Deprecate --gfe2_reloadable_flag_quic_validate_header_field_value_at_spdy_stream.
PiperOrigin-RevId: 474085897
diff --git a/quiche/quic/core/http/quic_spdy_stream.cc b/quiche/quic/core/http/quic_spdy_stream.cc
index bce3722..44de84c 100644
--- a/quiche/quic/core/http/quic_spdy_stream.cc
+++ b/quiche/quic/core/http/quic_spdy_stream.cc
@@ -625,8 +625,6 @@
: header_list.empty();
if (!AreHeaderFieldValuesValid(header_list)) {
OnInvalidHeaders();
- QUIC_RELOADABLE_FLAG_COUNT_N(
- quic_validate_header_field_value_at_spdy_stream, 2, 2);
return;
}
// Validate request headers if it did not exceed size limit. If it did,
@@ -1571,12 +1569,9 @@
bool QuicSpdyStream::AreHeaderFieldValuesValid(
const QuicHeaderList& header_list) const {
- if (!GetQuicReloadableFlag(quic_validate_header_field_value_at_spdy_stream) ||
- !VersionUsesHttp3(transport_version())) {
+ if (!VersionUsesHttp3(transport_version())) {
return true;
}
- QUIC_RELOADABLE_FLAG_COUNT_N(quic_validate_header_field_value_at_spdy_stream,
- 1, 2);
// According to https://www.rfc-editor.org/rfc/rfc9114.html#section-10.3
// "[...] HTTP/3 can transport field values that are not valid. While most
// values that can be encoded will not alter field parsing, carriage return
diff --git a/quiche/quic/core/qpack/qpack_decoder_test.cc b/quiche/quic/core/qpack/qpack_decoder_test.cc
index ecf3a17..5cfd960 100644
--- a/quiche/quic/core/qpack/qpack_decoder_test.cc
+++ b/quiche/quic/core/qpack/qpack_decoder_test.cc
@@ -223,15 +223,8 @@
}
TEST_P(QpackDecoderTest, LineFeedInValue) {
- if (!GetQuicReloadableFlag(quic_validate_header_field_value_at_spdy_stream)) {
- EXPECT_CALL(handler_,
- OnDecodingErrorDetected(QUIC_INVALID_CHARACTER_IN_FIELD_VALUE,
- "Invalid character in field value."));
- } else {
- EXPECT_CALL(handler_, OnHeaderDecoded(Eq("foo"), Eq("ba\nr")));
- EXPECT_CALL(handler_, OnDecodingCompleted());
- }
-
+ EXPECT_CALL(handler_, OnHeaderDecoded(Eq("foo"), Eq("ba\nr")));
+ EXPECT_CALL(handler_, OnDecodingCompleted());
DecodeHeaderBlock(absl::HexStringToBytes("000023666f6f0462610a72"));
}
diff --git a/quiche/quic/core/qpack/qpack_progressive_decoder.cc b/quiche/quic/core/qpack/qpack_progressive_decoder.cc
index feea62a..5dc5a68 100644
--- a/quiche/quic/core/qpack/qpack_progressive_decoder.cc
+++ b/quiche/quic/core/qpack/qpack_progressive_decoder.cc
@@ -339,31 +339,9 @@
return true;
}
-bool QpackProgressiveDecoder::OnHeaderDecoded(bool value_from_static_table,
+bool QpackProgressiveDecoder::OnHeaderDecoded(bool /*value_from_static_table*/,
absl::string_view name,
absl::string_view value) {
- if (!GetQuicReloadableFlag(quic_validate_header_field_value_at_spdy_stream)) {
- // Skip test for static table entries as they are all known to be valid.
- if (!value_from_static_table) {
- // According to Section 10.3 of
- // https://quicwg.org/base-drafts/draft-ietf-quic-http.html,
- // "[...] HTTP/3 can transport field values that are not valid. While most
- // values that can be encoded will not alter field parsing, carriage
- // return (CR, ASCII 0x0d), line feed (LF, ASCII 0x0a), and the zero
- // character (NUL, ASCII 0x00) might be exploited by an attacker if they
- // are translated verbatim. Any request or response that contains a
- // character not permitted in a field value MUST be treated as malformed
- // [...]"
