MCPcopy Index your code
hub / github.com/FlowiseAI/Flowise / validateCustomHeaders

Function validateCustomHeaders

packages/components/src/headerValidation.ts:39–78  ·  view source on GitHub ↗
(headers: Record<string, string>)

Source from the content-addressed store, hash-verified

37 * are responsible for mapping to their own error types.
38 */
39export function validateCustomHeaders(headers: Record<string, string>): void {
40 if (!headers || typeof headers !== 'object') {
41 throw new Error('Invalid headers: expected an object')
42 }
43
44 const entries = Object.entries(headers)
45 if (entries.length > MAX_HEADERS) {
46 throw new Error(`Invalid headers: too many entries (max ${MAX_HEADERS})`)
47 }
48
49 for (const [key, value] of entries) {
50 if (typeof key !== 'string' || key.length === 0) {
51 throw new Error('Invalid header: key must be a non-empty string')
52 }
53 if (key.length > MAX_KEY_LENGTH) {
54 throw new Error(`Invalid header "${key}": key exceeds ${MAX_KEY_LENGTH} chars`)
55 }
56 if (!RFC7230_TOKEN.test(key)) {
57 throw new Error(`Invalid header "${key}": key contains illegal characters`)
58 }
59
60 const lower = key.toLowerCase()
61 if (DENIED_HEADER_NAMES.has(lower) || DENIED_HEADER_PREFIXES.some((p) => lower.startsWith(p))) {
62 throw new Error(`Invalid header "${key}": this header name is not allowed`)
63 }
64
65 if (typeof value !== 'string') {
66 throw new Error(`Invalid header "${key}": value must be a string`)
67 }
68 if (value.length > MAX_VALUE_LENGTH) {
69 throw new Error(`Invalid header "${key}": value exceeds ${MAX_VALUE_LENGTH} chars`)
70 }
71 for (let i = 0; i < value.length; i++) {
72 const code = value.charCodeAt(i)
73 if (code === 0x0d || code === 0x0a || (code < 0x20 && code !== 0x09)) {
74 throw new Error(`Invalid header "${key}": value contains illegal control characters`)
75 }
76 }
77 }
78}
79
80/**
81 * Returns a copy of `headers` with credential-bearing entries (Authorization, Cookie, X-Api-Key, …)

Callers 2

assertValidHeadersFunction · 0.85

Calls 1

testMethod · 0.80

Tested by

no test coverage detected