Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 2.0.0.Beta1, 1.3.28.Final, 1.4.11.Final
Affects Version/s: None
Component/s: None
Labels:
None

Setting max-header-size on a http2-enabled https listener doesn't restrict header size.

For example with following listener configuration:

<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true" ma    x-header-size="200"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true" max-header-size="200"/>

calling curl -i -k -H "header1:long_long_value" http://localhost:8080 fails as expected, but
curl -i -k -H "header1:long_long_value" --http2 https://localhost:8443 returns 200

is cloned by

JBEAP-8760 HTTP2 listener doesn't respect MAX_HEADER_SIZE setting

Verified

is incorporated by

JBEAP-8788 (7.0.z) UNDERTOW-986 - HTTP2 listener doesn't respect MAX_HEADER_SIZE setting

Verified

Assignee:: Stuart Douglas

Reporter:: Bartosz Spyrko-Smietanko

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2017/02/08 11:44 AM

Updated:: 2017/02/14 11:11 PM

Resolved:: 2017/02/14 11:11 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates

Hide