Node security release makes http-proxy crash

Created by: fjakobs

The recent security release https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/ of node.js makes header parsing much more strict:

To fix this defect, HTTP header parsing in Node.js, for both requests and responses, is moving closer to the formal HTTP specification. HTTP headers containing characters outside of the valid set for tokens will be rejected. This check is performed for both requests and responses, for Node.js HTTP servers and clients.

Setting headers can throw now at https://github.com/nodejitsu/node-http-proxy/blob/master/lib/http-proxy/passes/web-outgoing.js#L86.

Here the change in node.js https://github.com/nodejs/node/blob/fab240a886b69ef9fa78573fc210c15cfe0018f0/lib/_http_outgoing.js#L309

I'm getting The header content contains invalid characters error and then I get an uncaught exception.

Since I don't control the app being proxied and I can't wrap this call into a try/catch, this needs to be fixed in http-proxy.