From 0d3809c1f70aa788985693b92a480836fb3d25d3 Mon Sep 17 00:00:00 2001 From: aviu16 <162624394+aviu16@users.noreply.github.com> Date: Sun, 15 Feb 2026 00:28:46 -0500 Subject: [PATCH 1/2] fix: throw error when Content-Type is invalid when you call res.set('Content-Type', value) with something thats not a real MIME type, mime.contentType() returns false and that false was getting coerced to the string "false" and set as the header. now it throws a TypeError instead. fixes #7034 --- lib/response.js | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/response.js b/lib/response.js index f965e539dd2..d14e3900e15 100644 --- a/lib/response.js +++ b/lib/response.js @@ -673,7 +673,11 @@ res.header = function header(field, val) { if (Array.isArray(value)) { throw new TypeError('Content-Type cannot be set to an Array'); } - value = mime.contentType(value) + var contentType = mime.contentType(value); + if (contentType === false) { + throw new TypeError('invalid content type'); + } + value = contentType; } this.setHeader(field, value); From 870327b5da084b3339ec980f53a5e105aed36518 Mon Sep 17 00:00:00 2001 From: aviu16 <162624394+aviu16@users.noreply.github.com> Date: Tue, 17 Feb 2026 00:34:33 -0500 Subject: [PATCH 2/2] test: add regression for invalid Content-Type in res.set --- test/res.set.js | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/test/res.set.js b/test/res.set.js index 04511c1c95f..84631ba9879 100644 --- a/test/res.set.js +++ b/test/res.set.js @@ -31,6 +31,19 @@ describe('res', function(){ .expect('X-Number', '123') .expect(200, 'string', done); }) + + it('should throw when Content-Type is invalid', function (done) { + var app = express() + + app.use(function (req, res) { + res.set('Content-Type', 'not-a-real-content-type') + res.end() + }) + + request(app) + .get('/') + .expect(500, /TypeError: invalid content type/, done) + }) }) describe('.set(field, values)', function(){