(http2): Lower WINDOWS_UPDATE received on (half)closed stream to stream abortion#63873
Merged
DeagleGross merged 2 commits intomainfrom Sep 30, 2025
Merged
(http2): Lower WINDOWS_UPDATE received on (half)closed stream to stream abortion#63873DeagleGross merged 2 commits intomainfrom
DeagleGross merged 2 commits intomainfrom
Conversation
… error instead of connection-level error
DeagleGross
requested review from
BrennanConroy,
JamesNK and
halter73
as code owners
Contributor
There was a problem hiding this comment.
Pull Request Overview
This change modifies Kestrel's HTTP/2 behavior to handle WINDOW_UPDATE frames received on closed or half-closed streams more permissively by downgrading from a connection-level error to a stream-level error.
- Changes error handling for WINDOW_UPDATE frames on closed streams from connection abort to stream error
- Updates test expectations to match new stream-level error behavior
- Removes quarantine from test that was previously failing due to strict connection abort
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| Http2Connection.cs | Changes WINDOW_UPDATE on closed stream from connection abort to stream error with detailed documentation |
| Http2ConnectionTests.cs | Updates test to expect stream error instead of connection error and removes quarantine |
github-actions
bot
added
the
area-networking
halter73
approved these changes
Sep 29, 2025
src/Servers/Kestrel/test/InMemory.FunctionalTests/Http2/Http2ConnectionTests.cs
Show resolved
Hide resolved
Member
Author
|
/backport to release/10.0 |
Contributor
|
Started backporting to release/10.0: https://github.com/dotnet/aspnetcore/actions/runs/18131546148 |
11 tasks
Member
Author
|
/backport to release/8.0 |
Contributor
|
Started backporting to release/8.0: https://github.com/dotnet/aspnetcore/actions/runs/18193206628 |
Contributor
|
@DeagleGross backporting to "release/8.0" failed, the patch most likely resulted in conflicts: $ git am --3way --empty=keep --ignore-whitespace --keep-non-patch changes.patch
Applying: change WINDOWS_UPDATE received on (half)closed stream to stream-level error instead of connection-level error
Using index info to reconstruct a base tree...
M src/Servers/Kestrel/Core/src/Internal/Http2/Http2Connection.cs
M src/Servers/Kestrel/test/InMemory.FunctionalTests/Http2/Http2ConnectionTests.cs
Falling back to patching base and 3-way merge...
Auto-merging src/Servers/Kestrel/Core/src/Internal/Http2/Http2Connection.cs
CONFLICT (content): Merge conflict in src/Servers/Kestrel/Core/src/Internal/Http2/Http2Connection.cs
Auto-merging src/Servers/Kestrel/test/InMemory.FunctionalTests/Http2/Http2ConnectionTests.cs
CONFLICT (content): Merge conflict in src/Servers/Kestrel/test/InMemory.FunctionalTests/Http2/Http2ConnectionTests.cs
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config set advice.mergeConflict false"
Patch failed at 0001 change WINDOWS_UPDATE received on (half)closed stream to stream-level error instead of connection-level error
Error: The process '/usr/bin/git' failed with exit code 128Please backport manually! |
11 tasks
Member
Author
|
/backport to release/9.0 |
Contributor
|
Started backporting to release/9.0: https://github.com/dotnet/aspnetcore/actions/runs/18279450394 |
Contributor
|
@DeagleGross backporting to "release/9.0" failed, the patch most likely resulted in conflicts: $ git am --3way --empty=keep --ignore-whitespace --keep-non-patch changes.patch
Applying: change WINDOWS_UPDATE received on (half)closed stream to stream-level error instead of connection-level error
Using index info to reconstruct a base tree...
M src/Servers/Kestrel/Core/src/Internal/Http2/Http2Connection.cs
M src/Servers/Kestrel/test/InMemory.FunctionalTests/Http2/Http2ConnectionTests.cs
Falling back to patching base and 3-way merge...
Auto-merging src/Servers/Kestrel/Core/src/Internal/Http2/Http2Connection.cs
Auto-merging src/Servers/Kestrel/test/InMemory.FunctionalTests/Http2/Http2ConnectionTests.cs
CONFLICT (content): Merge conflict in src/Servers/Kestrel/test/InMemory.FunctionalTests/Http2/Http2ConnectionTests.cs
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config set advice.mergeConflict false"
Patch failed at 0001 change WINDOWS_UPDATE received on (half)closed stream to stream-level error instead of connection-level error
Error: The process '/usr/bin/git' failed with exit code 128Please backport manually! |
11 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
As per discussion in #63726 other servers interpret the HTTP2 spec differently, and Kestrel is the most secure with the behavior: if WINDOWS_UPDATE frame is received on the half-closed or closed stream, it aborts the whole connection.
Current PR is lowering the error from connection-level to stream-level.
Fixes #63726
Unquarantines #53744