Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move validation of connection headers in HTTP/2 back to HpackDecoder #12982

Merged
merged 1 commit into from
Nov 10, 2022
Merged

Move validation of connection headers in HTTP/2 back to HpackDecoder #12982

merged 1 commit into from
Nov 10, 2022

Conversation

idelpivnitskiy
Copy link
Member

Motivation:

#12755 added validation for presence of connection-related headers while HpackDecoder decodes the incoming frame. Then #12832 moved this validation from HpackDecoder to DefaultHttp2Headers. As the result, existing use-case that could use DefaultHttp2Headers for HTTP/2 and HTTP/1.X broke when users add any of the mentioned prohibited headers. The HTTP/1.X to HTTP/2 translation logic usually has sanitization process that removes connection-related headers. It's enough to run this validation only for incoming messages and we should preserve backward compatibility for 4.1.

Modifications:

  • Move isConnectionHeader and te validations from DefaultHttp2Headers back to HpackDecoder;
  • Add tests to verify HpackDecoder fails incoming headers as expected;
  • Add tests to verify mentioned headers can be added to DefaultHttp2Headers;

Result:

Backward compatibility is preserved, while validation for connection-related headers is done in HpackDecoder.

Backport of #12975.

@idelpivnitskiy
Move validation of connection headers in HTTP/2 back to HpackDecoder
83bd4ad 
Motivation:

netty#12755 added validation for presence of connection-related headers while
`HpackDecoder` decodes the incoming frame. Then netty#12832 moved this
validation from `HpackDecoder` to `DefaultHttp2Headers`. As the result,
existing use-case that could use `DefaultHttp2Headers` for HTTP/2 and
HTTP/1.X broke when users add  any of the mentioned prohibited headers.
The HTTP/1.X to HTTP/2 translation logic usually has sanitization
process that removes connection-related headers. It's enough to run this
validation only for incoming messages and we should preserve backward
compatibility for 4.1.

Modifications:

- Move `isConnectionHeader` and `te` validations from
`DefaultHttp2Headers` back to `HpackDecoder`;
- Add tests to verify `HpackDecoder` fails incoming headers as
expected;
- Add tests to verify mentioned headers can be added to
`DefaultHttp2Headers`;

Result:

Backward compatibility is preserved, while validation for
connection-related headers is done in `HpackDecoder`.
@idelpivnitskiy idelpivnitskiy added this to the 5.0.0.Alpha6 milestone Nov 9, 2022
@idelpivnitskiy
Copy link
Member Author

idelpivnitskiy commented Nov 10, 2022
edited

@chrisvest do you know why java17-graal pipelined failed 2 times in a row at "check_build_result.sh" task? how can I check the build-leak.output file?

@normanmaurer
Copy link
Member

@idelpivnitskiy it failed due a timeout:

https://pipelines.actions.githubusercontent.com/serviceHosts/b6067acc-bb69-4f41-849f-a8c55fdca4e1/_apis/pipelines/1/runs/17834/signedlogcontent/10?urlExpires=2022-11-10T07%3A42%3A49.2416345Z&urlSigningMethod=HMACV1&urlSignature=5S6Fp5p8Ty3rnNvq6kx7s1mTEIGFOBRxtOdqY7lq75k%3D

Looks not related at all.

@normanmaurer normanmaurer merged commit c4f4bed into netty:main Nov 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrisvest chrisvest chrisvest approved these changes

@normanmaurer normanmaurer normanmaurer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
5.0.0.Alpha6
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@idelpivnitskiy @normanmaurer @chrisvest