31Oca
CRLF in HTTP/2 header value
I am attempting to inject a carriage-return + newline in a HTTP request header value. My understanding is that this is possible with HTTP/2 and HTTP/3. However, when I send a request with Burp I get this error:
RST_STREAM received with error code: 0x1 (Protocol error detected)
Does HTTP/2 support newlines in header values? Why do I get this error? Does Apache2 or PHP validate the header contents?
