According to the HTTP2 spec - Connection-Specific Header Fields, HTTP2 request
- must not contain "connection" header
- may contain 'te' header but only with 'trailers' value
HTTP/2 does not use the Connection header field to indicate
connection-specific header fields; in this protocol, connection-
specific metadata is conveyed by other means. An endpoint MUST NOT
generate an HTTP/2 message containing connection-specific header
fields; any message containing connection-specific header fields MUST
be treated as malformed (Section 220.127.116.11).
The only exception to this is the TE header field, which MAY be
present in an HTTP/2 request; when it is, it MUST NOT contain any
value other than "trailers".
Currently there is no such check in Undertow processing request. Thus such requests are processed successfully instead of being rejected as malformed.