arturobernalg opened a new pull request, #636: URL: https://github.com/apache/httpcomponents-core/pull/636
Enforce RFC 9113 connection preface rules by rejecting non-SETTINGS frames received before the peer SETTINGS once the connection handshake is active. [RFC 9113, Section 3.4](https://www.rfc-editor.org/rfc/rfc9113.html#section-3.4): That is, the connection preface starts with the string "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n". This sequence MUST be followed by a [SETTINGS](https://www.rfc-editor.org/rfc/rfc9113.html#SETTINGS) frame ([Section 6.5](https://www.rfc-editor.org/rfc/rfc9113.html#SETTINGS)), which MAY be empty. The client sends the client connection preface as the first application data octets of a connection. [RFC 9113, Section 6.5: ](https://www.rfc-editor.org/rfc/rfc9113.html#name-settings) Receipt of a SETTINGS frame with the ACK flag set and a length field value other than 0 MUST be treated as a [connection error](https://www.rfc-editor.org/rfc/rfc9113.html#ConnectionErrorHandler) ([Section 5.4.1](https://www.rfc-editor.org/rfc/rfc9113.html#ConnectionErrorHandler)) of type [FRAME_SIZE_ERROR](https://www.rfc-editor.org/rfc/rfc9113.html#FRAME_SIZE_ERROR). For more information, see [Section 6.5.3](https://www.rfc-editor.org/rfc/rfc9113.html#SettingsSync) ("[Settings Synchronization](https://www.rfc-editor.org/rfc/rfc9113.html#SettingsSync)"). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
