Commit message:
net/http/internal/http2: reject non-identical duplicate Content-Length headers
Per RFC 9112:
"If a message is received without Transfer-Encoding and with an invalid
Content-Length header field, then the message framing is invalid and the
recipient MUST treat it as an unrecoverable error, unless the field
value can be successfully parsed as a comma-separated list (Section
5.6.1 of [HTTP]), all values in the list are valid, and all values in
the list are the same (in which case, the message is processed with that
single value used as the Content-Length field value)."
Therefore, similar to HTTP/1 server, ensure that HTTP/2 server rejects
requests with duplicate Content-Length header fields that have different
values. Unlike HTTP/1, we do not consider something like "123", and "
123" (with whitespace) to be the same value, since HPACK in HTTP/2 is
strict about preceding and trailing whitespaces.
Also note that we still silently allow invalid Content-Length value
(defaulting to 0 if given "-3" for example). This is a pre-existing
behavior in our implementation.
Fixes #78746