We were looking at all active streams, but that also includes promised
streams.
By the RFC the limitation that our peer specifies only applies to the
number of streams _we_ create, not the total amount of active streams.
More importantly, for the qhttp2protocolhandler it could mean that we
could end up having a few promised streams push the active stream count
over the limit, which could lead us to start more streams than intended
(then bounded by the number of queued requests).
The worst case in this scenario is that a **non-compliant** server
doesn't track how many connections we open and the user has queued
a ton of requests, so we open a ton of streams.
But on the upside: server-push is not widely used.
Pick-to: 6.7
Change-Id: I2a533472eb9127fd176bb99e9db0518f05c3fffe
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
The settings frame with the max streams might be received late
or be revised later, so we cannot assert something on the
relation with the max streams allowed.
Amends 22c99cf498
Pick-to: 6.7
Change-Id: I973dfcf91541becc8c3d6363f9065bb1b9183062
Reviewed-by: Øystein Heskestad <oystein.heskestad@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
On 64-bit systems, both the requests.size() and the
activeStreams.size() were truncated to uint32_t values from int64_t
ones. While extremely unlikely that either will contain more than 4Gi
elements, avoid the truncation by verifying that the `max` amount of
streams is larger than the activeStreams, and then using size_t for
the range.
Pick-to: 6.7
Change-Id: I50644cb634bab0f020acf9aea1d03744b11dbe51
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Juha Vuolle <juha.vuolle@qt.io>
Make QHttp2ProtocolHandler discard all informational (1xx) replies with
the exception of 101.
According to RFC 9110:
"A client MUST be able to parse one or more 1xx responses received
prior to a final response, even if the client does not expect one.
A user agent MAY ignore unexpected 1xx responses."
Fixes: QTBUG-121755
Change-Id: I8b8d578f23d4fbe28929f8c54b3607bcaf85405f
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Juha Vuolle <juha.vuolle@qt.io>
HTTP header name fields are case-insensitive and the QHttpHeaders class
stores them as lower-case. Therefore the case-insensitive comparisons,
when comparing against a lower-case value, are not needed.
Pick-to: 6.7
Change-Id: I7f38ef16aa7c61103abc4c81c13aebdd6e535dc8
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
... as a more computationally effective way, which was not present at
the time those usages were introduced.
As a drive-by add spaces around a binary operator
Task-number: QTBUG-122017
Pick-to: 6.7
Change-Id: I0528c995d1a3c1fe171486c5c313697d1706ee10
Reviewed-by: Marc Mutz <marc.mutz@qt.io>
The code did not handle the path where we didn't have a challenge.
We cannot recover from that so we just have to fail the request.
Amends fe1b668861
Pick-to: 6.7 6.6 6.6.2 6.5 6.2
Fixes: QTBUG-121515
Change-Id: Ie39a92e7439785a09cad28e8f81599a51de5e27f
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
QHttpHeaderParser::headers() method is changed to return QHttpHeaders.
QAuthenticatorPrivate::parseHttpResponse() method is changed to work with QHttpHeaders.
QHttpNetworkHeader::header() method is updated to return QHttpHeaders.
Tests are updated.
Task-number: QTBUG-120133
Change-Id: I20a18b509acd7a8b8d93884cff8349519d64293e
Reviewed-by: Ievgenii Meshcheriakov <ievgenii.meshcheriakov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Øystein Heskestad <oystein.heskestad@qt.io>
The static function appeared in two places, and in a unity-build
this fails quite visibly.
Pick-to: 6.7
Change-Id: I60000d01194a2c79ca9c101f2a6d3f77f469f1a7
Reviewed-by: Alexey Edelev <alexey.edelev@qt.io>
Reviewed-by: Nodir Temirkhodjaev <nodir.temir@gmail.com>
The function is given a vector of Http2::Frame's and flattens it into
a vector<uchar>. While each Frame can contain a maximum of 16GiB of
data (24-bit size field), one "only" needs 257 of them to overflow the
quint32 variable's range.
So make sure any overflow does not go undetected.
