HTTP/3+quiche with :status not coming first does wrong #4571
Labels
HTTP/3
h3 or quic related
Comments
bagder
added a commit
that referenced
this issue
Nov 8, 2019
:status doesn't have to be the first header from quiche to arrive so this code now makes sure to handle such events. HTTP/3 (and HTTP/2) mandates: "All pseudo-header fields MUST appear in the header block before regular header fields" Fixes #4571
bagder
added a commit
that referenced
this issue
Nov 11, 2019
Pseudo header MUST come before regular headers or cause an error. Reported-by: Cynthia Coan Fixes #4571
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Bug originally filed by @securityinsanity against quiche at cloudflare/quiche#248
Quiche, unlike nghttp2 and nghttp3 doesn't provide
:statusas the first psuedo header returned (and HTTP/3 itself doesn't enforce that it is, just that pseudo headers should come before "regular" ones), which curl presumes it will and therefore the h3->h1 header conversion will fail if that happens.There's still a discussion with the quiche team going on whether this should be fixed in quiche or in curl.
The text was updated successfully, but these errors were encountered: