RFR: 8303965: java.net.http.HttpClient should reset the stream if response headers contain malformed header fields [v2]
Jaikiran Pai
jpai at openjdk.org
Sat Mar 11 11:48:23 UTC 2023
On Fri, 10 Mar 2023 14:27:21 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
>> According to RFC 7540:
>>
>> Endpoints MUST treat a request or response that contains undefined or invalid pseudo-header fields as malformed (Section 8.1.2.6).
>>
>> Section-8.1.2.6:
>> Malformed requests or responses that are detected MUST be treated as a stream error (Section 5.4.2) of type PROTOCOL_ERROR.
>>
>> The current behavior is to close the connection with protocol error. This change makes it reset the stream instead.
>
> Daniel Fuchs has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:
>
> - add bug id to test
> - Merge branch 'master' into MalformedResponse-8303965
> - 8303965
The change looks good to me. I just have a question about the RFC numbers in the comment, which I have asked inline.
src/java.net.http/share/classes/jdk/internal/net/http/Http2Connection.java line 1220:
> 1218: */
> 1219: @SuppressWarnings("unchecked")
> 1220: <T> Stream<T> getInitialStream() {
Given that this method returns and also updates the initial stream member field, the naming of this method is a bit odd. But I can't think of a better name, plus this is internal to the `jdk.internal.net.http` package and also has a comment which explains what it does, so I think this name is fine.
src/java.net.http/share/classes/jdk/internal/net/http/common/ValidatingHeadersConsumer.java line 32:
> 30:
> 31: /*
> 32: * Checks RFC 7540 rules (relaxed) compliance regarding pseudo-headers.
Same here, should we use new RFC number?
-------------
Marked as reviewed by jpai (Reviewer).
PR: https://git.openjdk.org/jdk/pull/12976
More information about the net-dev
mailing list