He-Pin opened a new pull request, #981: URL: https://github.com/apache/pekko-http/pull/981
## Motivation When an HTTP/2 client sends a malformed-but-parseable request (e.g. duplicate `Content-Length` header, invalid URI characters, unknown HTTP method), the server was silently resetting the stream with RST_STREAM(PROTOCOL_ERROR) rather than returning an informative HTTP 400 response. The client had no way to distinguish this from a genuine protocol-level error, making debugging difficult. This change ports akka-http commit `2c4a3c8dc` and also adds the correct RFC 7540 §8.1.2 distinction that was missing in the original upstream commit: - **Structural violations** — e.g. `:status` pseudo-header in a request, any pseudo-header appearing after a regular header, `Connection` header, `TE` header with value other than `trailers`, empty `:path` — constitute a connection-level protocol error per RFC 7540 §8.1.2 and must result in `GOAWAY(PROTOCOL_ERROR)`. - **Parse / semantic errors** — e.g. duplicate or negative `content-length`, unrecognised HTTP method, invalid URI characters — are stream-level errors and should yield a standard HTTP 400 response on that stream only, leaving the connection intact. ## Modification - Add `ParseRequestResult` sealed ADT (`OkRequest` / `BadRequest`) in `RequestParsing.scala` so the parser can signal which kind of failure occurred - Introduce a new `RequestErrorFlow` graph stage (`http-core` module) that intercepts `BadRequest` results and emits an outgoing HTTP 400 response on the correct stream - Wire `RequestErrorFlow` into `Http2Blueprint` between the request-parsing stage and the application handler - Add MiMa binary-compatibility exclusion file (`4226-bad-header-http2-response.excludes`) for the new public ADT types - Update `RequestParsingSpec`, `Http2ServerSpec`, and related test helpers to cover both error categories Ported from akka-http commit: `2c4a3c8dc` Follow-up alignment: align structural-violation cases to `GOAWAY(PROTOCOL_ERROR)` per RFC 7540 §8.1.2 ## Result - HTTP/2 servers now respond with HTTP 400 for malformed-but-parseable requests, giving clients an actionable error response - Structural protocol violations continue to trigger `GOAWAY(PROTOCOL_ERROR)`, maintaining full RFC 7540 compliance - All h2spec RFC 7540 conformance tests pass - Full `sbt test` suite is green locally -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
