From 203d1b090d0d0349c7e373e881ac4ddba72129be Mon Sep 17 00:00:00 2001
From: Sean McArthur <sean@seanmonstar.com>
Date: Tue, 26 Mar 2024 09:12:22 -0400
Subject: [PATCH] fix(http2): `max_header_list_size(num)` defaults to 16kb

The HTTP/2 does not define a default. If not defined, hyper still set a
high limit of 16mb. However, that seems very high, and most people
likely do not think to set it the property.

Since hyper tries to protect users, it will now use a default of 16kb.

The defaults in hyper are not part of the public API stability promise.
Users are encouraged to set options themselves.
---
 src/client/conn/http2.rs | 2 +-
 src/proto/h2/client.rs   | 2 +-
 src/proto/h2/server.rs   | 3 +--
 src/server/conn/http2.rs | 2 +-
 4 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/client/conn/http2.rs b/src/client/conn/http2.rs
index 9d4f983e13..3292f5a523 100644
--- a/src/client/conn/http2.rs
+++ b/src/client/conn/http2.rs
@@ -344,7 +344,7 @@ where
 
     /// Sets the max size of received header frames.
     ///
-    /// Default is currently 16MB, but can change.
+    /// Default is currently 16KB, but can change.
     pub fn max_header_list_size(&mut self, max: u32) -> &mut Self {
         self.h2_builder.max_header_list_size = max;
         self
diff --git a/src/proto/h2/client.rs b/src/proto/h2/client.rs
index 67a24c8bf5..7cb6c6ed5b 100644
--- a/src/proto/h2/client.rs
+++ b/src/proto/h2/client.rs
@@ -51,7 +51,7 @@ const DEFAULT_CONN_WINDOW: u32 = 1024 * 1024 * 5; // 5mb
 const DEFAULT_STREAM_WINDOW: u32 = 1024 * 1024 * 2; // 2mb
 const DEFAULT_MAX_FRAME_SIZE: u32 = 1024 * 16; // 16kb
 const DEFAULT_MAX_SEND_BUF_SIZE: usize = 1024 * 1024; // 1mb
-const DEFAULT_MAX_HEADER_LIST_SIZE: u32 = 16 << 20; // 16mb
+const DEFAULT_MAX_HEADER_LIST_SIZE: u32 = 1024 * 16; // 16kb
 
 // The maximum number of concurrent streams that the client is allowed to open
 // before it receives the initial SETTINGS frame from the server.
diff --git a/src/proto/h2/server.rs b/src/proto/h2/server.rs
index b56e3cfa86..3ccb8a9c99 100644
--- a/src/proto/h2/server.rs
+++ b/src/proto/h2/server.rs
@@ -38,8 +38,7 @@ const DEFAULT_CONN_WINDOW: u32 = 1024 * 1024; // 1mb
 const DEFAULT_STREAM_WINDOW: u32 = 1024 * 1024; // 1mb
 const DEFAULT_MAX_FRAME_SIZE: u32 = 1024 * 16; // 16kb
 const DEFAULT_MAX_SEND_BUF_SIZE: usize = 1024 * 400; // 400kb
-                                                     // 16 MB "sane default" taken from golang http2
-const DEFAULT_SETTINGS_MAX_HEADER_LIST_SIZE: u32 = 16 << 20;
+const DEFAULT_SETTINGS_MAX_HEADER_LIST_SIZE: u32 = 1024 * 16; // 16kb
 const DEFAULT_MAX_LOCAL_ERROR_RESET_STREAMS: usize = 1024;
 
 #[derive(Clone, Debug)]
diff --git a/src/server/conn/http2.rs b/src/server/conn/http2.rs
index 6c8dfb5e7a..bc754f2668 100644
--- a/src/server/conn/http2.rs
+++ b/src/server/conn/http2.rs
@@ -262,7 +262,7 @@ impl<E> Builder<E> {
 
     /// Sets the max size of received header frames.
     ///
-    /// Default is currently ~16MB, but may change.
+    /// Default is currently 16KB, but can change.
     pub fn max_header_list_size(&mut self, max: u32) -> &mut Self {
         self.h2_builder.max_header_list_size = max;
         self