v7 `RetryAgent` converts header with multiple entries (eg. set-cookie) to `\x00`

[peterhirn]

Bug Description

After upgrading from 6.21.0 to 7.1.0 the response set-cookie header contains \x00 instead of actual values.

Expected

{
  server: 'nginx',
  date: 'Mon, 09 Dec 2024 07:11:11 GMT',
  'content-type': 'application/json; charset=utf-8',
  'content-length': '359',
  connection: 'keep-alive',
  'set-cookie': [
    'CloudFront-Policy=xxx; Path=/; Domain=example.com; HTTPOnly',
    'CloudFront-Key-Pair-Id=xxx; Path=/; Domain=example.com; HTTPOnly',
    'CloudFront-Signature=xxx; Path=/; Domain=example.com; HTTPOnly'
  ]
}

Received

{
  server: 'nginx',
  date: 'Mon, 09 Dec 2024 07:08:57 GMT',
  'content-type': 'application/json; charset=utf-8',
  'content-length': '364',
  connection: 'keep-alive',
  'set-cookie': '\x00\x00\x00',
}

Reproducible By

Expected Behavior

Logs & Screenshots

Environment

Additional context

[metcoder95]

Can you provide an
Minimum Reproducible Example to support you better?

[peterhirn]

Unfortunately I'm unable to reproduce the issue locally. I tried node:http and node:http2 as server and sending multiple set-cookie headers works in both cases.

In production I'm fetching from https://developer.api.autodesk.com to get signed cookies, see https://aps.autodesk.com/blog/download-derivative-files-using-new-signedcookies-api-without-setting-cookies-first-header

In this case the set-cookie header is always \x00\x00\x00 using v7 but works using v6.

Atm I don't have time to investigate this further.

[metcoder95]

Unfortunately without reproduction is hard to assess what might be happening; it can be a bad encoding parsing of the signed header while receiving the response, but that can also be due to bad encoding from the source.

Without isolated reproduction is hard to tell what can be going wrong. Happy to have a look if we can isolate the problem

[peterhirn]

I figured it out. It's a problem with RetryAgent

import http from "node:http";

import { Agent, RetryAgent, request } from "undici";

const port = process.env.PORT ?? 3001;

const server = http
  .createServer(async (_req, res) => {
    const headers = [
      ["set-cookie", "a"],
      ["set-cookie", "b"],
      ["set-cookie", "c"]
    ];
    res.writeHead(200, headers);
    res.end();
  })
  .listen(port, () => {
    console.log("Listening on port", port);
  });

const agent = new Agent();
const retryAgent = new RetryAgent(agent);

const ok = await request(`http://localhost:${port}`, { dispatcher: agent });
const fail = await request(`http://localhost:${port}`, { dispatcher: retryAgent });

console.log("ok", ok.headers);
console.log("fail", fail.headers);

server.close();

Listening on port 3001
ok {
  'set-cookie': [ 'a', 'b', 'c' ],
  date: 'Tue, 10 Dec 2024 18:09:30 GMT',
  connection: 'keep-alive',
  'keep-alive': 'timeout=5',
  'transfer-encoding': 'chunked'
}
fail {
  'set-cookie': '\x00\x00\x00',
  date: 'Tue, 10 Dec 2024 18:09:30 GMT',
  connection: 'keep-alive',
  'keep-alive': 'timeout=5',
  'transfer-encoding': 'chunked'
}

[KhafraDev]

undici/lib/handler/wrap-handler.js

Line 66 in dd7473c

// TODO (fix): What if val is Array

I guess we know what happens when val is an array.