3e6b54bb59
Motivation: According to the spec: All pseudo-header fields MUST appear in the header block before regular header fields. Any request or response that contains a pseudo-header field that appears in a header block after a regular header field MUST be treated as malformed (Section 8.1.2.6). Pseudo-header fields are only valid in the context in which they are defined. Pseudo-header fields defined for requests MUST NOT appear in responses; pseudo-header fields defined for responses MUST NOT appear in requests. Pseudo-header fields MUST NOT appear in trailers. Endpoints MUST treat a request or response that contains undefined or invalid pseudo-header fields as malformed (Section 8.1.2.6). Clients MUST NOT accept a malformed response. Note that these requirements are intended to protect against several types of common attacks against HTTP; they are deliberately strict because being permissive can expose implementations to these vulnerabilities. Modifications: - Introduce validation in HPackDecoder Result: - Requests with unknown pseudo-field headers are rejected - Requests with containing response specific pseudo-headers are rejected - Requests where pseudo-header appear after regular header are rejected - h2spec 8.1.2.1 pass
74 lines
2.0 KiB
JSON
74 lines
2.0 KiB
JSON
{
|
|
"header_blocks":
|
|
[
|
|
{
|
|
"headers": [
|
|
{ ":authority": "" },
|
|
{ ":method": "GET" },
|
|
{ ":method": "POST" },
|
|
{ ":path": "/" },
|
|
{ ":path": "/index.html" },
|
|
{ ":scheme": "http" },
|
|
{ ":scheme": "https" },
|
|
{ "accept-charset": "" },
|
|
{ "accept-encoding": "gzip, deflate" },
|
|
{ "accept-language": "" },
|
|
{ "accept-ranges": "" },
|
|
{ "accept": "" },
|
|
{ "access-control-allow-origin": "" },
|
|
{ "age": "" },
|
|
{ "allow": "" },
|
|
{ "authorization": "" },
|
|
{ "cache-control": "" },
|
|
{ "content-disposition": "" },
|
|
{ "content-encoding": "" },
|
|
{ "content-language": "" },
|
|
{ "content-length": "" },
|
|
{ "content-location": "" },
|
|
{ "content-range": "" },
|
|
{ "content-type": "" },
|
|
{ "cookie": "" },
|
|
{ "date": "" },
|
|
{ "etag": "" },
|
|
{ "expect": "" },
|
|
{ "expires": "" },
|
|
{ "from": "" },
|
|
{ "host": "" },
|
|
{ "if-match": "" },
|
|
{ "if-modified-since": "" },
|
|
{ "if-none-match": "" },
|
|
{ "if-range": "" },
|
|
{ "if-unmodified-since": "" },
|
|
{ "last-modified": "" },
|
|
{ "link": "" },
|
|
{ "location": "" },
|
|
{ "max-forwards": "" },
|
|
{ "proxy-authenticate": "" },
|
|
{ "proxy-authorization": "" },
|
|
{ "range": "" },
|
|
{ "referer": "" },
|
|
{ "refresh": "" },
|
|
{ "retry-after": "" },
|
|
{ "server": "" },
|
|
{ "set-cookie": "" },
|
|
{ "strict-transport-security": "" },
|
|
{ "transfer-encoding": "" },
|
|
{ "user-agent": "" },
|
|
{ "vary": "" },
|
|
{ "via": "" },
|
|
{ "www-authenticate": "" }
|
|
],
|
|
"encoded": [
|
|
"8182 8384 8586 87 8f90",
|
|
"9192 9394 9596 9798 999a 9b9c 9d9e 9fa0",
|
|
"a1a2 a3a4 a5a6 a7a8 a9aa abac adae afb0",
|
|
"b1b2 b3b4 b5b6 b7b8 b9ba bbbc bd"
|
|
],
|
|
"dynamic_table": [
|
|
],
|
|
"table_size": 0
|
|
}
|
|
]
|
|
}
|
|
|