ChristopherSchultz commented on PR #277:
URL: https://github.com/apache/tomcat/pull/277#issuecomment-3189821921
Could we just do something like this?
```
package com.chadis.web.servlet;
import java.io.IOException;
import java.util.HashSet;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
public class Http2HeaderPreventionFilter implements Filter
{
private enum Action {
filter,
error
}
private Action action = Action.filter;
private HashSet<String> headerNames = Stream.of(new String[] {
"Connection"
}).map(s -> s.toLowerCase())
.collect(Collectors.toCollection(HashSet::new));
@Override
public void init(FilterConfig config) throws ServletException {
// Allow web.xml-based configuration to change defaults
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws ServletException, IOException
{
if(request instanceof HttpServletRequest && response instanceof
HttpServletResponse) {
String protocol = request.getProtocol();
if(null != protocol && protocol.startsWith("HTTP/2")) {
response = wrap((HttpServletResponse)response);
}
}
chain.doFilter(request, response);
}
@Override
public void destroy() {
}
private HttpServletResponse wrap(HttpServletResponse response) {
return new HttpServletResponseWrapper(response) {
@Override
public void setHeader(String name, String value) {
if(headerNames.contains(name.toLowerCase())) {
if(action == Action.filter) {
// Just ignore the setHeader()
} else if(action == Action.error) {
throw new IllegalArgumentException("Header " + name
+ " is not legal in HTTP/2");
}
} else {
((HttpServletResponse)getResponse()).setHeader(name,
value);
}
}
@Override
public void addHeader(String name, String value) {
if(headerNames.contains(name.toLowerCase())) {
if(action == Action.filter) {
// Just ignore the setHeader()
} else if(action == Action.error) {
throw new IllegalArgumentException("Header " + name
+ " is not legal in HTTP/2");
}
} else {
((HttpServletResponse)getResponse()).addHeader(name,
value);
}
}
};
}
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