- for (const auto c : value) {
- if (c == '\0' || c == '\n' || c == '\r') {
- OnError(QUIC_INVALID_CHARACTER_IN_FIELD_VALUE,
- "Invalid character in field value.");
- return false;
- }
- }
- }
- }
-
handler_->OnHeaderDecoded(name, value);
return true;
}
diff --git a/quiche/quic/core/quic_flags_list.h b/quiche/quic/core/quic_flags_list.h
index 8f7828c..7c99e37 100644
--- a/quiche/quic/core/quic_flags_list.h
+++ b/quiche/quic/core/quic_flags_list.h
@@ -87,8 +87,6 @@
QUIC_FLAG(quic_reloadable_flag_quic_connection_migration_use_new_cid_v2, true)
// If true, uses conservative cwnd gain and pacing gain when cwnd gets bootstrapped.
QUIC_FLAG(quic_reloadable_flag_quic_conservative_cwnd_and_pacing_gains, false)
-// If true, validate header field character at spdy stream instead of qpack for IETF QUIC.
-QUIC_FLAG(quic_reloadable_flag_quic_validate_header_field_value_at_spdy_stream, true)
// QuicConnection uses a library to generate connection IDs
QUIC_FLAG(quic_reloadable_flag_quic_connection_uses_abstract_connection_id_generator, false)
// QuicDispatcher uses a library to generate connection IDs
diff --git a/quiche/quic/tools/quic_simple_server_stream_test.cc b/quiche/quic/tools/quic_simple_server_stream_test.cc
index 1702ea1..69851f2 100644
--- a/quiche/quic/tools/quic_simple_server_stream_test.cc
+++ b/quiche/quic/tools/quic_simple_server_stream_test.cc
@@ -703,8 +703,7 @@
// \000 is a way to write the null byte when followed by a literal digit.
header_list_.OnHeader("content-length", absl::string_view("11\00012", 5));
- if (GetQuicReloadableFlag(quic_validate_header_field_value_at_spdy_stream) &&
- session_.version().UsesHttp3()) {
+ if (session_.version().UsesHttp3()) {
EXPECT_CALL(session_,
MaybeSendStopSendingFrame(_, QuicResetStreamError::FromInternal(
QUIC_STREAM_NO_ERROR)));
@@ -725,8 +724,7 @@
// \000 is a way to write the null byte when followed by a literal digit.
header_list_.OnHeader("content-length", absl::string_view("\00012", 3));
- if (GetQuicReloadableFlag(quic_validate_header_field_value_at_spdy_stream) &&
- session_.version().UsesHttp3()) {
+ if (session_.version().UsesHttp3()) {
EXPECT_CALL(session_,
MaybeSendStopSendingFrame(_, QuicResetStreamError::FromInternal(
QUIC_STREAM_NO_ERROR)));
@@ -747,8 +745,7 @@
// \000 is a way to write the null byte when followed by a literal digit.
header_list_.OnHeader("content-length", absl::string_view("11\00011", 5));
- if (GetQuicReloadableFlag(quic_validate_header_field_value_at_spdy_stream) &&
- session_.version().UsesHttp3()) {
+ if (session_.version().UsesHttp3()) {
EXPECT_CALL(session_,
MaybeSendStopSendingFrame(_, QuicResetStreamError::FromInternal(
QUIC_STREAM_NO_ERROR)));
@@ -760,8 +757,7 @@
stream_->OnStreamHeaderList(false, kFakeFrameLen, header_list_);
- if (GetQuicReloadableFlag(quic_validate_header_field_value_at_spdy_stream) &&
- session_.version().UsesHttp3()) {
+ if (session_.version().UsesHttp3()) {
EXPECT_TRUE(QuicStreamPeer::read_side_closed(stream_));
EXPECT_TRUE(stream_->reading_stopped());
EXPECT_TRUE(stream_->write_side_closed());
