Fixes #13098 - HTTP2 Server Error Handling is different than HTTP1 (#13141)

* Made HTTP/2 and HTTP/3 behave like HTTP/1 when the client aborts the request abruptly.
In HTTP/1, the server was sending an error response, but in HTTP/2/3, only a reset was sent, producing an empty page on browsers.
Now in all HTTP versions, such type of failures are detected, will eventually go through the core `ErrorHandler` to produce an error page.
* Introduced `HttpURI.Unsafe` to write test cases that require unsafe URIs, and updated `HttpURI` javadocs.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>

Author: sbordet

jetty-core/jetty-client/src/main/java/org/eclipse/jetty/client/transport/internal/HttpSenderOverHTTP.java

@@ -68,11 +68,9 @@ protected void sendHeaders(HttpExchange exchange, ByteBuffer contentBuffer, bool
             HttpRequest request = exchange.getRequest();
             Content.Source requestContent = request.getBody();
             long contentLength = requestContent == null ? -1 : requestContent.getLength();
-            String path = request.getPath();
-            String query = request.getQuery();
-            if (query != null)
-                path += "?" + query;
-            metaData = new MetaData.Request(request.getMethod(), HttpURI.from(path), request.getVersion(), request.getHeaders(), contentLength, request.getTrailersSupplier());
+            // URI validations already performed by using the java.net.URI class.
+            HttpURI uri = HttpURI.from(null, null, -1, request.getPath(), request.getQuery(), null);
+            metaData = new MetaData.Request(request.getMethod(), uri, request.getVersion(), request.getHeaders(), contentLength, request.getTrailersSupplier());
             if (LOG.isDebugEnabled())
                 LOG.debug("Sending headers with content {} last={} for {}", BufferUtil.toDetailString(contentBuffer), lastContent, exchange.getRequest());
             headersCallback.iterate();

jetty-core/jetty-http/src/main/java/org/eclipse/jetty/http/HttpURI.java

@@ -29,14 +29,14 @@
 import org.eclipse.jetty.util.URIUtil;
 
 /**
- * Http URI.
- *
- * Both {@link Mutable} and {@link Immutable} implementations are available
- * via the static methods such as {@link #build()} and {@link #from(String)}.
- *
- * A URI such as
+ * <p>Representation of HTTP URIs.</p>
+ * <p>Both {@link Mutable} and {@link Immutable} implementations are available
+ * via the static methods such as {@link #build()} and {@link #from(String)},
+ * and {@link Unsafe} can be used for tests or invalid URIs.</p>
+ * <p>An HTTP URI such as
  * {@code http://user@host:port/path;param1/%2e/f%6fo%2fbar%20bob;param2?query#fragment}
- * is split into the following optional elements:<ul>
+ * is split into the following optional elements:</p>
+ * <ul>
  * <li>{@link #getScheme()} - http:</li>
  * <li>{@link #getAuthority()} - //name@host:port</li>
  * <li>{@link #getHost()} - host</li>
@@ -58,26 +58,17 @@
  * expansion. A literal interpretation of the RFC can result in URI paths with ambiguities
  * when viewed as strings. For example, a URI of {@code /foo%2f..%2fbar} is technically a single
  * segment of "/foo/../bar", but could easily be misinterpreted as 3 segments resolving to "/bar"
- * by a file system.
- * </p>
- * <p>
- * Thus this class avoid and/or detects such ambiguities. Furthermore, by decoding characters and
+ * by a file system.</p>
+ * <p>Thus this class avoid and/or detects such ambiguities. Furthermore, by decoding characters and
  * removing parameters before relative path normalization, ambiguous paths will be resolved in such
- * a way to be non-standard-but-non-ambiguous to down stream interpretation of the decoded path string.
- * </p>
- * <p>
- * This class collates any {@link UriCompliance.Violation violations} against the specification
+ * a way to be non-standard-but-non-ambiguous to down stream interpretation of the decoded path string.</p>
+ * <p>This class collates any {@link UriCompliance.Violation violations} against the specification
  * and/or best practises in the {@link #getViolations()}.  Users of this class should check against a
  * configured {@link UriCompliance} mode if the {@code HttpURI} is suitable for use
- * (see {@link UriCompliance#checkUriCompliance(UriCompliance, HttpURI, ComplianceViolation.Listener)}).
- * </p>
- * <p>
- * For example, implementations that wish to process ambiguous URI paths must configure the compliance modes
- * to accept them and then perform their own decoding of {@link #getPath()}.
- * </p>
- * <p>
- * If there are multiple path parameters, only the last one is returned by {@link #getParam()}.
- * </p>
+ * (see {@link UriCompliance#checkUriCompliance(UriCompliance, HttpURI, ComplianceViolation.Listener)}).</p>
+ * <p>For example, implementations that wish to process ambiguous URI paths must configure the compliance
+ * modes to accept them and then perform their own decoding of {@link #getPath()}.</p>
+ * <p>If there are multiple path parameters, only the last one is returned by {@link #getParam()}.</p>
  **/
 public interface HttpURI
 {
@@ -152,9 +143,20 @@ static Immutable from(String scheme, String host, int port, String pathQuery)
         return new Mutable(scheme, host, port, pathQuery).asImmutable();
     }
 
+    /**
+     * <p>Creates a new {@code HttpURI} with the given arguments.</p>
+     *
+     * @param scheme the URI scheme (normalized to lower-case)
+     * @param host the URI host
+     * @param port the URI port, or {@code -1} for no port
+     * @param path the URI path
+     * @param query the URI query
+     * @param fragment the URI fragment
+     * @return a new {@code HttpURI}
+     */
     static Immutable from(String scheme, String host, int port, String path, String query, String fragment)
     {
-        return new Immutable(scheme, host, port, path, query, fragment);
+        return new Immutable(scheme, host, port, path, query, fragment, false);
     }
 
     Immutable asImmutable();
@@ -300,16 +302,15 @@ private Immutable(Mutable builder)
                 _violations = Collections.unmodifiableSet(EnumSet.copyOf(builder._violations));
         }
 
-        private Immutable(String scheme, String host, int port, String path, String query, String fragment)
+        private Immutable(String scheme, String host, int port, String path, String query, String fragment, boolean unsafe)
         {
             _uri = null;
-
-            _scheme = URIUtil.normalizeScheme(scheme);
+            _scheme = unsafe ? scheme : URIUtil.normalizeScheme(scheme);
             _user = null;
             _host = host;
-            _port = (port > 0) ? port : URIUtil.UNDEFINED_PORT;
+            _port = unsafe || port > 0 ? port : URIUtil.UNDEFINED_PORT;
             _path = path;
-            _canonicalPath = _path == null ? null : URIUtil.canonicalPath(_path);
+            _canonicalPath = unsafe || path == null ? path : URIUtil.canonicalPath(path);
             _param = null;
             _query = query;
             _fragment = fragment;
@@ -506,6 +507,29 @@ public String toString()
         }
     }
 
+    /**
+     * <p>An unsafe {@link HttpURI} that accepts URI parts without checking whether they are valid.</p>
+     * <p>This class should be primarily used for testing, since possibly invalid URI may break
+     * arbitrary code.</p>
+     */
+    class Unsafe extends Immutable
+    {
+        /**
+         * <p>Creates a new unsafe {@link HttpURI} with the given arguments.</p>
+         *
+         * @param scheme the URI scheme
+         * @param host the URI host
+         * @param port the URI port, or {@code -1} for no port
+         * @param path the URI path
+         * @param query the URI query
+         * @param fragment the URI fragment
+         */
+        public Unsafe(String scheme, String host, int port, String path, String query, String fragment)
+        {
+            super(scheme, host, port, path, query, fragment, true);
+        }
+    }
+
     class Mutable implements HttpURI
     {
         private enum State
@@ -1692,7 +1716,7 @@ private void checkSegment(String uri, boolean dotOrEncoded, int segment, int end
             if (ambiguous != null)
             {
                 // The segment is always ambiguous.
-                if (Boolean.TRUE.equals(ambiguous))
+                if (ambiguous)
                     addViolation(Violation.AMBIGUOUS_PATH_SEGMENT);
                 // The segment is ambiguous only when followed by a parameter.
                 if (param)

