I'm using Go HTTP2 server for proxying gRPC requests, where a client could potentially forward a request with a smaller content-length header.
What did you expect to see?
Stream with an invalid content-length header must result in an RST_STREAM. This must not affect other valid streams and connection level flow control.
What did you see instead?
The client slowly notices degradation in performance and eventually, the client is hung with all requests failing with deadline exceeded errors.
This issue happens as the client flow control eventually runs out of available outward flow control bytes as the HTTP2 server does not return WINDOW_UPDATE when the stream resets due to an invalid content-length header.