Integrated: 8303965: java.net.http.HttpClient should reset the stream if response headers contain malformed header fields
Daniel Fuchs
dfuchs at openjdk.org
Mon Mar 13 14:28:33 UTC 2023
On Fri, 10 Mar 2023 13:58:23 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
> According to RFC 9113:
>
> A malformed request or response is one that is an otherwise valid sequence of HTTP/2 frames but is invalid due to the presence of extraneous frames, prohibited fields or pseudo-header fields, the absence of mandatory pseudo-header fields, the inclusion of uppercase field names, or invalid field names and/or values (in certain circumstances; see [Section 8.2](https://www.rfc-editor.org/rfc/rfc9113#HttpHeaders)).
> [...]
> Malformed requests or responses that are detected MUST be treated as a [stream error](https://www.rfc-editor.org/rfc/rfc9113#StreamErrorHandler) ([Section 5.4.2](https://www.rfc-editor.org/rfc/rfc9113#StreamErrorHandler)) of type [PROTOCOL_ERROR](https://www.rfc-editor.org/rfc/rfc9113#PROTOCOL_ERROR).
>
> The current behavior is to close the connection with protocol error. This change makes it reset the stream instead.
This pull request has now been integrated.
Changeset: 466ffebc
Author: Daniel Fuchs <dfuchs at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/466ffebcae1ee5817a83fdbc33f5ec3bd6de7e60
Stats: 296 lines in 7 files changed: 192 ins; 70 del; 34 mod
8303965: java.net.http.HttpClient should reset the stream if response headers contain malformed header fields
Reviewed-by: jpai
-------------
PR: https://git.openjdk.org/jdk/pull/12976
More information about the net-dev
mailing list