]> git.kaiwu.me - nginx.git/commit
projects / nginx.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 00979ba) | patch
Restrict connection-specific headers in HTTP/2 and HTTP/3
authorRoman Arutyunyan <arut@nginx.com>
Wed, 8 Apr 2026 13:19:24 +0000 (17:19 +0400)
committerRoman Arutyunyan <arutyunyan.roman@gmail.com>
Tue, 14 Apr 2026 05:53:13 +0000 (09:53 +0400)
commitd3a76322cf7abedb32b8216d1e5c0cef4858e4d4
treea3efc33a7486dae0450ce0ebf7f05c0b833565e9tree | snapshot
parent00979ba9d843be266529067285b635070f2d1993commit | diff
Restrict connection-specific headers in HTTP/2 and HTTP/3

As per RFC 9113 and RFC 9114, any message containing such headers MUST be
treated as malformed.

As per RFC 9110, Section 7.6.1, the following headers are considered
connection-specific:

- Connection
- Proxy-Connection
- Keep-Alive
- TE
- Transfer-Encoding
- Upgrade

The only exception is the TE header field, which MAY be present in a
request header, but it MUST NOT contain any value other than "trailers".
src/http/ngx_http_request.c diff | blob | history
src/http/v2/ngx_http_v2.c diff | blob | history
src/http/v3/ngx_http_v3_request.c diff | blob | history
nginx upstream