fix(http): options not parsed accurately

[icecrasher321]

Summary

• Node.js Happy Eyeballs lookup callback signature adhered to
• Removing accept-encoding header since Node.js http/https doesn't auto-decompress.

Type of Change

• Bug fix

Testing

Tested manually

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Review	Updated (UTC)
docs	Skipped		Jan 21, 2026 9:35am

[greptile-apps]

Greptile Summary

Fixed two HTTP request handling issues in secureFetchWithPinnedIP:

• Happy Eyeballs DNS lookup callback: Corrected the callback signature to properly handle Node.js's Happy Eyeballs algorithm by checking options.all and returning either a single address or an array of LookupAddress objects
• Removed accept-encoding header: Stripped the accept-encoding header before making requests since Node.js's native http/https modules don't automatically decompress responses like the Fetch API does

These changes ensure compatibility with Node.js's DNS resolution behavior and prevent potential decompression issues when making HTTP requests through the security-pinned fetch mechanism.

Confidence Score: 5/5

• This PR is safe to merge with minimal risk - the changes are well-targeted bug fixes
• Both changes address real issues: the Happy Eyeballs callback signature now correctly handles the options.all parameter per Node.js DNS API specs, and removing accept-encoding prevents bugs since Node.js http/https doesn't auto-decompress. The implementation is correct and the changes are localized to a single function.
• No files require special attention

Important Files Changed

Filename	Overview
apps/sim/lib/core/security/input-validation.ts	Fixed Happy Eyeballs DNS lookup callback signature to handle both single and array address returns; removed accept-encoding header since Node.js http/https doesn't auto-decompress

Sequence Diagram

sequenceDiagram
    participant Client as HTTP Tool
    participant Executor as executeToolRequest
    participant Validator as validateUrlWithDNS
    participant Fetch as secureFetchWithPinnedIP
    participant DNS as dns.lookup
    participant HTTP as Node.js http/https

    Client->>Executor: Execute HTTP request with headers
    Note over Executor: Headers include Accept-Encoding: gzip, deflate, br
    Executor->>Validator: validateUrlWithDNS(url)
    Validator->>DNS: Resolve hostname to IP
    DNS-->>Validator: Resolved IP address
    Validator-->>Executor: { isValid: true, resolvedIP }
    Executor->>Fetch: secureFetchWithPinnedIP(url, resolvedIP, options)
    Note over Fetch: Remove accept-encoding header<br/>(Node.js doesn't auto-decompress)
    Fetch->>Fetch: Create custom lookup function
    Note over Fetch: Handle options.all:<br/>- true: return [{ address, family }]<br/>- false: return (address, family)
    Fetch->>HTTP: http.request() with custom agent
    HTTP->>Fetch: Custom lookup called
    Fetch-->>HTTP: Return pinned IP (not DNS)
    HTTP-->>Fetch: Response (uncompressed)
    Fetch-->>Executor: SecureFetchResponse
    Executor-->>Client: Tool response

Loading