feat(http): add HTTP2 support; (#7150)#1
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 3 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
|
|
||
| const http2Transport = { | ||
| request(options, cb) { | ||
| const authority = options.protocol + '//' + options.hostname + ':' + (options.port || 80); |
There was a problem hiding this comment.
HTTP2 uses wrong default port for HTTPS connections
High Severity
When constructing the HTTP/2 authority, options.port || 80 always defaults to port 80, regardless of protocol. For HTTPS URLs without explicit ports (e.g., https://httpbin.org/post), this constructs an authority like https://httpbin.org:80 instead of https://httpbin.org:443. Since HTTPS services listen on port 443 by default, this causes HTTP/2 connections to fail. The README documentation example at line 1718 would not work due to this bug.
|
|
||
| response.statusCode = +status; | ||
|
|
||
| cb(response); |
There was a problem hiding this comment.
HTTP2 responses have undefined statusText
Medium Severity
The http2Transport response handler sets statusCode and headers on the response object but never sets statusMessage. When the response is built at line 696 using statusText: res.statusMessage, HTTP/2 responses will have statusText: undefined. This violates the TypeScript type definition (statusText: string) and could break user code that assumes statusText is always a string.
Additional Locations (1)
| } | ||
| } | ||
| } | ||
| }); |
There was a problem hiding this comment.
Missing error handler on HTTP/2 session causes crashes
High Severity
The HTTP/2 session created via connect() only has a 'close' event handler but no 'error' handler. In Node.js, when an EventEmitter emits 'error' without a listener, it throws an uncaught exception. HTTP/2 sessions can emit errors for connection failures, TLS/SSL issues, protocol violations, and GOAWAY frames. Without an error handler, these scenarios would crash the process rather than being caught and properly rejected.
2 participants
PR_021
Note
Medium Risk
Touches the core Node transport (
lib/adapters/http.js) and introduces new protocol/session behavior, which could impact request lifecycle/cancellation and connection reuse; changes are mitigated by extensive new tests but still affect a critical code path.Overview
Adds experimental HTTP/2 support to the Node
httpadapter via a newhttpVersionconfig (1 or 2) that switches request execution to ahttp2-based transport.Introduces
http2Options(including asessionTimeoutdefaulting to1000ms) and implements per-authority HTTP/2 session pooling/reuse keyed by resolved options, plus adapter changes to better unify abort/timeout/cancel handling across HTTP/1 and HTTP/2 (e.g., usingreq.close()when available and ensuring cleanup for stream responses).Updates TypeScript definitions, README documentation, test infrastructure (adds HTTP/2 secure server support with self-signed certs), and adds a comprehensive HTTP/2 test suite covering payloads, response types, timeouts/cancellation, and session reuse; also tweaks rate-limit test tolerances.
Written by Cursor Bugbot for commit d676df7. This will update automatically on new commits. Configure here.