Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-5894

HTTP2 connection-specific headers check in request

    XMLWordPrintable

Details

    • Bug
    • Status: Verified (View Workflow)
    • Minor
    • Resolution: Done
    • 7.1.0.DR4
    • 7.1.0.DR5
    • Undertow
    • None

    Description

      According to the HTTP2 spec - Connection-Specific Header Fields, HTTP2 request

      1. must not contain "connection" header
      2. may contain 'te' header but only with 'trailers' value

      HTTP/2 does not use the Connection header field to indicate
      connection-specific header fields; in this protocol, connection-
      specific metadata is conveyed by other means. An endpoint MUST NOT
      generate an HTTP/2 message containing connection-specific header
      fields; any message containing connection-specific header fields MUST
      be treated as malformed (Section 8.1.2.6).

      The only exception to this is the TE header field, which MAY be
      present in an HTTP/2 request; when it is, it MUST NOT contain any
      value other than "trailers".

      Currently there is no such check in Undertow processing request. Thus such requests are processed successfully instead of being rejected as malformed.

      Attachments

        Issue Links

          Activity

            People

              sdouglas1@redhat.com Stuart Douglas
              jstourac@redhat.com Jan Stourac
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: