Skip to content

Validate Connection: Upgrade on protocol switch responses#807

Merged
arturobernalg merged 1 commit into
apache:masterfrom
arturobernalg:protocol-switch-connection-upgrade
Apr 18, 2026
Merged

Validate Connection: Upgrade on protocol switch responses#807
arturobernalg merged 1 commit into
apache:masterfrom
arturobernalg:protocol-switch-connection-upgrade

Conversation

@arturobernalg

Copy link
Copy Markdown
Member

ProtocolSwitchStrategy now rejects 101 Switching Protocols responses that advertise Upgrade without the required Connection: Upgrade token.

RFC 2817 notes:
"the upgrade keyword MUST be supplied within a Connection header field (section 14.10) whenever Upgrade is present in an HTTP/1.1 message". :contentReference[oaicite:0]{index=0}

RFC 9110 requires:
"A sender of Upgrade MUST also send an "Upgrade" connection option in the Connection header field (Section 7.6.1)". :contentReference[oaicite:1]{index=1}

@arturobernalg arturobernalg requested a review from ok2c February 24, 2026 16:51
}
}

private boolean containsConnectionUpgrade(final HttpMessage message) throws ProtocolException {

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@arturobernalg Use MessageSupport#parseHeaders or MessageSupport#parseTokens instead.

@arturobernalg arturobernalg force-pushed the protocol-switch-connection-upgrade branch 2 times, most recently from 225c915 to b87b8fd Compare April 7, 2026 08:03
ProtocolSwitchStrategy now rejects 101 Switching Protocols responses that
advertise Upgrade without the required Connection: Upgrade token.
@arturobernalg arturobernalg force-pushed the protocol-switch-connection-upgrade branch from f5f29e9 to be90817 Compare April 7, 2026 08:05
@arturobernalg arturobernalg requested a review from ok2c April 18, 2026 06:28
@arturobernalg arturobernalg merged commit 2c36560 into apache:master Apr 18, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants