fix(naming, docs): change http/2 config option name

aaronArinder · aaronArinder · commit d130fb3c8c6f · 2025-12-09T10:47:59.000-05:00
diff --git a/apollo-router/src/axum_factory/listeners.rs b/apollo-router/src/axum_factory/listeners.rs
@@ -317,7 +317,7 @@ pub(super) fn serve_router_on_listen_addr(
 ) -> (impl Future<Output = Listener>, oneshot::Sender<()>) {
     let opt_max_http1_headers = configuration.limits.http1_max_request_headers;
     let opt_max_http1_buf_size = configuration.limits.http1_max_request_buf_size;
-    let opt_max_http2_headers_list_bytes = configuration.limits.http2_max_headers_list_bytes;
+    let opt_max_http2_headers_list_bytes = configuration.limits.http2_max_headers_list_size;
     let connection_shutdown_timeout = configuration.supergraph.connection_shutdown_timeout;
     let header_read_timeout = configuration.server.http.header_read_timeout;
 
diff --git a/apollo-router/src/plugins/limits/mod.rs b/apollo-router/src/plugins/limits/mod.rs
@@ -120,7 +120,7 @@ pub(crate) struct Config {
     /// If router receives more headers than allowed size of the header list, it responds to the client with
     /// "431 Request Header Fields Too Large".
     #[schemars(with = "Option<String>", default)]
-    pub(crate) http2_max_headers_list_bytes: Option<ByteSize>,
+    pub(crate) http2_max_headers_list_size: Option<ByteSize>,
 
     /// Limit the depth of nested list fields in introspection queries
     /// to protect avoid generating huge responses. Returns a GraphQL
@@ -142,7 +142,7 @@ impl Default for Config {
             http_max_request_bytes: 2_000_000,
             http1_max_request_headers: None,
             http1_max_request_buf_size: None,
-            http2_max_headers_list_bytes: None,
+            http2_max_headers_list_size: None,
             parser_max_tokens: 15_000,
 
             // This is `apollo-parser`’s default, which protects against stack overflow
diff --git a/apollo-router/tests/integration/fixtures/tcp.header_limited.router.yml b/apollo-router/tests/integration/fixtures/tcp.header_limited.router.yml
@@ -4,4 +4,4 @@ supergraph:
 limits:
   http1_max_request_headers: 100
   http1_max_request_buf_size: "16000"
-  http2_max_headers_list_bytes: "20Mib"
+  http2_max_headers_list_size: "20Mib"
diff --git a/apollo-router/tests/integration/fixtures/tls.header_limited.router.yml b/apollo-router/tests/integration/fixtures/tls.header_limited.router.yml
@@ -4,7 +4,7 @@ supergraph:
 limits:
   http1_max_request_headers: 100
   http1_max_request_buf_size: "16000"
-  http2_max_headers_list_bytes: "20Mib"
+  http2_max_headers_list_size: "20Mib"
 
 tls:
   supergraph:
diff --git a/apollo-router/tests/integration/fixtures/unix.header_limited.router.yml b/apollo-router/tests/integration/fixtures/unix.header_limited.router.yml
@@ -4,4 +4,4 @@ supergraph:
 limits:
   http1_max_request_headers: 100
   http1_max_request_buf_size: "16000"
-  http2_max_headers_list_bytes: "20Mib"
+  http2_max_headers_list_size: "20Mib"
diff --git a/docs/shared/config/limits.mdx b/docs/shared/config/limits.mdx
@@ -4,6 +4,7 @@
 limits:
   http1_max_request_buf_size: null
   http1_max_request_headers: null
+  http2_max_headers_list_size: null
   http_max_request_bytes: 2000000
   introspection_max_depth: true
   max_aliases: null
diff --git a/docs/shared/router-config-properties-table.mdx b/docs/shared/router-config-properties-table.mdx
@@ -449,6 +449,7 @@ Configuration for operation limits, parser limits, HTTP limits, etc.
 limits:
   http1_max_request_buf_size: null
   http1_max_request_headers: null
+  http2_max_headers_list_size: null
   http_max_request_bytes: 2000000
   introspection_max_depth: true
   max_aliases: null
diff --git a/docs/shared/router-yaml-complete.mdx b/docs/shared/router-yaml-complete.mdx
@@ -230,6 +230,7 @@ license_enforcement: {}
 limits:
   http1_max_request_buf_size: null
   http1_max_request_headers: null
+  http2_max_headers_list_size: null
   http_max_request_bytes: 2000000
   introspection_max_depth: true
   max_aliases: null
diff --git a/docs/source/routing/security/request-limits.mdx b/docs/source/routing/security/request-limits.mdx
@@ -17,6 +17,7 @@ limits:
   http_max_request_bytes: 2000000 # Default value: 2 MB
   http1_max_request_headers: 200 # Default value: 100
   http1_max_request_buf_size: 800kb # Default value: 400kib
+  http2_max_headers_list_size: 32kb # Default value: 16kb, but is subject to change
 
   # Parser-based limits
   parser_max_tokens: 15000 # Default value
@@ -291,6 +292,12 @@ If router receives more headers than the buffer size, it responds to the client
 
 Limit the maximum buffer size for the HTTP1 connection. Default is ~400kib.
 
+### `http2_max_headers_list_size`
+
+Limit the maximum size of the HTTP/2 header list. Default is 16KiB, but is subject to change.
+
+If the router receives a request with HTTP/2 headers whose total size exceeds the configured limit, it responds to the client with `431 Request Header Fields Too Large`.
+
 ## Parser-based limits
 
 ### `parser_max_tokens`
