-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hyper should validate header fields on a header block with the CONNECT method #319
Comments
Agreed, though I suspect that |
Though that function may be called by |
I favour putting it somewhere in You then check if you see the We already have an |
So I'm ok with taking a look at doing that, but it should be noted that we need to aggressively avoid complexity in these validation functions. We also do not do an extra loop over the headers: the reason the validation functions are written as generators is to ensure that we loop exactly once over the headers. Essentially, the validation pipeline could be recomposed as a series of function calls, once per header, along with some persisted state. That means that the real cost of doing this elsewhere is that we duplicate the checks for specific pseudo-headers. That's not ideal, which is why I'm open to seeing the patch implemented in |
I had a quick stab at doing that in the awlc/connect-header branch, defining it as an extra validation function and ignoring |
Feel free to try doing it inline. =) |
@Lukasa : I wanted to work on this item. Few questions on the original bug:
|
…isable RFC8441 extension through H2Configuration.
…1 ext. through H2Configuration
@Lukasa Is there a chance to have the work by @optimusprime01 reviewed? I encountered this issue and I'd like to know it this could be fixed in h2 upstream or we need to maintain a patched version ourselves. |
RFC 7540 § 8.3:
Currently hyper doesn’t do anything to check this. We should add a check in
utilities.py
(probably somewhere in_reject_pseudo_header_fields()
) that we conform to these restrictions.The text was updated successfully, but these errors were encountered: