Summary

Make HttpClient reject responses that are malformed.

Problem

RFC 9113 HTTP/2 mandates certain validation for HTTP headers; the HttpClient doesn't fully implement the described requirements.

Section 8.3 states that:

Pseudo-header fields defined for requests MUST NOT appear in responses; pseudo-header fields defined for responses MUST NOT appear in requests. Pseudo-header fields MUST NOT appear in a trailer section. Endpoints MUST treat a request or response that contains undefined or invalid pseudo-header fields as malformed

This is currently not enforced. The client accepts request pseudo headers in response, and response headers in push promises. Trailer handling is currently unimplemented.

Section 8.2.2 states that:

An endpoint MUST NOT generate an HTTP/2 message containing connection-specific header fields. This includes the Connection header field and those listed as having connection-specific semantics in Section 7.6.1 of [HTTP] (that is, Proxy-Connection, Keep-Alive, Transfer-Encoding, and Upgrade). Any message containing connection-specific header fields MUST be treated as malformed

This is currently not enforced. The client ignores the presence of these headers.

Solution

Validate the headers received in server responses and push promises. If a malformed response is detected, report it to the user by failing the request and throwing a ProtocolException.

Limited validation was implemented in JDK-8303965. Failures were reported by throwing an IOException. Here the validation is extended to cover more cases, and the exception type is changed to ProtocolException, which better describes the problem.

Specification

No specification changes, implementation change only. HttpClient send methods are specified to throw IOException. ProtocolException is a subclass of IOException, and is not explicitly documented anywhere in the HttpClient documentation.