Keep the limited uint32_t range for now, as we don't know whether all
consumers of the result can deal with more than 4GiB of data.
Since all these frames must be in memory, this cannot overflow in
practice on 32-bit machines.
Pick-to: 6.7 6.6 6.5 6.2 5.15
Change-Id: Iafaa7d1c870cba9100e75065db11d95934f86213
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
By attempting to get credentials and potentially emitting error
during header parsing we may not have gotten the DATA frames yet
which would leave us emitting error() and finished() without any
body.
Pick-to: 6.6 6.5 6.2
Change-Id: Ibc5fb78193af80ddabaca2c9e4149bbcac9789a1
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Don't use QMap for parsing. Indroduce local enum and use it with std::array
Change-Id: I60fed6991ac415e4ff3827ae621f2c9b5071dcbe
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
for making url to improve readability
Change-Id: I743f183b64f2ed9c9363ea4fd2bdb8588fd84547
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
It looks cleaner when it's declared where it's defined.
Change-Id: I5006fc086c73e6d4891bc64ff3a8c6b4b17623fe
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Thinking back I'm 99% certain I deliberately used QBA because I was
going to cherry-pick it back and didn't feel like dealing with failing
builds. Coming up we will have a lot of other changes here so let's
change this as well.
Change-Id: Ifc60ad8ee2a1e5b75ac766b4a8b7e1559f80e942
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
Change-Id: Ice7f0f026353f5668a437cc35d9b21cde0a69182
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
Change-Id: I4148f94a7d9944eddccaba6dbc956abcd2ad9937
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
Reviewed-by: Ahmad Samir <a.samirh78@gmail.com>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Change-Id: Ibef8da7349d143433522bbb0fd2ee228f0d58135
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
By passing both arguments as qint64, then casting to qint32.
Since one of the arguments are qint32, the result will fit in qint32.
Change-Id: I98e9b1484549fa5dad340f02eda1b341cf6b293d
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Reviewed-by: Ahmad Samir <a.samirh78@gmail.com>
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
If the trailing frame just had PRIORITY we would early-return, though
this meant we didn't check if the frame had the END_STREAM flag set,
leading some requests to certain servers to hang.
Fixes: QTBUG-111417
Pick-to: 6.5 6.4 6.2
Change-Id: Iac174dc5aeca30d5d19fae35f303983de9841847
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
We don't need the QBA later, so just pass it directly to
the QByteDataBuffer and avoid the ref-counter increase/decrease.
Change-Id: I253a29981bdfffb1a205baaaa0788d4283253e19
Reviewed-by: Konrad Kujawa <konrad.kujawa@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Replace the current license disclaimer in files by
a SPDX-License-Identifier.
Files that have to be modified by hand are modified.
License files are organized under LICENSES directory.
Task-number: QTBUG-67283
Change-Id: Id880c92784c40f3bbde861c0d93f58151c18b9f1
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Lars Knoll <lars.knoll@qt.io>
Reviewed-by: Jörg Bornemann <joerg.bornemann@qt.io>
The redirect handling for http2 was a little simple. E.g. not handling
relative URLs.
Fix this using the redirect response parsing function which the http1
protocol handler already uses.
Fixes: QTBUG-100651
Pick-to: 6.3 6.2 5.15
Change-Id: Ic0cec4cacc92707e7a7fde1f4665f80995a6057e
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
These signals allow monitoring where in the HTTP1/HTTP2
flow a request is currently in.
Fixes: QTBUG-71698
Fixes: QTBUG-18766
Change-Id: Icc2fe435afc9f680fa7a76c32731e25fcdfeb4b4
Reviewed-by: Qt CI Bot <qt_ci_bot@qt-project.org>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
SETTINGS for max concurrect number of streams is 'one direction' - this
is how our peer conveys the possible number of streams _we_ can open,
not _them_. If they choose to have it unlimited - let it be so.
It's possible to send 0 as maximum number, also, it's possible to
reduce the maximum compared to initial at some point - then I have
to avoid integer overflows.
