Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-822

HTTP2 connection-specific headers check in request

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Minor Minor
    • 2.0.0.Beta1, 1.4.2.Final
    • 1.4.0.Final
    • Core
    • None

      According to the HTTP2 spec - Connection-Specific Header Fields, HTTP2 request

      1. must not contain "connection" header
      2. may contain 'te' header but only with 'trailers' value

      HTTP/2 does not use the Connection header field to indicate
      connection-specific header fields; in this protocol, connection-
      specific metadata is conveyed by other means. An endpoint MUST NOT
      generate an HTTP/2 message containing connection-specific header
      fields; any message containing connection-specific header fields MUST
      be treated as malformed (Section 8.1.2.6).

      The only exception to this is the TE header field, which MAY be
      present in an HTTP/2 request; when it is, it MUST NOT contain any
      value other than "trailers".

      Currently there is no such check in Undertow processing request. Thus such requests are processed successfully instead of being rejected as malformed.

              sdouglas1@redhat.com Stuart Douglas (Inactive)
              jstourac@redhat.com Jan Stourac
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: