andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
de690daccc
netty5/codec-http2/src/test/resources/io/netty/handler/codec/http2/testdata/testStaticTableEntries.json
Julien Hoarau 3e6b54bb59 Fix failing h2spec tests 8.1.2.1 related to pseudo-headers validation 
Motivation:

According to the spec:
All pseudo-header fields MUST appear in the header block before regular
header fields. Any request or response that contains a pseudo-header
field that appears in a header block after
a regular header field MUST be treated as malformed (Section 8.1.2.6).

Pseudo-header fields are only valid in the context in which they are defined.
Pseudo-header fields defined for requests MUST NOT appear in responses;
pseudo-header fields defined for responses MUST NOT appear in requests.
Pseudo-header fields MUST NOT appear in trailers.
Endpoints MUST treat a request or response that contains undefined or
invalid pseudo-header fields as malformed (Section 8.1.2.6).

Clients MUST NOT accept a malformed response. Note that these requirements
are intended to protect against several types of common attacks against HTTP;
they are deliberately strict because being permissive can expose
implementations to these vulnerabilities.

Modifications:

- Introduce validation in HPackDecoder

Result:

- Requests with unknown pseudo-field headers are rejected
- Requests with containing response specific pseudo-headers are rejected
- Requests where pseudo-header appear after regular header are rejected
- h2spec 8.1.2.1 pass
2018-01-29 19:42:56 -08:00

74 lines
2.0 KiB
JSON
Raw Blame History

{
"header_blocks":
[
{
"headers": [
{ ":authority": "" },
{ ":method": "GET" },
{ ":method": "POST" },
{ ":path": "/" },
{ ":path": "/index.html" },
{ ":scheme": "http" },
{ ":scheme": "https" },
{ "accept-charset": "" },
{ "accept-encoding": "gzip, deflate" },
{ "accept-language": "" },
{ "accept-ranges": "" },
{ "accept": "" },
{ "access-control-allow-origin": "" },
{ "age": "" },
{ "allow": "" },
{ "authorization": "" },
{ "cache-control": "" },
{ "content-disposition": "" },
{ "content-encoding": "" },
{ "content-language": "" },
{ "content-length": "" },
{ "content-location": "" },
{ "content-range": "" },
{ "content-type": "" },
{ "cookie": "" },
{ "date": "" },
{ "etag": "" },
{ "expect": "" },
{ "expires": "" },
{ "from": "" },
{ "host": "" },
{ "if-match": "" },
{ "if-modified-since": "" },
{ "if-none-match": "" },
{ "if-range": "" },
{ "if-unmodified-since": "" },
{ "last-modified": "" },
{ "link": "" },
{ "location": "" },
{ "max-forwards": "" },
{ "proxy-authenticate": "" },
{ "proxy-authorization": "" },
{ "range": "" },
{ "referer": "" },
{ "refresh": "" },
{ "retry-after": "" },
{ "server": "" },
{ "set-cookie": "" },
{ "strict-transport-security": "" },
{ "transfer-encoding": "" },
{ "user-agent": "" },
{ "vary": "" },
{ "via": "" },
{ "www-authenticate": "" }
],
"encoded": [
"8182 8384 8586 87 8f90",
"9192 9394 9596 9798 999a 9b9c 9d9e 9fa0",
"a1a2 a3a4 a5a6 a7a8 a9aa abac adae afb0",
"b1b2 b3b4 b5b6 b7b8 b9ba bbbc bd"
],
"dynamic_table": [
],
"table_size": 0
}
]
}
Reference in New Issue View Git Blame Copy Permalink