You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "yinwoods (Jira)" <ji...@apache.org> on 2021/11/02 03:12:00 UTC
[jira] [Commented] (HTTPCORE-692) H2 should throw illegal header
exception when use Host header as Connection header
[ https://issues.apache.org/jira/browse/HTTPCORE-692?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17437116#comment-17437116 ]
yinwoods commented on HTTPCORE-692:
-----------------------------------
as RFC7540 defined:
[https://datatracker.ietf.org/doc/html/rfc7540#section-8.1.2.2]
HTTP/2 does not use the Connection header field to indicate
connection-specific header fields; in this protocol, connection-
specific metadata is conveyed by other means. An endpoint MUST NOT
generate an HTTP/2 message containing connection-specific header
fields; any message containing connection-specific header fields MUST
be treated as malformed (
[Section 8.1.2.6|https://datatracker.ietf.org/doc/html/rfc7540#section-8.1.2.6]
).
The only exception to this is the TE header field, which MAY be
present in an HTTP/2 request; when it is, it MUST NOT contain any
value other than "trailers".
This means that an intermediary transforming an HTTP/1.x message to
HTTP/2 will need to remove any header fields nominated by the
Connection header field, along with the Connection header field
itself. Such intermediaries SHOULD also remove other connection-
specific header fields, such as Keep-Alive, Proxy-Connection,
Transfer-Encoding, and Upgrade, even if they are not nominated by the
Connection header field.
Note: HTTP/2 purposefully does not support upgrade to another
protocol. The handshake methods described in
[Section 3 |https://datatracker.ietf.org/doc/html/rfc7540#section-3]
are
believed sufficient to negotiate the use of alternative protocols.
> H2 should throw illegal header exception when use Host header as Connection header
> ----------------------------------------------------------------------------------
>
> Key: HTTPCORE-692
> URL: https://issues.apache.org/jira/browse/HTTPCORE-692
> Project: HttpComponents HttpCore
> Issue Type: Improvement
> Components: HttpCore
> Affects Versions: 5.1
> Environment: Macos 11.6
> openjdk 11.0.12 2021-07-20
> Reporter: yinwoods
> Priority: Minor
> Labels: easyfix
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> I notice org/apache/hc/core5/http2/impl/DefaultH2RequestConverter.java:105 throws ProtocolException when header contains Connection. When header contains
> host/upgrade/transfer-encoding header, should it throws ProtocolException eigther?
>
> demo code as below, when I comment Host header, I got 200 response, and when uncomment, got 400 bad request.
> {code:java}
> //
> public class HttpUtilTest {
> public static void main(String[] args) throws Exception {
> HttpContext httpContext = new BasicHttpContext();
> BasicCookieStore cookie = new BasicCookieStore();
> httpContext.setAttribute(HttpClientContext.COOKIE_STORE, cookie);
> SimpleHttpRequest request = SimpleRequestBuilder.create(Method.GET)
> .setUri("https://zzpro2.wmeimob.cn/api/user")
> .addHeader("User-Agent", "zhenzhu/3.3.3.0 CFNetwork/1128.0.1 Darwin/19.6.0")
> .addHeader("loading", "false")
> .addHeader("Accept-Language", "zh-cn")
> .addHeader("toast", "true")
> // .addHeader("Host", "zzpro2.wmeimob.cn")
> .addHeader("Accept-Encoding", "gzip, deflate, br")
> .build();
> SSLContext sslcontext = CipherSuitesUtil.createSslContext();
> final TlsStrategy tlsStrategy = new DefaultClientTlsStrategy(sslcontext, NoopHostnameVerifier.INSTANCE);
> final PoolingAsyncClientConnectionManager connectionManager = PoolingAsyncClientConnectionManagerBuilder
> .create()
> .setTlsStrategy(tlsStrategy)
> .build();
> IOReactorConfig ioConfig =
> IOReactorConfig.custom()
> .setSoKeepAlive(true)
> .setSoTimeout(Timeout.ofMilliseconds(5000))
> .setIoThreadCount(4)
> .setSelectInterval(TimeValue.ofMilliseconds(500))
> .build();
> RequestConfig requestConfig =
> RequestConfig.custom()
> .setCookieSpec(StandardCookieSpec.RELAXED)
> .setConnectTimeout(Timeout.ofMilliseconds(5000))
> .setResponseTimeout(Timeout.ofMilliseconds(5000))
> .setRedirectsEnabled(true)
> .setMaxRedirects(10)
> .build();
> HttpAsyncClientBuilder clientBuilder = HttpAsyncClients.custom()
> .setDefaultRequestConfig(requestConfig)
> .setRedirectStrategy(CustomRedirectStrategy.INSTANCE)
> .setConnectionManager(connectionManager)
> .setVersionPolicy(HttpVersionPolicy.NEGOTIATE)
> .setIOReactorConfig(ioConfig);
> CloseableHttpAsyncClient client = clientBuilder.build();
> client.start();
> client.execute(request, httpContext, new FutureCallback<>() {
> @Override
> public void completed(SimpleHttpResponse result) {
> try {
> System.out.println(result);
> } catch (Exception e) {
> }
> }
> @Override
> public void failed(Exception ex) {
> ex.printStackTrace();
> }
> @Override
> public void cancelled() {
> System.out.println("cancelled");
> }
> });
> Thread.sleep(50 * 1000);
> client.close();
> }
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org