> RFC 9113 HTTP/2 mandates certain validation for HTTP headers; the HttpClient > don't fully implement the described requirements. > > This PR adds the following validation: > - pseudo-headers defined for requests are rejected in responses and push > streams > - pseudo-headers defined for responses are rejected in push promises > - connection headers are rejected in responses and push streams > > Connection headers are still accepted in push promises; that's because some > popular server implementations were found to echo the request headers in push > promises, and when the original request was a HTTP/1 upgrade, the push > promise could contain one or more headers that were prohibited in HTTP/2 but > allowed in HTTP/1. > > An existing test was adapted to verify the handling of response headers. The > modified test passes with this the changes in this PR, fails without them. > Other tier1-3 tests continue to pass.
Daniel Jeliński has updated the pull request incrementally with one additional commit since the last revision: Remove localhost usage ------------- Changes: - all: https://git.openjdk.org/jdk/pull/24569/files - new: https://git.openjdk.org/jdk/pull/24569/files/d5c5e857..2192f15f Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=24569&range=06 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=24569&range=05-06 Stats: 3 lines in 1 file changed: 0 ins; 0 del; 3 mod Patch: https://git.openjdk.org/jdk/pull/24569.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/24569/head:pull/24569 PR: https://git.openjdk.org/jdk/pull/24569