Pick-to: 6.2
Pick-to: 6.1
Pick-to: 5.15
Fixes: QTBUG-94470
Change-Id: Ia02247acbaedd70998a4cab02082ba10f45cf78c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Rather than when the data is received. Source compatibility is
achieved through double-decompressing the data. This lets us know
how many bytes are available just as before but without having the
uncompressed data left in memory.
Fixes: QTBUG-83269
Change-Id: I352bd09581614c582e4628243e2a0e895ba4946b
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
With Qt 6 we made HTTP/2 default, which exposed missing handling of
401 Unauthorized (and 407 Proxy Authentication Required).
In HTTP/1.* we would handle this after the response had finished, while
handling the status code. For h2 this path isn't used since it is
heavily reliant on the structure we have for HTTP/1.* (one request per
channel). So we must handle the status code and header directly.
Having that part fixed exposed another issue - when resetting/rewinding
uploaded data we were not resetting the 'totallyUploadedData' counter in
the reply (this, in turn, exposed another small issue). Because of that
we did not actually send any data on the retry, only sending the
content-length followed by no data.
Finally, the small issue mentioned in the previous paragraph was how we
check if we have uploaded all our data. It was only checking if the
byte-device was atEnd(), which it was. But only because it had not yet
prepared any data for us.
Fixes: QTBUG-91284
Pick-to: 6.1 6.0 5.15
Change-Id: I798d105b02688b18a02897cc476f19f57a47f98f
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
In general the protocolHandler isn't deleted unless
the channel is being destructed. So instead of reset()ing
the pointer we keep it around.
Also update the http2protocolhandler to mimic the http1
handler a little closer: shutting down the channel in
receiveReply if there's no reply/activeStreams, and not
calling receiveReply at all if there's no activeStreams.
Pick-to: 5.15
Change-Id: I702547f594deb6b0c1384068f7e93e560527e8e2
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
To avoid potential decompression bombs. This is implemented with just
a simple check that the ratio doesn't pass some hardcoded preset.
Change-Id: I17246f0f43e73280cdb35a8f03d65885f5678ad6
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Changes are not too big for now. Just replaces use of the previous
calls to the zlib decompression function. And initialize
QDecompressHelper when we know the content-encoding.
Task-number: QTBUG-83269
Change-Id: I41358feaef2e7ac5f48f14e3f95ec094e0c110b7
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Also add a ; where it is missing.
Task-number: QTBUG-82978
Change-Id: Ic5d2a07363c25ab641d234baca89bc62238458cb
Reviewed-by: Friedemann Kleint <Friedemann.Kleint@qt.io>
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
The request/reply pair is created out of QNetworkRequest, we set
autoDecompress data-member on the request, but not reply. As a result,
reply in its destructor fails to release memory, allocated by z-lib
(by failing to call inflateEnd). Since with H1 requests it does not
seem to be a problem (no leaks detected), I'm limiting this change
to H2 handler only. Later it will be retired by the stream decompression
change in Qt 6, but will be picked to 5.15.
Fixes: QTBUG-84560
Pick-to: 5.15
Change-Id: I82e19d2b0a83624b730edd20d7d45721e7001731
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Conflicts:
examples/opengl/doc/src/cube.qdoc
src/corelib/global/qlibraryinfo.cpp
src/corelib/text/qbytearray_p.h
src/corelib/text/qlocale_data_p.h
src/corelib/time/qhijricalendar_data_p.h
src/corelib/time/qjalalicalendar_data_p.h
src/corelib/time/qromancalendar_data_p.h
src/network/ssl/qsslcertificate.h
src/widgets/doc/src/graphicsview.qdoc
src/widgets/widgets/qcombobox.cpp
src/widgets/widgets/qcombobox.h
tests/auto/corelib/tools/qscopeguard/tst_qscopeguard.cpp
tests/auto/widgets/widgets/qcombobox/tst_qcombobox.cpp
tests/benchmarks/corelib/io/qdiriterator/qdiriterator.pro
tests/manual/diaglib/debugproxystyle.cpp
tests/manual/diaglib/qwidgetdump.cpp
tests/manual/diaglib/qwindowdump.cpp
tests/manual/diaglib/textdump.cpp
util/locale_database/cldr2qlocalexml.py
util/locale_database/qlocalexml.py
util/locale_database/qlocalexml2cpp.py
Resolution of util/locale_database/ are based on:
https://codereview.qt-project.org/c/qt/qtbase/+/294250
and src/corelib/{text,time}/*_data_p.h were then regenerated by
running those scripts.
