | 10 | jobs: 11 | test: 12 | permissions: 13 | checks: write # for coverallsapp/github-action to create new checks 14 | contents: read # for actions/checkout to fetch code 15 | runs-on: ubuntu-latest 16 | strategy: 17 | fail-fast: false 18 | matrix: 19 | name: 20 | - Node.js 0.8 21 | - Node.js 0.10 22 | - Node.js 0.12 23 | - io.js 1.x 24 | - io.js 2.x 25 | - io.js 3.x 26 | - Node.js 4.x 27 | - Node.js 5.x 28 | - Node.js 6.x 29 | - Node.js 7.x 30 | - Node.js 8.x 31 | - Node.js 9.x 32 | - Node.js 10.x 33 | - Node.js 11.x 34 | - Node.js 12.x 35 | - Node.js 13.x 36 | - Node.js 14.x 37 | - Node.js 15.x 38 | - Node.js 16.x 39 | - Node.js 17.x 40 | - Node.js 18.x 41 | - Node.js 19.x 42 | - Node.js 20.x 43 | - Node.js 21.x 44 | - Node.js 22.x 45 | - Node.js 23.x 46 | - Node.js 24.x 47 | - Node.js 25.x 48 | 49 | include: 50 | - name: Node.js 0.8 51 | node-version: "0.8" 52 | npm-i: mocha@2.5.3 supertest@1.1.0 53 | npm-rm: nyc 54 | 55 | - name: Node.js 0.10 56 | node-version: "0.10" 57 | npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.1 58 | 59 | - name: Node.js 0.12 60 | node-version: "0.12" 61 | npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.1 62 | 63 | - name: io.js 1.x 64 | node-version: "1.8" 65 | npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.1 66 | 67 | - name: io.js 2.x 68 | node-version: "2.5" 69 | npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.1 70 | 71 | - name: io.js 3.x 72 | node-version: "3.3" 73 | npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.1 74 | 75 | - name: Node.js 4.x 76 | node-version: "4.9" 77 | npm-i: mocha@5.2.0 nyc@11.9.0 supertest@3.4.2 78 | 79 | - name: Node.js 5.x 80 | node-version: "5.12" 81 | npm-i: mocha@5.2.0 nyc@11.9.0 supertest@3.4.2 82 | 83 | - name: Node.js 6.x 84 | node-version: "6.17" 85 | npm-i: mocha@6.2.2 nyc@14.1.1 86 | 87 | - name: Node.js 7.x 88 | node-version: "7.10" 89 | npm-i: mocha@6.2.2 nyc@14.1.1 90 | 91 | - name: Node.js 8.x 92 | node-version: "8.17" 93 | npm-i: mocha@7.1.2 nyc@14.1.1 94 | 95 | - name: Node.js 9.x 96 | node-version: "9.11" 97 | npm-i: mocha@7.1.2 nyc@14.1.1 98 | 99 | - name: Node.js 10.x 100 | node-version: "10" 101 | npm-i: mocha@8.4.0 102 | 103 | - name: Node.js 11.x 104 | node-version: "11" 105 | npm-i: mocha@8.4.0 106 | 107 | - name: Node.js 12.x 108 | node-version: "12" 109 | npm-i: mocha@9.2.2 110 | 111 | - name: Node.js 13.x 112 | node-version: "13" 113 | npm-i: mocha@9.2.2 114 | 115 | - name: Node.js 14.x 116 | node-version: "14" 117 | 118 | - name: Node.js 15.x 119 | node-version: "15" 120 | 121 | - name: Node.js 16.x 122 | node-version: "16" 123 | 124 | - name: Node.js 17.x 125 | node-version: "17" 126 | 127 | - name: Node.js 18.x 128 | node-version: "18" 129 | 130 | - name: Node.js 19.x 131 | node-version: "19" 132 | 133 | - name: Node.js 20.x 134 | node-version: "20" 135 | 136 | - name: Node.js 21.x 137 | node-version: "21" 138 | 139 | - name: Node.js 22.x 140 | node-version: "22" 141 | 142 | - name: Node.js 23.x 143 | node-version: "23" 144 | 145 | - name: Node.js 24.x 146 | node-version: "24" 147 | 148 | - name: Node.js 25.x 149 | node-version: "25" 150 | 151 | steps: 152 | - uses: actions/checkout@v3 153 | 154 | - name: Install Node.js ${{ matrix.node-version }} 155 | shell: bash -eo pipefail -l {0} 156 | run: | 157 | nvm install --default ${{ matrix.node-version }} 158 | if [[ "${{ matrix.node-version }}" == 0.* && "$(cut -d. -f2 <<< "${{ matrix.node-version }}")" -lt 10 ]]; then 159 | nvm install --alias=npm 0.10 160 | nvm use ${{ matrix.node-version }} 161 | if [[ "$(npm -v)" == 1.1.* ]]; then 162 | nvm exec npm npm install -g npm@1.1 163 | ln -fs "$(which npm)" "$(dirname "$(nvm which npm)")/npm" 164 | else 165 | sed -i '1s;^.*$;'"$(printf '#!%q' "$(nvm which npm)")"';' "$(readlink -f "$(which npm)")" 166 | fi 167 | npm config set strict-ssl false 168 | fi 169 | dirname "$(nvm which ${{ matrix.node-version }})" >> "$GITHUB_PATH" 170 | 171 | - name: Configure npm 172 | run: | 173 | if [[ "$(npm config get package-lock)" == "true" ]]; then 174 | npm config set package-lock false 175 | else 176 | npm config set shrinkwrap false 177 | fi 178 | 179 | - name: Remove npm module(s) ${{ matrix.npm-rm }} 180 | run: npm rm --silent --save-dev ${{ matrix.npm-rm }} 181 | if: matrix.npm-rm != '' 182 | 183 | - name: Install npm module(s) ${{ matrix.npm-i }} 184 | run: npm install --save-dev ${{ matrix.npm-i }} 185 | if: matrix.npm-i != '' 186 | 187 | - name: Setup Node.js version-specific dependencies 188 | shell: bash 189 | run: | 190 | # eslint for linting 191 | # - remove on Node.js < 12 192 | if [[ "$(cut -d. -f1 <<< "${{ matrix.node-version }}")" -lt 12 ]]; then 193 | node -pe 'Object.keys(require("./package").devDependencies).join("\n")' | \ 194 | grep -E '^eslint(-|$)' | \ 195 | sort -r | \ 196 | xargs -n1 npm rm --silent --save-dev 197 | fi 198 | 199 | - name: Install Node.js dependencies 200 | run: npm install 201 | 202 | - name: List environment 203 | id: list_env 204 | shell: bash 205 | run: | 206 | echo "node@$(node -v)" 207 | echo "npm@$(npm -v)" 208 | npm -s ls ||: 209 | (npm -s ls --depth=0 ||:) | awk -F'[ @]' 'NR>1 && $2 { print $2 "=" $3 }' >> "$GITHUB_OUTPUT" 210 | 211 | - name: Run tests 212 | shell: bash 213 | run: | 214 | if npm -ps ls nyc | grep -q nyc; then 215 | npm run test-ci 216 | else 217 | npm test 218 | fi 219 | 220 | - name: Lint code 221 | if: steps.list_env.outputs.eslint != '' 222 | run: npm run lint 223 | 224 | - name: Collect code coverage 225 | uses: coverallsapp/github-action@master 226 | if: steps.list_env.outputs.nyc != '' 227 | with: 228 | github-token: ${{ secrets.GITHUB_TOKEN }} 229 | flag-name: run-${{ matrix.test_number }} 230 | parallel: true 231 | 232 | coverage: 233 | permissions: 234 | checks: write # for coverallsapp/github-action to create new checks 235 | needs: test 236 | runs-on: ubuntu-latest 237 | steps: 238 | - name: Upload code coverage 239 | uses: coverallsapp/github-action@master 240 | with: 241 | github-token: ${{ secrets.GITHUB_TOKEN }} 242 | parallel-finished: true 243 | -------------------------------------------------------------------------------- /test/test.js: -------------------------------------------------------------------------------- 1 | 2 | var assert = require('assert') 3 | var http = require('http') 4 | var onHeaders = require('..') 5 | var request = require('supertest') 6 | 7 | // older node versions don't have appendHeader 8 | var isAppendHeaderSupported = typeof http.ServerResponse.prototype.appendHeader === 'function' 9 | 10 | describe('onHeaders(res, listener)', function () { 11 | it('should fire after setHeader', function (done) { 12 | var server = createServer(echoListener) 13 | 14 | request(server) 15 | .get('/') 16 | .expect('X-Outgoing-Echo', 'test') 17 | .expect(200, done) 18 | }) 19 | 20 | it('should fire before write', function (done) { 21 | var server = createServer(echoListener, handler) 22 | 23 | function handler (req, res) { 24 | res.setHeader('X-Outgoing', 'test') 25 | res.write('1') 26 | } 27 | 28 | request(server) 29 | .get('/') 30 | .expect('X-Outgoing-Echo', 'test') 31 | .expect(200, '1', done) 32 | }) 33 | 34 | it('should fire with no headers', function (done) { 35 | var server = createServer(listener, handler) 36 | 37 | function handler (req, res) {} 38 | 39 | function listener (req, res) { 40 | this.setHeader('X-Headers', getAllHeaderNames(this).join(',')) 41 | } 42 | 43 | request(server) 44 | .get('/') 45 | .expect('X-Headers', '') 46 | .expect(200, done) 47 | }) 48 | 49 | it('should fire only once', function (done) { 50 | var count = 0 51 | var server = createServer(listener, handler) 52 | 53 | function handler (req, res) { 54 | res.writeHead(200) 55 | 56 | try { res.writeHead(200) } catch (e) {} 57 | } 58 | 59 | function listener (req, res) { 60 | count++ 61 | } 62 | 63 | request(server) 64 | .get('/') 65 | .expect(200, function (err) { 66 | if (err) return done(err) 67 | assert.strictEqual(count, 1) 68 | done() 69 | }) 70 | }) 71 | 72 | it('should fire in reverse order', function (done) { 73 | var server = createServer(echoListener, handler) 74 | 75 | function handler (req, res) { 76 | onHeaders(res, appendHeader(1)) 77 | onHeaders(res, appendHeader(2)) 78 | onHeaders(res, appendHeader(3)) 79 | res.setHeader('X-Outgoing', 'test') 80 | } 81 | 82 | request(server) 83 | .get('/') 84 | .expect('X-Outgoing-Echo', 'test,3,2,1') 85 | .expect(200, done) 86 | }) 87 | 88 | describe('arguments', function () { 89 | describe('res', function () { 90 | it('should be required', function () { 91 | assert.throws(onHeaders.bind(), /res.*required/) 92 | }) 93 | }) 94 | 95 | describe('listener', function () { 96 | it('should be required', function (done) { 97 | var server = createServer() 98 | 99 | request(server) 100 | .get('/') 101 | .expect(500, /listener.*function/, done) 102 | }) 103 | 104 | it('should only accept function', function (done) { 105 | var server = createServer(42) 106 | 107 | request(server) 108 | .get('/') 109 | .expect(500, /listener.*function/, done) 110 | }) 111 | }) 112 | }) 113 | 114 | describe('setHeader', function () { 115 | it('should be available in listener', function (done) { 116 | var server = createServer(echoListener) 117 | 118 | request(server) 119 | .get('/') 120 | .expect('X-Outgoing-Echo', 'test') 121 | .expect(200, done) 122 | }) 123 | }) 124 | 125 | describe('writeHead(status)', function () { 126 | it('should make status available in listener', function (done) { 127 | var server = createServer(listener, handler) 128 | 129 | function handler (req, res) { 130 | res.writeHead(201) 131 | } 132 | 133 | function listener (req, res) { 134 | this.setHeader('X-Status', this.statusCode) 135 | } 136 | 137 | request(server) 138 | .get('/') 139 | .expect('X-Status', '201') 140 | .expect(201, done) 141 | }) 142 | 143 | it('should allow manipulation of status in listener', function (done) { 144 | var server = createServer(listener, handler) 145 | 146 | function handler (req, res) { 147 | res.writeHead(201) 148 | } 149 | 150 | function listener (req, res) { 151 | this.setHeader('X-Status', this.statusCode) 152 | this.statusCode = 202 153 | } 154 | 155 | request(server) 156 | .get('/') 157 | .expect('X-Status', '201') 158 | .expect(202, done) 159 | }) 160 | 161 | it('should pass-through core error', function (done) { 162 | var server = createServer(appendHeader(1), handler) 163 | 164 | function handler (req, res) { 165 | res.writeHead() // error 166 | } 167 | 168 | request(server) 169 | .get('/') 170 | .expect(500, done) 171 | }) 172 | 173 | it('should retain return value', function (done) { 174 | var server = http.createServer(function (req, res) { 175 | if (req.url === '/attach') { 176 | onHeaders(res, appendHeader(1)) 177 | } 178 | 179 | res.end(typeof res.writeHead(200)) 180 | }) 181 | 182 | request(server) 183 | .get('/') 184 | .expect(200, function (err, res) { 185 | if (err) return done(err) 186 | request(server) 187 | .get('/attach') 188 | .expect(200, res.text, done) 189 | }) 190 | }) 191 | }) 192 | 193 | describe('writeHead(status, reason)', function () { 194 | it('should be available in listener', function (done) { 195 | var server = createServer(echoListener, handler) 196 | 197 | function handler (req, res) { 198 | res.setHeader('X-Outgoing', 'test') 199 | res.writeHead(200, 'OK') 200 | } 201 | 202 | request(server) 203 | .get('/') 204 | .expect('X-Outgoing-Echo', 'test') 205 | .expect(200, done) 206 | }) 207 | }) 208 | 209 | describe('writeHead(status, reason, obj)', function () { 210 | it('should be available in listener', function (done) { 211 | var server = createServer(echoListener, handler) 212 | 213 | function handler (req, res) { 214 | res.writeHead(200, 'OK', { 'X-Outgoing': 'test' }) 215 | } 216 | 217 | request(server) 218 | .get('/') 219 | .expect('X-Outgoing-Echo', 'test') 220 | .expect(200, done) 221 | }) 222 | }) 223 | 224 | describe('writeHead(status, obj)', function () { 225 | it('should be available in listener', function (done) { 226 | var server = createServer(listener, handler) 227 | 228 | function handler (req, res) { 229 | res.writeHead(201, { 'X-Outgoing': 'test' }) 230 | } 231 | 232 | function listener (req, res) { 233 | this.setHeader('X-Status', this.statusCode) 234 | this.setHeader('X-Outgoing-Echo', this.getHeader('X-Outgoing')) 235 | } 236 | 237 | request(server) 238 | .get('/') 239 | .expect('X-Status', '201') 240 | .expect('X-Outgoing-Echo', 'test') 241 | .expect(201, done) 242 | }) 243 | 244 | it('should handle falsy keys', function (done) { 245 | var server = createServer(listener, handler) 246 | 247 | function handler (req, res) { 248 | res.writeHead(201, { 'X-Outgoing': 'test', '': 'test' }) 249 | } 250 | 251 | function listener (req, res) { 252 | this.setHeader('X-Status', this.statusCode) 253 | this.setHeader('X-Outgoing-Echo', this.getHeader('X-Outgoing')) 254 | } 255 | 256 | request(server) 257 | .get('/') 258 | .expect('X-Status', '201') 259 | .expect('X-Outgoing-Echo', 'test') 260 | .expect(201, done) 261 | }) 262 | }) 263 | 264 | describe('writeHead(status, arr)', function () { 265 | it('should be available in listener', function (done) { 266 | var server = createServer(listener, handler) 267 | 268 | function handler (req, res) { 269 | res.writeHead(201, [['X-Outgoing', 'test']]) 270 | } 271 | 272 | function listener (req, res) { 273 | this.setHeader('X-Status', this.statusCode) 274 | this.setHeader('X-Outgoing-Echo', this.getHeader('X-Outgoing')) 275 | } 276 | 277 | request(server) 278 | .get('/') 279 | .expect('X-Status', '201') 280 | .expect('X-Outgoing-Echo', 'test') 281 | .expect(201, done) 282 | }) 283 | 284 | it('should ignore empty header key', function (done) { 285 | var server = createServer(listener, handler) 286 | 287 | function handler (req, res) { 288 | res.writeHead(201, [['', 'test']]) 289 | } 290 | 291 | function listener (req, res) { 292 | } 293 | 294 | request(server) 295 | .get('/') 296 | .expect(201, done) 297 | }) 298 | }) 299 | 300 | describe('writeHead(status, flat arr)', function () { 301 | it('should be available in listener', function (done) { 302 | var server = createServer(listener, handler) 303 | 304 | function handler (req, res) { 305 | res.writeHead(201, ['X-Outgoing', 'test']) 306 | } 307 | 308 | function listener (req, res) { 309 | this.setHeader('X-Status', this.statusCode) 310 | this.setHeader('X-Outgoing-Echo', this.getHeader('X-Outgoing')) 311 | } 312 | 313 | request(server) 314 | .get('/') 315 | .expect('X-Status', '201') 316 | .expect('X-Outgoing-Echo', 'test') 317 | .expect(201, done) 318 | }) 319 | 320 | it('should ignore empty header key', function (done) { 321 | var server = createServer(listener, handler) 322 | 323 | function handler (req, res) { 