http: added test and fixed behaviour

Author: marco-ippolito

lib/_http_server.js

@@ -1017,7 +1017,18 @@ function parserOnIncoming(server, socket, state, req, keepAlive) {
 
   let handled = false;
 
+
   if (req.httpVersionMajor === 1 && req.httpVersionMinor === 1) {
+
+    // From RFC 7230 5.4 https://datatracker.ietf.org/doc/html/rfc7230#section-5.4
+    // A server MUST respond with a 400 (Bad Request) status code to any
+    // HTTP/1.1 request message that lacks a Host header field
+    if (req.headers.host === undefined) {
+      res.writeHead(400);
+      res.end();
+      return 0;
+    }
+
     const isRequestsLimitSet = (
       typeof server.maxRequestsPerSocket === 'number' &&
       server.maxRequestsPerSocket > 0
@@ -1038,15 +1049,6 @@ function parserOnIncoming(server, socket, state, req, keepAlive) {
     } else if (req.headers.expect !== undefined) {
       handled = true;
 
-      // From RFC 7230 5.4 https://datatracker.ietf.org/doc/html/rfc7230#section-5.4
-      // A server MUST respond with a 400 (Bad Request) status code to any
-      // HTTP/1.1 request message that lacks a Host header field
-      if (req.headers.host === undefined) {
-        res.writeHead(400);
-        res.end();
-        return 0;
-      }
-
       if (RegExpPrototypeExec(continueExpression, req.headers.expect) !== null) {
         res._expect_continue = true;
         if (server.listenerCount('checkContinue') > 0) {

test/parallel/test-http-max-headers-count.js

@@ -59,7 +59,7 @@ server.listen(0, function() {
   const maxAndExpected = [ // for client
     [20, 20],
     [1200, 104],
-    [0, N + 4], // Connection, Date and Transfer-Encoding
+    [0, N + 4], // Host and Connection
   ];
   doRequest();
 

test/parallel/test-http-request-host-header.js

@@ -0,0 +1,21 @@
+'use strict';
+const common = require('../common');
+const assert = require('assert');
+const http = require('http');
+
+const server = http.createServer(common.mustNotCall((req, res) => {
+  res.writeHead(200);
+  res.end();
+}));
+
+// From RFC 7230 5.4 https://datatracker.ietf.org/doc/html/rfc7230#section-5.4
+// A server MUST respond with a 400 (Bad Request) status code to any
+// HTTP/1.1 request message that lacks a Host header field
+server.listen(0, common.mustCall(() => {
+  http.get({ port: server.address().port, headers: [] }, (res) => {
+    assert.strictEqual(res.statusCode, 400);
+    res.resume().on('end', common.mustCall(() => {
+      server.close();
+    }));
+  });
+}));

test/parallel/test-https-max-headers-count.js

@@ -48,7 +48,7 @@ server.listen(0, common.mustCall(() => {
   const maxAndExpected = [ // for client
     [20, 20],
     [1200, 104],
-    [0, N + 4], // Connection, Date and Transfer-Encoding
+    [0, N + 4], // Host and Connection
   ];
   const doRequest = common.mustCall(() => {
     const max = maxAndExpected[responses][0];