http2: The http2 server rejects large headers and the cutoff does not appear to be configurable

[murgatroid99]

• Version: 14.10.0, 12.18.3, 10.22.1
• Platform: Linux DESKTOP-OKC3QBQ 4.4.0-18362-Microsoft Crypto tests overhaul #1049-Microsoft Thu Aug 14 12:01:00 PST 2020 x86_64 x86_64 x86_64 GNU/Linux
• Subsystem: http2

What steps will reproduce the bug?

const http2 = require('http2');

const server = http2.createServer({
  maxSendHeaderBlockLength: Number.MAX_SAFE_INTEGER
});

server.on('stream', (stream, headers) => {
  stream.respond();
  stream.end();
});

server.listen(8080, () => {
  const clientSession = http2.connect('http://localhost:8080', {
    maxSendHeaderBlockLength: Number.MAX_SAFE_INTEGER
  });

  clientSession.on('error', (error) => {
    console.log(error);
  });

  // 90kB is fairly close to the limit. 80kB is below the limit
  const stream = clientSession.request({
    'test-header': 'A'.repeat(90_000)
  });

  stream.on('close', () => {
    console.log(`Stream closed with RST_STREAM code ${stream.rstCode}`);
  });

  stream.on('error', (error) => {
    console.log(error);
  })

  stream.end();
});

How often does it reproduce? Is there a required condition?

This reproduction is 100% consistent

What is the expected behavior?

Expected output:

Stream closed with RST_STREAM code 0

What do you see instead?

Actual output:

Error [ERR_HTTP2_SESSION_ERROR]: Session closed with error code 9
    at Http2Session.onGoawayData (internal/http2/core.js:642:21) {
  code: 'ERR_HTTP2_SESSION_ERROR'
}
Stream closed with RST_STREAM code 9
Error [ERR_HTTP2_SESSION_ERROR]: Session closed with error code 9
    at Http2Session.onGoawayData (internal/http2/core.js:642:21) {
  code: 'ERR_HTTP2_SESSION_ERROR'
}

Additional information

I tried configuring this limit using the maxHeaderListSize and headerTableSize settings, but they seemed to have no effect.

[murgatroid99]

@nodejs/http2

[RafaelGSS]

@murgatroid99 is it different from: #35233?

[murgatroid99]

This issue is about the lack of configuration for the size of headers that the server accepts. That other issue is about a crash that occurs when shutting down a server after it receives headers that are very large.

[RafaelGSS]

As mentioned in the issue above, currently nghttp2 has a limit of 65536 bytes per pair (headerKey: value).

I would say that is expected an error code 9 when a request exceeds this limit. What do you think would be better though?

[murgatroid99]

It was not clear to me until just now that that was a per-header-entry limit. I will test out multiple header entries and if that does allow for larger total headers then I guess this issue will be resolved.

[RafaelGSS]

It was not clear to me until just now that that was a per-header-entry limit. I will test out multiple header entries and if that does allow for larger total headers then I guess this issue will be resolved.

Ok, let me know. Anyway, I think this information should be added to the docs.