HTTP/2 CONNECT request must not include :path pseudo-header
Production Risk
Low — affects HTTP/2 proxy or tunnelling code only.
Thrown when an HTTP/2 CONNECT request includes the :path pseudo-header. RFC 7540 explicitly prohibits :path in CONNECT requests because CONNECT establishes a raw tunnel identified solely by :authority.
- 1Including :path in a manually constructed CONNECT request
- 2Generic request-building code that adds :path to all requests
Triggered when the HTTP/2 client detects :path in a CONNECT request.
const req = client.request({
':method': 'CONNECT',
':authority': 'target.example.com:443',
':path': '/', // forbidden
});expected output
Error [ERR_HTTP2_CONNECT_PATH]: The :path header is forbidden for CONNECT requests
Fix
Omit :path from CONNECT requests
WHEN When constructing HTTP/2 CONNECT requests
const req = client.request({
':method': 'CONNECT',
':authority': 'target.example.com:443',
});Why this works
CONNECT only uses :method and :authority; omitting :path satisfies RFC 7540.
const req = client.request({
':method': 'CONNECT',
':authority': 'target.example.com:443',
':path': '/', // forbidden
}); // this triggers ERR_HTTP2_CONNECT_PATHtry {
// operation that may throw ERR_HTTP2_CONNECT_PATH
riskyOperation()
} catch (err) {
if (err.code === 'ERR_HTTP2_CONNECT_PATH') {
console.error('ERR_HTTP2_CONNECT_PATH:', err.message)
} else {
throw err
}
}// Validate inputs before calling the operation
function safe_err_http2_connect_path(...args) {
// validate args here
return performOperation(...args)
}✕ Copy GET/POST headers verbatim to CONNECT requests
:path is forbidden in CONNECT and will cause an immediate error.
Node.js Error Codes Documentation
Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev