On Thu, 10 Apr 2025 11:37:23 GMT, Daniel Jeliński <djelin...@openjdk.org> wrote:
> RFC 9113 HTTP/2 mandates certain validation for HTTP headers; the HttpClient > don't fully implement the described requirements. > > This PR adds the following validation: > - pseudo-headers defined for requests are rejected in responses and push > streams > - pseudo-headers defined for responses are rejected in push promises > - connection headers are rejected in responses and push streams > > Connection headers are still accepted in push promises; that's because some > popular server implementations were found to echo the request headers in push > promises, and when the original request was a HTTP/1 upgrade, the push > promise could contain one or more headers that were prohibited in HTTP/2 but > allowed in HTTP/1. > > An existing test was adapted to verify the handling of response headers. The > modified test passes with this the changes in this PR, fails without them. > Other tier1-3 tests continue to pass. test/jdk/java/net/httpclient/http2/BadHeadersTest.java line 30: > 28: * @build jdk.httpclient.test.lib.http2.Http2TestServer > jdk.test.lib.net.SimpleSSLContext > 29: * @run testng/othervm -Djdk.internal.httpclient.debug=true BadHeadersTest > 30: * @summary This test verifies the behaviour of the HttpClient when > presented Shall we update the `@bug` field too? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24569#discussion_r2037254709
