node-http2-proxy

node-http2-proxy copied to clipboard

In HTTP request, if the port is default (http -> 80, https -> 443), the port of url can be optional. And in the [source code](https://github.com/nxtedition/node-http2-proxy/blob/master/compat.js#L82), it also handles scenarios...

dev-itsheng

Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. Commits 7efb22a 1.2.6 ef88b93 security notice for additional prototype pollution issue c2b9819 isConstructorOrProto adapted from PR bc8ecee test from prototype pollution PR See full...

dependabot[bot]

Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.12.2 to 6.12.6. Release notes Sourced from ajv's releases. v6.12.6 Fix performance issue of "url" format. v6.12.5 Fix uri scheme validation (@​ChALkeR). Fix boolean schemas with strictKeywords...

dependabot[bot]

Connection upgrade support only websocket

1

Following code accept only upgrade header equal to `websocket`, thats not correct as stated in [link](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Upgrade) https://github.com/nxtedition/node-http2-proxy/blob/999b05fd4c5365b7de8d6bb8aa125f9cc90a50bf/index.js#L30-L58 For example, the client might send a GET request as shown, listing the...

matus-sabo

At least Chrome sends `:authority` pseudo header instead of `host` header, which breaks both this example and express vhost. Hence I added `req.headers.host` here as well.

pakastin

Bumps [tmpl](https://github.com/daaku/nodejs-tmpl) from 1.0.4 to 1.0.5. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...

dependabot[bot]

 let configDir = path.join(rootPath, 'config'); let serverOptions = { key: fs.readFileSync(path.join(configDir, 'ker.pem')), cert: fs.readFileSync(path.join(configDir, 'cert.pem')), allowHTTP1: true }; this.httpProxyServer = http2.createSecureServer(serverOptions ); this.httpProxyServer.on('request', (req, res) => { http2Proxy.web(req, res,...

introspection3

Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...

dependabot[bot]

Bumps [glob-parent](https://github.com/gulpjs/glob-parent) from 5.1.1 to 5.1.2. Release notes Sourced from glob-parent's releases. v5.1.2 Bug Fixes eliminate ReDoS (#36) (f923116) Changelog Sourced from glob-parent's changelog. 5.1.2 (2021-03-06) Bug Fixes eliminate ReDoS...

dependabot[bot]

Bumps [ws](https://github.com/websockets/ws) from 7.2.3 to 7.4.6. Release notes Sourced from ws's releases. 7.4.6 Bug fixes Fixed a ReDoS vulnerability (00c425ec). A specially crafted value of the Sec-Websocket-Protocol header could be...

dependabot[bot]