jetty-core/jetty-http/src/main/java/org/eclipse/jetty/http/MetaData.java

@@ -331,4 +331,121 @@ public String toString()
             return String.format("%s{s=%d,h=%d,cl=%d}", getHttpVersion(), getStatus(), headers.size(), getContentLength());
         }
     }
+
+    /**
+     * <p>Marker interface to signal that a {@link MetaData} could not be created,
+     * for example due to an invalid URI or invalid headers.</p>
+     */
+    public interface Failed
+    {
+        /**
+         * <p>Inspects the given {@link MetaData}, and if it is an instance
+         * of this interface return its failure, otherwise returns {@code null}.</p>
+         *
+         * @param metaData the {@link MetaData} to inspect
+         * @return the failure if the given {@link MetaData} is an instance of this
+         * interface, otherwise {@code null}
+         */
+        static Throwable getFailure(MetaData metaData)
+        {
+            return metaData instanceof Failed f ? f.getFailure() : null;
+        }
+
+        /**
+         * <p>Creates a new failed {@link MetaData.Request}, with method {@code GET},
+         * empty {@link HttpURI} and empty {@link HttpFields}, with the given
+         * {@link HttpVersion} and failure.</p>
+         *
+         * @param httpVersion the HTTP version
+         * @param failure the failure cause
+         * @return a new failed  {@link MetaData.Request}
+         */
+        static MetaData.Request newFailedMetaDataRequest(HttpVersion httpVersion, Throwable failure)
+        {
+            return new FailedMetaDataRequest(httpVersion, failure);
+        }
+
+        /**
+         * <p>Creates a new failed {@link MetaData.Response}, with status {@code 0},
+         * no reason, empty {@link HttpFields}, with the given {@link HttpVersion}
+         * and failure.</p>
+         *
+         * @param httpVersion the HTTP version
+         * @param failure the failure cause
+         * @return a new failed  {@link MetaData.Response}
+         */
+        static MetaData.Response newFailedMetaDataResponse(HttpVersion httpVersion, Throwable failure)
+        {
+            return new FailedMetaDataResponse(httpVersion, failure);
+        }
+
+        /**
+         * <p>Creates a new failed {@link MetaData}, with empty {@link HttpFields},
+         * with the given {@link HttpVersion} and failure.</p>
+         *
+         * @param httpVersion the HTTP version
+         * @param failure the failure cause
+         * @return a new failed  {@link MetaData}
+         */
+        static MetaData newFailedMetaData(HttpVersion httpVersion, Throwable failure)
+        {
+            return new FailedMetaData(httpVersion, failure);
+        }
+
+        /**
+         * @return the failure cause
+         */
+        Throwable getFailure();
+    }
+
+    private static class FailedMetaDataRequest extends MetaData.Request implements Failed
+    {
+        private final Throwable failure;
+
+        private FailedMetaDataRequest(HttpVersion httpVersion, Throwable failure)
+        {
+            super("GET", HttpURI.build(), httpVersion, HttpFields.EMPTY);
+            this.failure = Objects.requireNonNull(failure);
+        }
+
+        @Override
+        public Throwable getFailure()
+        {
+            return failure;
+        }
+    }
+
+    private static class FailedMetaDataResponse extends MetaData.Response implements Failed
+    {
+        private final Throwable failure;
+
+        private FailedMetaDataResponse(HttpVersion httpVersion, Throwable failure)
+        {
+            super(0, null, httpVersion, HttpFields.EMPTY);
+            this.failure = Objects.requireNonNull(failure);
+        }
+
+        @Override
+        public Throwable getFailure()
+        {
+            return failure;
+        }
+    }
+
+    private static class FailedMetaData extends MetaData implements Failed
+    {
+        private final Throwable failure;
+
+        private FailedMetaData(HttpVersion httpVersion, Throwable failure)
+        {
+            super(httpVersion, HttpFields.EMPTY);
+            this.failure = Objects.requireNonNull(failure);
+        }
+
+        @Override
+        public Throwable getFailure()
+        {
+            return failure;
+        }
+    }
 }

jetty-core/jetty-http2/jetty-http2-client-transport/src/main/java/org/eclipse/jetty/http2/client/transport/internal/HttpSenderOverHTTP2.java

@@ -72,12 +72,8 @@ protected void sendHeaders(HttpExchange exchange, ByteBuffer contentBuffer, bool
         else
         {
             String path = relativize(request.getPath());
-            HttpURI uri = HttpURI.build()
-                .scheme(request.getScheme())
-                .host(request.getHost())
-                .port(request.getPort())
-                .path(path)
-                .query(request.getQuery());
+            // URI validations already performed by using the java.net.URI class.
+            HttpURI uri = HttpURI.from(request.getScheme(), request.getHost(), request.getPort(), path, request.getQuery(), null);
             metaData = new MetaData.Request(request.getMethod(), uri, HttpVersion.HTTP_2, request.getHeaders(), -1, request.getTrailersSupplier());
         }
 

jetty-core/jetty-http2/jetty-http2-common/src/main/java/org/eclipse/jetty/http2/HTTP2Session.java

