Interface QpackSensitivityDetector
public interface QpackSensitivityDetector
Determines whether a header field is sensitive, in which case the QPACK encoder
- MUST NOT insert it into the dynamic table, and
- MUST encode it as a literal with the "Never Indexed" (
N=1) flag set as defined in RFC 9204 4.5.4 through 4.5.7.
This mirrors io.netty.handler.codec.http2.Http2HeadersEncoder.SensitivityDetector
from the HTTP/2 / HPACK side.
Setting N=1 prevents intermediaries from inserting the field into
their own dynamic tables, which mitigates information disclosure via
compression-based side channels (RFC 9204 7.1) for credentials such as
Authorization, Cookie, Set-Cookie and
Proxy-Authorization.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final QpackSensitivityDetectorTreats every header field as sensitive.static final QpackSensitivityDetectorTreats every header field as non-sensitive. -
Method Summary
Modifier and TypeMethodDescriptionbooleanisSensitive(CharSequence name, CharSequence value) Determine if a headername/valuepair is sensitive.
-
Field Details
-
NEVER_SENSITIVE
Treats every header field as non-sensitive. This is the historical default behaviour of the QPACK encoder and is the backward-compatible choice. -
ALWAYS_SENSITIVE
Treats every header field as sensitive.
-
-
Method Details
-
isSensitive
Determine if a headername/valuepair is sensitive.- Parameters:
name- the header field name.value- the header field value.- Returns:
trueif the field is sensitive and must be encoded withN=1and excluded from the dynamic table;falseotherwise.
-