Updated CMakeLists.txt in each of
tests/auto/corelib/serialization/qcborstreamreader/
tests/auto/corelib/serialization/qcborvalue/
tests/auto/gui/kernel/
and generated new ones in each of
tests/auto/gui/kernel/qaddpostroutine/
tests/auto/gui/kernel/qhighdpiscaling/
tests/libfuzzer/corelib/text/qregularexpression/optimize/
tests/libfuzzer/gui/painting/qcolorspace/fromiccprofile/
tests/libfuzzer/gui/text/qtextdocument/sethtml/
tests/libfuzzer/gui/text/qtextdocument/setmarkdown/
tests/libfuzzer/gui/text/qtextlayout/beginlayout/
by running util/cmake/pro2cmake.py on their changed .pro files.
Changed target name in
tests/auto/gui/kernel/qaction/qaction.pro
tests/auto/gui/kernel/qaction/qactiongroup.pro
tests/auto/gui/kernel/qshortcut/qshortcut.pro
to ensure unique target names for CMake
Changed tst_QComboBox::currentIndex to not test the
currentIndexChanged(QString), as that one does not exist in Qt 6
anymore.
Change-Id: I9a85705484855ae1dc874a81f49d27a50b0dcff7
It's required as a response to upgraded protocol and apparently some
servers would wait for it, not sending any frames. Becomes a problem
in case only one request was sent.
Fixes: QTBUG-83312
Change-Id: I90dc5c04095f0b78baa404466625d329dc4c6e21
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
As it was superseded by HTTP/2. Bye, Speedy. Since it's Qt 6,
we also fix the attribute's enumerator to fit our coding
convention with HTTP2AllowedAttribute becoming Http2AllowedAttribute,
and the same for HTTP2WasUsedAttribute.
tst_qnetworkreply in 'benchmark' directory of qtbase/tests
was updated - we have the logic they tested in preConnectEncrypted
in tst_http2 now.
Manual qnetworkreply test was updated (instead of SPDY in NPN failure
we can use H2, the second test was deleted - again, auto-tested in
tst_http2).
Change-Id: I559c140c333ddf72664911c6e275b1d0d2b980a9
Task-number: QTBUG-78255
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
While working with HTTP/2, we are not re-sending failed requests.
In case we receive a GOAWAY frame, we properly handle it by
processing some active streams if possible, and aborting streams
that will not proceed further with ContentResendError. But it's
possible that some server failed to send us GOAWAY (for example,
it died) or closed the connection not finishing the streams that
were still active and valid (ID <= value from GOAWAY frame).
Now that we will not re-connect, there is no reason to be quiet
about us not progressing - emit RemoteHostClosedError on any
remaining active stream/request we cannot process further.
Fixes: QTBUG-77852
Change-Id: I4cd68a1c8c103b1fbe36c20a1cc406ab2e20dd12
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
And either compress or not.
Task-number: QTBUG-77412
Change-Id: I3b09385d2b3caf4f7de0455ad6e22c0f068c33a9
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
Similar to TLS configuration that we can use on QNetworkRequest,
we can configure different options in our HTTP/2 handling by
providing QNetworkAccessManager with h2 configuration. Previously,
it was only possible internally in our auto-test - a hack with
QObject's properties and a private class. Now it's time to provide
a public API for this.
[ChangeLog][QtNetwork][QNetworkRequest] Add an ability to configure HTTP/2 protocol
Change-Id: I80266a74f6dcdfabb7fc05ed1dce17897bcda886
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>