From 67a4a498d8bbdce4e604bc578da4693fb048f83d Mon Sep 17 00:00:00 2001
From: Sabrina Jewson <sejewson@gmail.com>
Date: Thu, 29 Aug 2024 02:18:40 +0100
Subject: [PATCH] fix(http2): strip content-length header in response to
 CONNECT requests (#3748)

s
---
 src/proto/h2/server.rs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/proto/h2/server.rs b/src/proto/h2/server.rs
index ee2d08eaaf..be897a54cf 100644
--- a/src/proto/h2/server.rs
+++ b/src/proto/h2/server.rs
@@ -485,6 +485,13 @@ where
                                 me.reply.send_reset(h2::Reason::INTERNAL_ERROR);
                                 return Poll::Ready(Err(crate::Error::new_user_header()));
                             }
+                            if res
+                                .headers_mut()
+                                .remove(::http::header::CONTENT_LENGTH)
+                                .is_some()
+                            {
+                                warn!("successful response to CONNECT request disallows content-length header");
+                            }
                             let send_stream = reply!(me, res, false);
                             connect_parts.pending.fulfill(Upgraded::new(
                                 H2Upgraded {