8354276: Strict HTTP header validation

[djelinski]

RFC 9113 HTTP/2 mandates certain validation for HTTP headers; the HttpClient don't fully implement the described requirements.

This PR adds the following validation:

• pseudo-headers defined for requests are rejected in responses and push streams
• pseudo-headers defined for responses are rejected in push promises
• connection headers are rejected in responses and push streams

Connection headers are still accepted in push promises; that's because some popular server implementations were found to echo the request headers in push promises, and when the original request was a HTTP/1 upgrade, the push promise could contain one or more headers that were prohibited in HTTP/2 but allowed in HTTP/1.

An existing test was adapted to verify the handling of response headers. The modified test passes with this the changes in this PR, fails without them. Other tier1-3 tests continue to pass.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue
• Change requires CSR request JDK-8354299 to be approved

Issues

• JDK-8354276: Strict HTTP header validation (Bug - P4)
• JDK-8354299: Strict HTTP header validation (CSR)

Reviewers

• Daniel Fuchs (@dfuch - Reviewer)
• Jaikiran Pai (@jaikiran - Reviewer)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/24569/head:pull/24569
$ git checkout pull/24569

Update a local copy of the PR:
$ git checkout pull/24569
$ git pull https://git.openjdk.org/jdk.git pull/24569/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 24569

View PR using the GUI difftool:
$ git pr show -t 24569

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/24569.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back djelinski! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@djelinski This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8354276: Strict HTTP header validation

Reviewed-by: dfuchs, jpai

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 431 new commits pushed to the master branch:

• 526951d: 8354145: G1: UseCompressedOops boundary is calculated on maximum heap region size instead of maxiumum ergonomic heap region size
• 765cef4: 8355878: RISC-V: jdk/incubator/vector/DoubleMaxVectorTests.java fails when using RVV
• d802fd0: 8352422: [ubsan] Out-of-range reported in ciMethod.cpp:917:20: runtime error: 2.68435e+09 is outside the range of representable values of type 'int'
• ... and 428 more: https://git.openjdk.org/jdk/compare/60fbf73fc492ad9fff83fb4540e2d01311406287...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[openjdk]

@djelinski The following label will be automatically applied to this pull request:

• net

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 06: Full - Incremental (2192f15f)
• 05: Full - Incremental (d5c5e857)
• 04: Full - Incremental (085d6b5f)
• 03: Full - Incremental (4c7f30f4)
• 02: Full - Incremental (9c945cc1)
• 01: Full - Incremental (c7b28290)
• 00: Full (45121f44)

[vy]

Shouldn't we instead exhaustively test against all hard-coded header collection in ValidatingHeadersConsumer, i.e., PSEUDO_HEADERS and PROHIBITED_HEADERS?

[djelinski]

We could. I don't think it adds much value though.

[dfuch]

/csr needed

[openjdk]

@dfuch has indicated that a compatibility and specification (CSR) request is needed for this pull request.

@djelinski please create a CSR request for issue JDK-8354276 with the correct fix version. This pull request cannot be integrated until the CSR request is approved.

[dfuch]

@dfuch has indicated that a compatibility and specification (CSR) request is needed for this pull request.

There will be an observable change of behaviour for clients if for instance, a response contains a connection: close header added by custom code on the server side.

[dfuch]

LGTM. Please double check that the test still pass after the changes :-)

[jaikiran]

Thank you Daniel for the updates. This looks good to me.

[djelinski]

Thanks for the reviews!

/integrate

[openjdk]

Going to push as commit c94a7ae.
Since your change was applied there have been 485 commits pushed to the master branch:

• a5f4366: 8353565: Javac throws "inconsistent stack types at join point" exception
• c8ce61c: 8355371: NegativeArraySizeException in print methods in IO or System.console() in JShell
• 5b3ae92: 8350182: [s390x] Relativize locals in interpreter frames
• ... and 482 more: https://git.openjdk.org/jdk/compare/60fbf73fc492ad9fff83fb4540e2d01311406287...master

Your commit was automatically rebased without conflicts.

[openjdk]

@djelinski Pushed as commit c94a7ae.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.