javascript - http.get Parse Error, code: 'HPE_UNEXPECTED_CONTENT_LENGTH'

Question

I have a simple node script to process some data from my home automation API. Everything worked fine till last Node update. Now, with Node version 4.3.0 or 5.6.0, the http module gives me this error:

{ [Error: Parse Error] bytesParsed: 193, code: 'HPE_UNEXPECTED_CONTENT_LENGTH' }

An example of the API call causing the error, it just returns one number (a temperature):

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 5
Content-Type: application/json
Transfer-Encoding: chunked

21.81

And a code to reproduce an error:

const http = require("http");
const url = "http://127.0.0.1:8083/ZWaveAPI/Run/devices[11].instances[2].commandClasses[49].data[1].val.value";

http.get(url, (res) => {
    // consume response body
    res.resume();
}).on("error", (e) => {
    console.log(e);
});

I think that error related to the CVE-2016-2216 Response Splitting Vulnerability, but I tried to run the script with mentioned there --security-revert=CVE-2016-2216 flag and it didn't help. Any ideas?

Answer 1

I found this commit log. The problem seems is Content-Length and Transfer-encoding: chunked headers exist together:

the server is sending both a Content-Length header and a Transfer-Encoding: chunked header, which is a violation of the HTTP spec.