@@ -643,17 +643,22 @@ public void onWindowUpdate(HTTP2Stream stream, WindowUpdateFrame frame)
     @Override
     public void onStreamFailure(int streamId, int error, String reason)
     {
-        Callback callback = Callback.from(() -> reset(getStream(streamId), new ResetFrame(streamId, error), Callback.NOOP));
-        Throwable failure = toFailure(error, reason);
-        if (LOG.isDebugEnabled())
-            LOG.debug("Stream #{} failure {}", streamId, this, failure);
         HTTP2Stream stream = getStream(streamId);
+        Callback callback = Callback.from(() -> reset(stream, new ResetFrame(streamId, error), Callback.NOOP));
+        Throwable failure = toFailure(error, reason);
         if (stream != null)
-            failStream(stream, error, reason, failure, callback);
+            onStreamFailure(stream, error, reason, failure, callback);
         else
             callback.succeeded();
     }
 
+    protected void onStreamFailure(Stream stream, int error, String reason, Throwable failure, Callback callback)
+    {
+        if (LOG.isDebugEnabled())
+            LOG.debug("Stream #{} failure {}", stream.getId(), this, failure);
+        failStream(stream, error, reason, failure, callback);
+    }
+
     @Override
     public void onConnectionFailure(int error, String reason)
     {

jetty-core/jetty-http2/jetty-http2-common/src/main/java/org/eclipse/jetty/http2/HTTP2Stream.java

@@ -162,31 +162,41 @@ public void data(DataFrame frame, Callback callback)
     @Override
     public void reset(ResetFrame frame, Callback callback)
     {
+        if (LOG.isDebugEnabled())
+            LOG.debug("Resetting {} {}", frame, this);
+
         int flowControlLength;
+        boolean reset = true;
         Throwable resetFailure = null;
         try (AutoLock ignored = lock.lock())
         {
-            if (isReset())
+            flowControlLength = drain();
+            if (localReset)
             {
+                reset = false;
                 resetFailure = failure;
             }
             else
             {
                 localReset = true;
                 failure = new EOFException("reset");
             }
-            flowControlLength = drain();
         }
+
         session.dataConsumed(this, flowControlLength);
-        if (resetFailure != null)
+
+        if (reset)
         {
-            close();
-            session.removeStream(this);
-            callback.failed(resetFailure);
+            session.reset(this, frame, callback);
         }
         else
         {
-            session.reset(this, frame, callback);
+            close();
+            session.removeStream(this);
+            if (resetFailure == null)
+                callback.succeeded();
+            else
+                callback.failed(resetFailure);
         }
     }
 

jetty-core/jetty-http2/jetty-http2-common/src/main/java/org/eclipse/jetty/http2/parser/ContinuationBodyParser.java

@@ -20,6 +20,7 @@
 import org.eclipse.jetty.http2.Flags;
 import org.eclipse.jetty.http2.frames.ContinuationFrame;
 import org.eclipse.jetty.http2.frames.HeadersFrame;
+import org.eclipse.jetty.http2.hpack.HpackException;
 import org.eclipse.jetty.io.RetainableByteBuffer;
 
 public class ContinuationBodyParser extends BodyParser
@@ -119,18 +120,16 @@ private boolean onHeaders(ByteBuffer buffer)
         HeadersFrame frame = new HeadersFrame(getStreamId(), metaData, headerBlockFragments.getPriorityFrame(), headerBlockFragments.isEndStream());
         headerBlockFragments.reset();
 
-        if (metaData == HeaderBlockParser.SESSION_FAILURE)
+        Throwable metaDataFailure = MetaData.Failed.getFailure(metaData);
+        if (metaDataFailure instanceof HpackException.SessionException)
             return false;
 
-        if (metaData != HeaderBlockParser.STREAM_FAILURE)
-        {
-            notifyHeaders(frame);
-        }
-        else
+        if (metaDataFailure != null)
         {
             if (!rateControlOnEvent(frame))
                 return connectionFailure(buffer, ErrorCode.ENHANCE_YOUR_CALM_ERROR.code, "invalid_headers_frame_rate");
         }
+        notifyHeaders(frame);
         return true;
     }