> RFC 9113 HTTP/2 mandates certain validation for HTTP headers; the HttpClient > don't fully implement the described requirements. > > This PR adds the following validation: > - pseudo-headers defined for requests are rejected in responses and push > streams > - pseudo-headers defined for responses are rejected in push promises > - connection headers are rejected in responses and push streams > > Connection headers are still accepted in push promises; that's because some > popular server implementations were found to echo the request headers in push > promises, and when the original request was a HTTP/1 upgrade, the push > promise could contain one or more headers that were prohibited in HTTP/2 but > allowed in HTTP/1. > > An existing test was adapted to verify the handling of response headers. The > modified test passes with this the changes in this PR, fails without them. > Other tier1-3 tests continue to pass.
Daniel Jeliński has updated the pull request incrementally with one additional commit since the last revision: Add suggested comment to PSEUDO_HEADERS Co-authored-by: Michael McMahon <70538289+michael-mc-ma...@users.noreply.github.com> ------------- Changes: - all: https://git.openjdk.org/jdk/pull/24569/files - new: https://git.openjdk.org/jdk/pull/24569/files/c7b28290..9c945cc1 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=24569&range=02 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=24569&range=01-02 Stats: 2 lines in 1 file changed: 2 ins; 0 del; 0 mod Patch: https://git.openjdk.org/jdk/pull/24569.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/24569/head:pull/24569 PR: https://git.openjdk.org/jdk/pull/24569
