Interface QpackSensitivityDetector


public interface QpackSensitivityDetector
Determines whether a header field is sensitive, in which case the QPACK encoder
  • MUST NOT insert it into the dynamic table, and
  • MUST encode it as a literal with the "Never Indexed" (N=1) flag set as defined in RFC 9204 4.5.4 through 4.5.7.

This mirrors io.netty.handler.codec.http2.Http2HeadersEncoder.SensitivityDetector from the HTTP/2 / HPACK side.

Setting N=1 prevents intermediaries from inserting the field into their own dynamic tables, which mitigates information disclosure via compression-based side channels (RFC 9204 7.1) for credentials such as Authorization, Cookie, Set-Cookie and Proxy-Authorization.

If the object can be dynamically modified and shared across multiple connections it may need to be thread safe.
  • Field Details

    • NEVER_SENSITIVE

      static final QpackSensitivityDetector NEVER_SENSITIVE
      Treats every header field as non-sensitive. This is the historical default behaviour of the QPACK encoder and is the backward-compatible choice.
    • ALWAYS_SENSITIVE

      static final QpackSensitivityDetector ALWAYS_SENSITIVE
      Treats every header field as sensitive.
  • Method Details

    • isSensitive

      boolean isSensitive(CharSequence name, CharSequence value)
      Determine if a header name/value pair is sensitive.
      Parameters:
      name - the header field name.
      value - the header field value.
      Returns:
      true if the field is sensitive and must be encoded with N=1 and excluded from the dynamic table; false otherwise.