324 | res.writeHead(201, ['', 'test']) 325 | } 326 | 327 | function listener (req, res) { 328 | } 329 | 330 | request(server) 331 | .get('/') 332 | .expect(201, done) 333 | }) 334 | }) 335 | 336 | describe('writeHead(status, invalid flat arr)', function () { 337 | it('should throw on malformed array', function (done) { 338 | var server = createServer(listener, handler) 339 | 340 | function handler (req, res) { 341 | assert.throws(function () { 342 | res.writeHead(201, ['foo', 'bar', 'baz']) 343 | }, 344 | TypeError) 345 | } 346 | 347 | function listener (req, res) { 348 | } 349 | 350 | // gets a 200 here because we caught the error via assert.throws 351 | request(server) 352 | .get('/') 353 | .expect(200, done) 354 | }) 355 | 356 | it('should return 500 on malformed array', function (done) { 357 | var server = createServer(listener, handler) 358 | 359 | function handler (req, res) { 360 | res.writeHead(201, ['foo', 'bar', 'baz']) 361 | res.end('no soup for you!') 362 | } 363 | 364 | function listener (req, res) { 365 | } 366 | 367 | request(server) 368 | .get('/') 369 | .expect(500, done) 370 | }) 371 | }) 372 | 373 | describe('writeHead(status, duplicate headers)', function () { 374 | it('should be respected', function (done) { 375 | var server = createServer(listener, handler) 376 | 377 | function handler (req, res) { 378 | res.writeHead(201, ['express', 'is good', 'express', 'is great']) 379 | } 380 | 381 | function listener (req, res) { 382 | // no need to duplicate existing listener tests further... right? 383 | } 384 | 385 | var response = request(server).get('/') 386 | 387 | if (isAppendHeaderSupported) { 388 | response 389 | .expect('express', 'is good, is great') 390 | } else { 391 | response 392 | .expect('express', 'is great') 393 | } 394 | 395 | response 396 | .expect(201) 397 | .end(function (err, res) { 398 | if (err) throw err 399 | 400 | var expressIsGood = false 401 | var expressIsGreat = false 402 | 403 | // very old node versions do not have the `rawHeaders` prop 404 | var headers = res.res.rawHeaders || res.res.headers 405 | 406 | if (headers.length) { 407 | for (var i = 0; i < headers.length; i++) { 408 | const header = headers[i] 409 | 410 | if (header === 'express') { 411 | if (headers[i + 1] === 'is good') { 412 | expressIsGood = true 413 | } else if (headers[i + 1] === 'is great') { 414 | expressIsGreat = true 415 | } 416 | } 417 | } 418 | } else { 419 | expressIsGreat = headers.express === 'is great' 420 | } 421 | 422 | if (isAppendHeaderSupported) { 423 | assert.ok(expressIsGood) 424 | } 425 | 426 | assert.ok(expressIsGreat) 427 | 428 | done() 429 | }) 430 | }) 431 | }) 432 | }) 433 | 434 | function createServer (listener, handler) { 435 | var fn = handler || echoHandler 436 | 437 | return http.createServer(function (req, res) { 438 | try { 439 | onHeaders(res, listener) 440 | fn(req, res) 441 | res.statusCode = 200 442 | } catch (err) { 443 | res.statusCode = 500 444 | res.write(err.message) 445 | } finally { 446 | res.end() 447 | } 448 | }) 449 | } 450 | 451 | function appendHeader (num) { 452 | return function onHeaders () { 453 | this.setHeader('X-Outgoing', this.getHeader('X-Outgoing') + ',' + num) 454 | } 455 | } 456 | 457 | function echoHandler (req, res) { 458 | res.setHeader('X-Outgoing', 'test') 459 | } 460 | 461 | function echoListener () { 462 | this.setHeader('X-Outgoing-Echo', this.getHeader('X-Outgoing')) 463 | } 464 | 465 | function getAllHeaderNames (res) { 466 | return typeof res.getHeaderNames !== 'function' 467 | ? Object.keys(this._headers || {}) 468 | : res.getHeaderNames() 469 | } 470 | --------------------------------------------------------------------------------