On Tue, 29 Apr 2025 09:49:42 GMT, Daniel Jeliński <djelin...@openjdk.org> wrote:
>> RFC 9113 HTTP/2 mandates certain validation for HTTP headers; the HttpClient >> don't fully implement the described requirements. >> >> This PR adds the following validation: >> - pseudo-headers defined for requests are rejected in responses and push >> streams >> - pseudo-headers defined for responses are rejected in push promises >> - connection headers are rejected in responses and push streams >> >> Connection headers are still accepted in push promises; that's because some >> popular server implementations were found to echo the request headers in >> push promises, and when the original request was a HTTP/1 upgrade, the push >> promise could contain one or more headers that were prohibited in HTTP/2 but >> allowed in HTTP/1. >> >> An existing test was adapted to verify the handling of response headers. The >> modified test passes with this the changes in this PR, fails without them. >> Other tier1-3 tests continue to pass. > > Daniel Jeliński has updated the pull request incrementally with five > additional commits since the last revision: > > - Add test for malformed push promise headers > - Fix orphaned header consumer > - Make HeaderDecoder constructor take a context parameter > - Require ValidatingHeadersConsumer.context != null > - Move test summary next to test bug number test/jdk/java/net/httpclient/http2/BadPushPromiseTest.java line 77: > 75: static final String MAIN_RESPONSE_BODY = "the main response body"; > 76: > 77: Http2TestServer server; Can we use HttpServerAdapters and HttpTestServer here please? It will make it easier to create an equivalent test for HTTP/3. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/24569#discussion_r2066439563
