Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-8760

HTTP2 listener doesn't respect MAX_HEADER_SIZE setting

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.1.0.DR13
    • 7.0.5.CR1, 7.1.0.DR11
    • Undertow
    • None

      Setting max-header-size on a http2-enabled https listener doesn't restrict header size.

      For example with following listener configuration:

      <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" ma    x-header-size="200"/>
      <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true" max-header-size="200"/>
      

      calling curl -i -k -H "header1:long_long_value" http://localhost:8080 fails as expected, but
      curl -i -k -H "header1:long_long_value" --http2 https://localhost:8443 returns 200

            sdouglas1@redhat.com Stuart Douglas
            rhatlapa@redhat.com Radim Hatlapatka (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: