transport/http2: use HTTP 400 for bad requests instead of 500

[sjbarag]

Non-servicable HTTP requests from clients previously resulted in an HTTP 500 response, but no error exists within the server; the client simply sent a malformed request. Detect bad requests and return HTTP 400 Bad Request instead of HTTP 500 Internal Server Error.

fixes #5802

RELEASE NOTES:

• transport (net/http server handler): respond to bad HTTP requests with status 400 (Bad Request) instead of 500 (Internal Server Error).

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: sjbarag / name: Sean Barag (4fb92d6)

[sjbarag]

A few notes while CI runs its course:

• There don't appear to be any tests covering the status code included in the HTTP response, but I'm happy to add some if you can give me an appropriate place to put them!
• While grpc.Server responds with HTTP 500 for malformed requests instead of 4XX #5802 mentions other 4XX response codes, supporting them would involve a pretty significant refactor of google.golang.org/grpc/transport.NewServerHandlerTransport. HTTP 426 Upgrade Required is only valid if the same request would be valid with a different protocol [1], so the resolution of "which HTTP status code do we return?" would get significantly more complicated. It'd be nice to support the HTTP spec more closely, but HTTP 400 for general "client sent a bad request" appears appropriate.
• I haven't added a "RELEASE NOTES" line to the description. I imagine that's something y'all want control over, but let me know if that's not the case 🙂

[1] From https://httpwg.org/specs/rfc9110.html#field.upgrade:

A server MUST NOT switch protocols unless the received message semantics can be honored by the new protocol; an OPTIONS request can be honored by any protocol.
https://httpwg.org/specs/rfc9110.html#field.upgrade

[sjbarag]

Looks like "Testing / tests (tests, 1.19, 386)" will pass once #5812 lands and I rebase.

[dfawley]

Somehow I forgot to send the review comment I wrote, sorry!

[dfawley]

Could we move this status code writing fully into the transport layer, to avoid the need to span the logic between the two?

[sjbarag]

No worries! Great idea — fixed in r2 (6a6c330).

[github-actions]

This PR is labeled as requiring an update from the reporter, and no update has been received after 6 days. If no update is provided in the next 7 days, this issue will be automatically closed.

[sjbarag]

This PR is labeled as requiring an update from the reporter, and no update has been received after 6 days. If no update is provided in the next 7 days, this issue will be automatically closed.

Erm, that’s odd - I pushed another commit six days ago.

@dfawley if you get a few minutes, could you take another look (or maybe mark this not-stale)?

[dfawley]

Erm, that’s odd - I pushed another commit six days ago.

Sorry, I just missed your updates. LGTM now, thank you for the change!

[easwars]

Looks like the tests are failing because they were checking for exact string match. Could you please fix them.

[sjbarag]

Welllll heck, I’m sorry about that! Influenza brain told me to push without running the tests. I’ll fix that up today.

Thanks for your help and patience, everyone!

[sjbarag]

Tests fixed, sorry again!

[easwars]

Thank you for your contribution.

[sjbarag]

Thanks for all your help @easwars and @dfawley ! 🙂