From 4e156058960dd553e9e9614cbf04f376b992cc55 Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Wed, 8 Jan 2025 16:34:38 +0100 Subject: [PATCH] HTTP/2: strip TE request header The TE request header field is invalid in HTTP/2. Since clients may not know in advance if a connection negotiates HTTP/2, automatically strip such a header when h2 is in play. Add test_01_10 to verify. Reported-by: Jiri Stary Fixes #15941 Closes #15943 --- lib/http.c | 2 ++ tests/http/test_01_basic.py | 10 ++++++++++ 2 files changed, 12 insertions(+) diff --git a/lib/http.c b/lib/http.c index e155200a52..52132059d1 100644 --- a/lib/http.c +++ b/lib/http.c @@ -4121,7 +4121,9 @@ struct name_const { size_t namelen; }; +/* keep them sorted by length! */ static struct name_const H2_NON_FIELD[] = { + { STRCONST("TE") }, { STRCONST("Host") }, { STRCONST("Upgrade") }, { STRCONST("Connection") }, diff --git a/tests/http/test_01_basic.py b/tests/http/test_01_basic.py index 391c231516..9d70318f34 100644 --- a/tests/http/test_01_basic.py +++ b/tests/http/test_01_basic.py @@ -139,3 +139,13 @@ class TestBasic: assert r.response['status'] == 200, f'{r.responsw}' assert r.response['protocol'] == 'HTTP/2', f'{r.response}' assert r.json['server'] == env.domain1 + + # http: strip TE header in HTTP/2 requests + def test_01_10_te_strip(self, env: Env, httpd): + curl = CurlClient(env=env) + url = f'https://{env.authority_for(env.domain1, "h2")}/data.json' + r = curl.http_get(url=url, extra_args=['--http2', '-H', 'TE: gzip']) + r.check_exit_code(0) + assert len(r.responses) == 1, f'{r.responses}' + assert r.responses[0]['status'] == 200, f'{r.responses[1]}' + assert r.responses[0]['protocol'] == 'HTTP/2', f'{r.responses[1]}' -- 2.47.3