fix: validate header name and value in webRequest.onBeforeSendHeaders

[loufultoncz-coder]

Description of Change

Chromium's net::HttpRequestHeaders::SetHeader() uses CHECK() to enforce valid header names and values, which causes a fatal crash if the caller passes invalid strings. When users modify requestHeaders in the onBeforeSendHeaders callback with invalid header names (e.g. containing spaces) or invalid header values (e.g. containing CRLF), the gin::Converternet::HttpRequestHeaders::FromV8() calls SetHeader() directly, triggering the CHECK and crashing the process.

This change adds pre-validation using net::HttpUtil::IsValidHeaderName() and net::HttpUtil::IsValidHeaderValue() before calling SetHeader(), silently skipping invalid headers instead of crashing.

Checklist

• I have built and tested this change
• I have filled out the PR description
• I have reviewed and verified the changes
• npm test passes
• tests are changed or added
• relevant API documentation, tutorials, and examples are updated and follow the documentation style guide
• PR release notes describe the change in a way relevant to app developers, and are capitalized, punctuated, and past tense.

Release Notes

Notes: Fixed a crash when providing invalid HTTP header names or values in the webRequest.onBeforeSendHeaders() callback

[github-actions]

⚠️ This PR contains unsigned commits. This repository enforces commit signatures
for all incoming PRs. To get your PR merged, please sign those commits
(git rebase --exec 'git commit -S --amend --no-edit -n' @{upstream}) and force push them to this branch
(git push --force-with-lease)

For more information on signing commits, see GitHub's documentation on Telling Git about your signing key.

[xakep8]

@loufultoncz-coder please add release note in the PR description.

[loufultoncz-coder]

@loufultoncz-coder please add release note in the PR description.

Done! I've added the release note to the PR description.

[xakep8]

I checked this path locally and the change looks correct to me. @loufultoncz-coder could you also complete the checklist? Thanks.

[ckerr]

This PR is a good idea & should be backported to the maintenance branches.

I had a style nit for the C++ code and made a suggestion to fix a potential timing issue in the new test, but overall this is good. Thanks for the PR!

[loufultoncz-coder]

This PR is a good idea & should be backported to the maintenance branches.

I had a style nit for the C++ code and made a suggestion to fix a potential timing issue in the new test, but overall this is good. Thanks for the PR!

Agreed. I'll make the requested changes. Thank you for the review!

[loufultoncz-coder]

I checked this path locally and the change looks correct to me. @loufultoncz-coder could you also complete the checklist? Thanks.

Thanks for verifying it locally! I have just completed the PR checklist. Let me know if there's anything else needed.

[codebytere]

Thanks! @loufultoncz-coder please note that @xakep8 is in no way officially associated with the project so you can consider his feedback if you so choose but it is not relevant to whether the PR is ultimately approved.

[loufultoncz-coder]

Thanks! @loufultoncz-coder please note that @xakep8 is in no way officially associated with the project so you can consider his feedback if you so choose but it is not relevant to whether the PR is ultimately approved.

Thanks for the clarification and the approval! Really appreciate your time reviewing this.

[release-clerk]

Release Notes Persisted

Fixed a crash when providing invalid HTTP header names or values in the webRequest.onBeforeSendHeaders() callback

[welcome]

Congrats on merging your first pull request! 🎉🎉🎉

[trop]

I have automatically backported this PR to "40-x-y", please check out #51364

[trop]

I have automatically backported this PR to "41-x-y", please check out #51365

[trop]

I have automatically backported this PR to "42-x-y", please check out #51366