Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-986

HTTP2 listener doesn't respect MAX_HEADER_SIZE setting

XMLWordPrintable

      Setting max-header-size on a http2-enabled https listener doesn't restrict header size.

      For example with following listener configuration:

      <http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" ma    x-header-size="200"/>
      <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true" max-header-size="200"/>
      

      calling curl -i -k -H "header1:long_long_value" http://localhost:8080 fails as expected, but
      curl -i -k -H "header1:long_long_value" --http2 https://localhost:8443 returns 200

            sdouglas1@redhat.com Stuart Douglas
            spyrkob Bartosz Spyrko-Smietanko
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: