diff --git a/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/DefaultH2RequestConverter.java b/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/DefaultH2RequestConverter.java index 1a1ef20ee..20f6dde52 100644 --- a/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/DefaultH2RequestConverter.java +++ b/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/DefaultH2RequestConverter.java @@ -97,6 +97,9 @@ public HttpRequest convert(final List
headers) throws HttpException { path = value; break; case H2PseudoRequestHeaders.AUTHORITY: + if (authority != null) { + throw new ProtocolException("Multiple '%s' request headers are illegal", name); + } authority = value; break; case H2PseudoRequestHeaders.PROTOCOL: diff --git a/httpcore5-h2/src/test/java/org/apache/hc/core5/http2/impl/TestDefaultH2RequestConverter.java b/httpcore5-h2/src/test/java/org/apache/hc/core5/http2/impl/TestDefaultH2RequestConverter.java index e7f4b3943..70d25751a 100644 --- a/httpcore5-h2/src/test/java/org/apache/hc/core5/http2/impl/TestDefaultH2RequestConverter.java +++ b/httpcore5-h2/src/test/java/org/apache/hc/core5/http2/impl/TestDefaultH2RequestConverter.java @@ -563,6 +563,26 @@ void testInvalidOptionsNeitherAsteriskNorRoot() { Assertions.assertThrows(ProtocolException.class, () -> converter.convert(headers)); } + @Test + void testConvertFromFieldsMultipleAuthority() { + final List
headers = Arrays.asList( + new BasicHeader(":method", "GET"), + new BasicHeader(":scheme", "https"), + new BasicHeader(":authority", "www.example.com"), + new BasicHeader(":authority", "www2.example.com"), + new BasicHeader(":path", "/")); + + final DefaultH2RequestConverter converter = new DefaultH2RequestConverter(); + + final ProtocolException ex = Assertions.assertThrows( + ProtocolException.class, + () -> converter.convert(headers)); + + Assertions.assertTrue( + ex.getMessage().contains("Multiple ':authority' request headers are illegal"), + ex::getMessage); + } + }