-
Bug
-
Resolution: Done
-
Major
-
7.0.5.CR1
-
None
Setting max-header-size on a http2-enabled https listener doesn't restrict header size.
For example with following listener configuration:
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" ma x-header-size="200"/> <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true" max-header-size="200"/>
calling curl -i -k -H "header1:long_long_value" http://localhost:8080 fails as expected, but
curl -i -k -H "header1:long_long_value" --http2 https://localhost:8443 returns 200
- clones
-
JBEAP-8760 HTTP2 listener doesn't respect MAX_HEADER_SIZE setting
- Closed
- incorporates
-
UNDERTOW-986 HTTP2 listener doesn't respect MAX_HEADER_SIZE setting
- Resolved
- is incorporated by
-
JBEAP-8650 (7.0.z) Upgrade undertow from 1.3.27.Final to 1.3.28.Final
- Closed
- relates to
-
JBEAP-6716 [GSS](7.0.z) UNDERTOW-881 / UNDERTOW-895 - AJP and HTTP/2 listeners ignore max header and parameter limits
- Closed