Http2Client doesn't allow setting Host header (or others restricted by default)

[krzyk]

New Java HttpClient by default disalows setting some restricted headers - this can be disabled by using a system property jdk.httpclient.allowRestrictedHeaders with a lowercased header list.

I added such system property -Djdk.httpclient.allowRestrictedHeaders=host, but feign (logging that it sends my Host headere, still sends request with a different one (taken from the url, in my case it is localhost:1234).

When looking at the code of Http2Client I see Feign also keeps a list of disaloved headers that mimick the ones in jdk client - in that case it should also mimick the reading of jdk.httpclient.allowRestrictedHeaders and allow setting those that are on the list.

Relevant code from JDK:

   private static final Set<String> DISALLOWED_HEADERS_SET = getDisallowedHeaders();

    private static Set<String> getDisallowedHeaders() {
        Set<String> headers = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
        headers.addAll(Set.of("connection", "content-length", "expect", "host", "upgrade"));

        String v = getNetProperty("jdk.httpclient.allowRestrictedHeaders");
        if (v != null) {
            // any headers found are removed from set.
            String[] tokens = v.trim().split(",");
            for (String token : tokens) {
                headers.remove(token);
            }
            return Collections.unmodifiableSet(headers);
        } else {
            return Collections.unmodifiableSet(headers);
        }
    }

(Implemented in https://bugs.openjdk.org/browse/JDK-8213189 - it was backported to JDK 11)

[velo]

Thanks for the report. This project is community-maintained, and the maintainer will not implement fixes directly. If you want this to move forward, please open a pull request with automated tests that cover the change.

For bug reports, please also include (or confirm) a minimal reproduction, the affected version(s), and the full stack trace/logs so contributors can verify the issue.