mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-19 18:28:33 +00:00
0df043608f
The RFC8441 was not respected by haproxy in regards with server support for Extended CONNECT. The Extended CONNECT method was used to convert an Upgrade header stream even if no SETTINGS_ENABLE_CONNECT_PROTOCOL was received, which is forbidden by the RFC8441. In this case, the behavior of the http/2 server is unspecified. Fix this by flagging the connection on receiption of the RFC8441 settings SETTINGS_ENABLE_CONNECT_PROTOCOL. Extended CONNECT is thus only be used if the flag is present. In the other case, the stream is immediatly closed as there is no way to handle it in http/2. It results in a http/1.1 502 or http/2 RESET_STREAM to the client side. The protocol-upgrade regtest has been extended to test that haproxy does not emit Extended CONNECT on servers without RFC8441 support. It must be backported up to 2.4. |
||
|---|---|---|
| .. | ||
| h1_to_h1.vtc | ||
| h2_desync_attacks.vtc | ||
| h2_to_h1.vtc | ||
| http_abortonclose.vtc | ||
| http_bodyless_response.vtc | ||
| http_msg_full_on_eom.vtc | ||
| http_request_buffer.vtc | ||
| http_transfer_encoding.vtc | ||
| http_wait_for_body.vtc | ||
| protocol_upgrade.vtc | ||
| scheme_based_normalize.vtc | ||
| websocket.vtc | ||