From 1dfd09c2854d48cc5162a8fed289c359e1fbe1af Mon Sep 17 00:00:00 2001
From: Steve Herzog <srherzog@gmail.com>
Date: Wed, 1 Feb 2023 12:38:59 -0600
Subject: [PATCH] http: fix validation of "Link" header

Updated regex for "Link" header validation to match the specification in RFC 8288 section 3. Alternative to another outstanding PR that disables validation entirely.

Fixes: https://github.com/nodejs/node/issues/46453
Refs: https://www.rfc-editor.org/rfc/rfc8288.html#section-3
Refs: https://github.com/nodejs/node/pull/46464
---
 lib/internal/validators.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/internal/validators.js b/lib/internal/validators.js
index 50b3016ab78ec2..67ffd312e14d0f 100644
--- a/lib/internal/validators.js
+++ b/lib/internal/validators.js
@@ -459,7 +459,7 @@ function validateUnion(value, name, union) {
   }
 }
 
-const linkValueRegExp = /^(?:<[^>]*>;)\s*(?:rel=(")?[^;"]*\1;?)\s*(?:(?:as|anchor|title|crossorigin|disabled|fetchpriority|rel|referrerpolicy)=(")?[^;"]*\2)?$/;
+const linkValueRegExp = /^(?:<[^>]*>)(?:\s*;\s*[^;"]+(?:=(")?[^;"]*\1)?)*$/;
 
 /**
  * @param {any} value
@@ -473,7 +473,7 @@ function validateLinkHeaderFormat(value, name) {
     throw new ERR_INVALID_ARG_VALUE(
       name,
       value,
-      'must be an array or string of format "</styles.css>; rel=preload; as=style"'
+      `must be an array or string of format '</styles.css>; rel=preload; as="style"'`
     );
   }
 }