Allows "classic" CONNECT request headers even when the extended connection option has been set.
PiperOrigin-RevId: 450736697
diff --git a/quiche/http2/adapter/header_validator.cc b/quiche/http2/adapter/header_validator.cc
index 972b0c6..67d543a 100644
--- a/quiche/http2/adapter/header_validator.cc
+++ b/quiche/http2/adapter/header_validator.cc
@@ -96,14 +96,15 @@
static const std::vector<std::string>* kExtendedConnectHeaders =
new std::vector<std::string>(
{":authority", ":method", ":path", ":protocol", ":scheme"});
- return pseudo_headers == *kExtendedConnectHeaders;
- } else {
- // See RFC 7540 Section 8.3.
- static const std::vector<std::string>* kConnectHeaders =
- new std::vector<std::string>({":authority", ":method"});
- return authority.has_value() && !authority.value().empty() &&
- pseudo_headers == *kConnectHeaders;
+ if (pseudo_headers == *kExtendedConnectHeaders) {
+ return true;
+ }
}
+ // See RFC 7540 Section 8.3.
+ static const std::vector<std::string>* kConnectHeaders =
+ new std::vector<std::string>({":authority", ":method"});
+ return authority.has_value() && !authority.value().empty() &&
+ pseudo_headers == *kConnectHeaders;
}
if (path.empty()) {
diff --git a/quiche/http2/adapter/header_validator_test.cc b/quiche/http2/adapter/header_validator_test.cc
index fc3e207..6e446f2 100644
--- a/quiche/http2/adapter/header_validator_test.cc
+++ b/quiche/http2/adapter/header_validator_test.cc
@@ -303,6 +303,15 @@
EXPECT_EQ(HeaderValidator::HEADER_OK,
v.ValidateSingleHeader(":method", "CONNECT"));
EXPECT_TRUE(v.FinishHeaderBlock(HeaderType::REQUEST));
+
+ v.SetAllowExtendedConnect();
+ // "Classic" CONNECT headers should still be accepted.
+ v.StartHeaderBlock();
+ EXPECT_EQ(HeaderValidator::HEADER_OK,
+ v.ValidateSingleHeader(":authority", "athena.dialup.mit.edu:23"));
+ EXPECT_EQ(HeaderValidator::HEADER_OK,
+ v.ValidateSingleHeader(":method", "CONNECT"));
+ EXPECT_TRUE(v.FinishHeaderBlock(HeaderType::REQUEST));
}
TEST(HeaderValidatorTest, WebsocketPseudoHeaders) {
