-
Bug
-
Resolution: Done
-
Major
-
None
-
None
-
None
Setting max-header-size on a http2-enabled https listener doesn't restrict header size.
For example with following listener configuration:
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" ma x-header-size="200"/> <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true" max-header-size="200"/>
calling curl -i -k -H "header1:long_long_value" http://localhost:8080 fails as expected, but
curl -i -k -H "header1:long_long_value" --http2 https://localhost:8443 returns 200
- is cloned by
-
JBEAP-8760 HTTP2 listener doesn't respect MAX_HEADER_SIZE setting
- Closed
- is incorporated by
-
JBEAP-8788 (7.0.z) UNDERTOW-986 - HTTP2 listener doesn't respect MAX_HEADER_SIZE setting
- Closed