From 7bf63031654c1d5ef88af03b4c5f1d701fb33cb0 Mon Sep 17 00:00:00 2001
From: Finn Bear <finnbearlabs@gmail.com>
Date: Tue, 31 Dec 2024 23:51:52 -0800
Subject: [PATCH 1/4] feat(server): support `auto_date_header` and
 `max_local_error_reset_streams`.

---
 src/server/conn/auto/mod.rs | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/src/server/conn/auto/mod.rs b/src/server/conn/auto/mod.rs
index 44261cf..f278275 100644
--- a/src/server/conn/auto/mod.rs
+++ b/src/server/conn/auto/mod.rs
@@ -629,6 +629,16 @@ impl<E> Http1Builder<'_, E> {
         Http2Builder { inner: self.inner }
     }
 
+    /// Set whether the `date` header should be included in HTTP responses.
+    ///
+    /// Note that including the `date` header is recommended by RFC 7231.
+    ///
+    /// Default is true.
+    pub fn auto_date_header(&mut self, enabled: bool) -> &mut Self {
+        self.inner.http1.auto_date_header(enabled);
+        self
+    }
+
     /// Set whether HTTP/1 connections should support half-closures.
     ///
     /// Clients can chose to shutdown their write-side while waiting
@@ -837,6 +847,19 @@ impl<E> Http2Builder<'_, E> {
         self
     }
 
+    /// Configures the maximum number of local reset streams allowed before a GOAWAY will be sent.
+    ///
+    /// If not set, hyper will use a default, currently of 1024.
+    ///
+    /// If `None` is supplied, hyper will not apply any limit.
+    /// This is not advised, as it can potentially expose servers to DOS vulnerabilities.
+    ///
+    /// See <https://rustsec.org/advisories/RUSTSEC-2024-0003.html> for more information.
+    pub fn max_local_error_reset_streams(mut self, max: impl Into<Option<usize>>) -> Self {
+        self.inner.http2.max_local_error_reset_streams(max);
+        self
+    }
+
     /// Sets the [`SETTINGS_INITIAL_WINDOW_SIZE`][spec] option for HTTP2
     /// stream-level flow control.
     ///
@@ -956,6 +979,16 @@ impl<E> Http2Builder<'_, E> {
         self
     }
 
+    /// Set whether the `date` header should be included in HTTP responses.
+    ///
+    /// Note that including the `date` header is recommended by RFC 7231.
+    ///
+    /// Default is true.
+    pub fn auto_date_header(&mut self, enabled: bool) -> &mut Self {
+        self.inner.http2.auto_date_header(enabled);
+        self
+    }
+
     /// Bind a connection together with a [`Service`].
     pub async fn serve_connection<I, S, B>(&self, io: I, service: S) -> Result<()>
     where

From bf0bffc496a8482d13e0d28d07911376f98db423 Mon Sep 17 00:00:00 2001
From: Finn Bear <finnbearlabs@gmail.com>
Date: Wed, 1 Jan 2025 00:03:52 -0800
Subject: [PATCH 2/4] Prepare for https://github.com/hyperium/hyper/pull/3820

---
 src/server/conn/auto/mod.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/server/conn/auto/mod.rs b/src/server/conn/auto/mod.rs
index f278275..e1af0e3 100644
--- a/src/server/conn/auto/mod.rs
+++ b/src/server/conn/auto/mod.rs
@@ -855,7 +855,7 @@ impl<E> Http2Builder<'_, E> {
     /// This is not advised, as it can potentially expose servers to DOS vulnerabilities.
     ///
     /// See <https://rustsec.org/advisories/RUSTSEC-2024-0003.html> for more information.
-    pub fn max_local_error_reset_streams(mut self, max: impl Into<Option<usize>>) -> Self {
+    pub fn max_local_error_reset_streams(&mut self, max: impl Into<Option<usize>>) -> &mut Self {
         self.inner.http2.max_local_error_reset_streams(max);
         self
     }

From 530e159725ae4471cb9855a1466c505186981a0b Mon Sep 17 00:00:00 2001
From: Finn Bear <finnbearlabs@gmail.com>
Date: Wed, 29 Jan 2025 08:15:32 -0800
Subject: [PATCH 3/4] Increase hyper version.

---
 Cargo.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Cargo.toml b/Cargo.toml
index 9088a46..e4883e6 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -18,7 +18,7 @@ features = ["full"]
 rustdoc-args = ["--cfg", "docsrs"]
 
 [dependencies]
-hyper = "1.4.0"
+hyper = "1.6.0"
 futures-util = { version = "0.3.16", default-features = false }
 http = "1.0"
 http-body = "1.0.0"

From 4a6f4f35d7d636e274b173d11aa10eaa9c0e1d8c Mon Sep 17 00:00:00 2001
From: Finn Bear <finnbearlabs@gmail.com>
Date: Wed, 29 Jan 2025 08:19:28 -0800
Subject: [PATCH 4/4] Add `ignore_invalid_headers`.

---
 src/server/conn/auto/mod.rs | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/server/conn/auto/mod.rs b/src/server/conn/auto/mod.rs
index e1af0e3..bbc310d 100644
--- a/src/server/conn/auto/mod.rs
+++ b/src/server/conn/auto/mod.rs
@@ -671,6 +671,18 @@ impl<E> Http1Builder<'_, E> {
         self
     }
 
+    /// Set whether HTTP/1 connections will silently ignored malformed header lines.
+    ///
+    /// If this is enabled and a header line does not start with a valid header
+    /// name, or does not include a colon at all, the line will be silently ignored
+    /// and no error will be reported.
+    ///
+    /// Default is false.
+    pub fn ignore_invalid_headers(&mut self, enabled: bool) -> &mut Self {
+        self.inner.http1.ignore_invalid_headers(enabled);
+        self
+    }
+
     /// Set whether to support preserving original header cases.
     ///
     /// Currently, this will record the original cases received, and store them