Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-5894

HTTP2 connection-specific headers check in request

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Minor
    • 7.1.0.DR5
    • 7.1.0.DR4
    • Undertow
    • None

    Description

      According to the HTTP2 spec - Connection-Specific Header Fields, HTTP2 request

      1. must not contain "connection" header
      2. may contain 'te' header but only with 'trailers' value

      HTTP/2 does not use the Connection header field to indicate
      connection-specific header fields; in this protocol, connection-
      specific metadata is conveyed by other means. An endpoint MUST NOT
      generate an HTTP/2 message containing connection-specific header
      fields; any message containing connection-specific header fields MUST
      be treated as malformed (Section 8.1.2.6).

      The only exception to this is the TE header field, which MAY be
      present in an HTTP/2 request; when it is, it MUST NOT contain any
      value other than "trailers".

      Currently there is no such check in Undertow processing request. Thus such requests are processed successfully instead of being rejected as malformed.

      Attachments

        Issue Links

          is blocked by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-5765 Upgrade Undertow from 1.4.0.Final to 1.4.3.Final

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. UNDERTOW-822 HTTP2 connection-specific headers check in request

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-5897 (7.1.0) Upgrade to WildFly Core 3.0.0.Alpha8

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              sdouglas1@redhat.com Stuart Douglas
              jstourac@redhat.com Jan Stourac
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: