Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.0.6.CR1, 7.0.6.GA
Affects Version/s: 7.0.5.CR1
Component/s: Undertow
Labels:
None

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.0.z.GA
Git Pull Request:
https://github.com/undertow-io/undertow/commit/7298d5a6294300672eb3dea85051c04f3429bc2b

Sprint:
EAP 7.0.6

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Setting max-header-size on a http2-enabled https listener doesn't restrict header size.

For example with following listener configuration:

<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" ma    x-header-size="200"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true" max-header-size="200"/>

calling curl -i -k -H "header1:long_long_value" http://localhost:8080 fails as expected, but
curl -i -k -H "header1:long_long_value" --http2 https://localhost:8443 returns 200

clones

JBEAP-8760 HTTP2 listener doesn't respect MAX_HEADER_SIZE setting

Closed

incorporates

UNDERTOW-986 HTTP2 listener doesn't respect MAX_HEADER_SIZE setting

Resolved

is incorporated by

JBEAP-8650 (7.0.z) Upgrade undertow from 1.3.27.Final to 1.3.28.Final

Closed

relates to

JBEAP-6716 [GSS](7.0.z) UNDERTOW-881 / UNDERTOW-895 - AJP and HTTP/2 listeners ignore max header and parameter limits

Closed

Assignee:: Stuart Douglas

Reporter:: Lin Gao

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2017/02/13 5:42 AM

Updated:: 2024/09/02 4:42 PM

Resolved:: 2017/02/16 4:53 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates