HTTP/2 CONNECT request missing :authority pseudo-header
Production Risk
Low — typically affects proxy or tunnelling implementations.
Thrown when an HTTP/2 CONNECT method request does not include the required :authority pseudo-header. Per RFC 7540, CONNECT requests must include :authority and must not include :scheme or :path.
- 1Making an HTTP/2 CONNECT request without specifying :authority
- 2Incorrect manual construction of CONNECT request headers
Triggered when the HTTP/2 client sends a CONNECT request without the :authority pseudo-header.
const req = client.request({
':method': 'CONNECT',
// ':authority' missing
});expected output
Error [ERR_HTTP2_CONNECT_AUTHORITY]: The :authority header is required for CONNECT requests
Fix
Include :authority in CONNECT requests
WHEN When making HTTP/2 CONNECT requests
const req = client.request({
':method': 'CONNECT',
':authority': 'target.example.com:443',
});Why this works
The :authority header identifies the tunnel target, mandatory per RFC 7540 for CONNECT.
const req = client.request({
':method': 'CONNECT',
// ':authority' missing
}); // this triggers ERR_HTTP2_CONNECT_AUTHORITYtry {
// operation that may throw ERR_HTTP2_CONNECT_AUTHORITY
riskyOperation()
} catch (err) {
if (err.code === 'ERR_HTTP2_CONNECT_AUTHORITY') {
console.error('ERR_HTTP2_CONNECT_AUTHORITY:', err.message)
} else {
throw err
}
}// Validate inputs before calling the operation
function safe_err_http2_connect_authority(...args) {
// validate args here
return performOperation(...args)
}✕ Include :scheme or :path with CONNECT requests
RFC 7540 forbids both in CONNECT; only :method and :authority are allowed.
Node.js Error Codes Documentation
Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev