tigrcorn-protocols 0.3.16.dev5__tar.gz → 0.3.16.dev11__tar.gz

{tigrcorn_protocols-0.3.16.dev5 → tigrcorn_protocols-0.3.16.dev11}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: tigrcorn-protocols
-Version: 0.3.16.dev5
+Version: 0.3.16.dev11
 Summary: Protocol handlers for Tigrcorn HTTP/1.1, HTTP/2, HTTP/3, QUIC, WebSocket, WebTransport, lifespan, and ASGI3 traffic.
 Author-email: Jacob Stewart <jacob@swarmauri.com>
 License: Apache License
@@ -175,66 +175,123 @@ Classifier: License :: OSI Approved :: Apache Software License
 Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
 Classifier: Topic :: Internet :: WWW/HTTP
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
 Classifier: Topic :: System :: Networking
 Classifier: Typing :: Typed
-Requires-Python: >=3.11
+Requires-Python: <3.15,>=3.10
 Description-Content-Type: text/markdown
 License-File: LICENSE
-Requires-Dist: tigrcorn-core==0.3.16.dev5
-Requires-Dist: tigrcorn-config==0.3.16.dev5
-Requires-Dist: tigrcorn-asgi==0.3.16.dev5
-Requires-Dist: tigrcorn-http==0.3.16.dev5
-Requires-Dist: tigrcorn-transports==0.3.16.dev5
+Requires-Dist: tigrcorn-core==0.3.16.dev11
+Requires-Dist: tigrcorn-config==0.3.16.dev11
+Requires-Dist: tigrcorn-asgi==0.3.16.dev11
+Requires-Dist: tigrcorn-http==0.3.16.dev11
+Requires-Dist: tigrcorn-transports==0.3.16.dev11
 Dynamic: license-file
 
 <div align="center">
 <h1>tigrcorn-protocols</h1>
+<img
+  src="https://raw.githubusercontent.com/Tigrbl/tigrcorn/master/assets/tigrcorn_logo.png"
+  alt="Tigrcorn tiger-unicorn logo"
+  width="140"
+/>
 
 <p><strong>Protocol handlers for Tigrcorn HTTP/1.1, HTTP/2, HTTP/3, QUIC, WebSocket, WebTransport, lifespan, and ASGI3 traffic.</strong></p>
 
 <a href="https://pypi.org/project/tigrcorn-protocols/"><img alt="PyPI version for tigrcorn-protocols" src="https://img.shields.io/pypi/v/tigrcorn-protocols?label=PyPI"></a>
 <a href="https://pypi.org/project/tigrcorn-protocols/"><img alt="tigrcorn-protocols package on PyPI" src="https://img.shields.io/badge/package-PyPI-blue"></a>
+<a href="https://pepy.tech/project/tigrcorn-protocols"><img alt="Downloads for tigrcorn-protocols" src="https://static.pepy.tech/badge/tigrcorn-protocols"></a>
+<a href="https://github.com/tigrbl/tigrcorn/blob/master/pkgs/tigrcorn-protocols/README.md"><img alt="Hits for tigrcorn-protocols README" src="https://hits.sh/github.com/tigrbl/tigrcorn/blob/master/pkgs/tigrcorn-protocols/README.md.svg?label=hits"></a>
 <a href="LICENSE"><img alt="Apache 2.0 license" src="https://img.shields.io/badge/license-Apache%202.0-525252"></a>
-<a href="pyproject.toml"><img alt="Python 3.11 supported" src="https://img.shields.io/badge/python-3.11-3776ab"></a>
-<a href="pyproject.toml"><img alt="Python 3.12 supported" src="https://img.shields.io/badge/python-3.12-3776ab"></a>
-<a href="pyproject.toml"><img alt="Python 3.13 supported" src="https://img.shields.io/badge/python-3.13-3776ab"></a>
-<a href="src/tigrcorn_protocols/py.typed"><img alt="typed package" src="https://img.shields.io/badge/typed-py.typed-2f7ed8"></a>
+<a href="pyproject.toml"><img alt="Python 3.10 | 3.11 | 3.12 | 3.13 | 3.14 supported" src="https://img.shields.io/badge/python-3.10%20%7C%203.11%20%7C%203.12%20%7C%203.13%20%7C%203.14-3776ab"></a>
 <a href="https://pypi.org/project/tigrcorn-protocols/"><img alt="protocols role package" src="https://img.shields.io/badge/role-protocols-0a7f5a"></a>
 </div>
 
+<p align="center"><a href="https://github.com/Tigrbl/tigrcorn/blob/master/.ssot/registry.json"><img alt="SSOT governed" src="https://img.shields.io/badge/SSOT-governed-2f6f4e.svg"></a> <a href="https://discord.gg/jzvrbEtTtt"><img alt="Discord" src="https://img.shields.io/badge/Discord-Join%20chat-5865F2?logo=discord&amp;logoColor=white"></a></p>
+
 ## Install
 
-~~~bash
+```bash
+uv add tigrcorn-protocols
+```
+
+```bash
 pip install tigrcorn-protocols
-~~~
+```
 
 Use the aggregate [tigrcorn](https://pypi.org/project/tigrcorn/) distribution when you want the full ASGI3 Python web server stack. Install <code>tigrcorn-protocols</code> directly when you want only this package boundary and its declared dependencies.
 
 ## What It Owns
 
-<code>tigrcorn-protocols</code> owns HTTP/1.1, HTTP/2, HTTP/3, WebSocket, lifespan, rawframed, custom protocols, flow control, scheduler primitives, sessions, and streams. Its import package is <code>tigrcorn_protocols</code>, and its declared package dependencies are: tigrcorn-core, tigrcorn-config, tigrcorn-asgi, tigrcorn-http, tigrcorn-transports.
+<code>tigrcorn-protocols</code> owns http1, http2, http3, websocket, lifespan, rawframed, custom protocols, flow control, scheduler primitives, sessions, and streams. Its import package is <code>tigrcorn_protocols</code>, and its declared package dependencies are: tigrcorn-core, tigrcorn-config, tigrcorn-asgi, tigrcorn-http, tigrcorn-transports.
+
+This package page is written for developers searching for Tigrcorn ASGI3 server components, Python web server packages, HTTP/3 and QUIC support, WebSocket and WebTransport-adjacent surfaces, and Apache 2.0 licensed infrastructure.
+
+## Why Use This?
+
+Use <code>tigrcorn-protocols</code> when you want the protocols layer as a direct install target instead of the full server bundle. It lets application, operator, or certification workflows depend on this boundary explicitly while keeping the broader Tigrcorn runtime assembled from smaller repo-owned package surfaces.
+
+## FAQ
+
+### What does this package export?
+
+The package exports through the <code>tigrcorn_protocols</code> namespace and keeps the root <code>tigrcorn</code> package as the compatibility umbrella.
+
+### Which boundary does this package own?
+
+It is the package boundary for http1, http2, http3, websocket, lifespan, rawframed, custom protocols, flow control, scheduler primitives, sessions, and streams in the Tigrcorn package graph.
 
-This package page is written for developers searching for Tigrcorn ASGI3 server components, Python web server packages, HTTP/3 and QUIC support, WebSocket and WebTransport runtime surfaces, typed package boundaries, and Apache 2.0 licensed infrastructure.
+### What protocol families are implemented here?
+
+This package is the main protocol plane for HTTP/1.1, HTTP/2, HTTP/3, WebSocket, WebTransport-adjacent protocol logic, lifespan, rawframed, scheduler primitives, sessions, and streams.
+
+## Features
+
+- Owns http1, http2, http3, websocket, lifespan, rawframed, custom protocols, flow control, scheduler primitives, sessions, and streams inside the Tigrcorn split-package architecture.
+- Publishes the <code>tigrcorn_protocols</code> import surface for module-oriented public surfaces.
+- Declared runtime dependencies: tigrcorn-core, tigrcorn-config, tigrcorn-asgi, tigrcorn-http, tigrcorn-transports.
+- Optional dependency surface: none.
+- Supports Python 3.10, 3.11, 3.12, 3.13, and 3.14.
 
 ## Use It When
 
-Use <code>tigrcorn-protocols</code> when you need protocol-level Tigrcorn handling for ASGI3 traffic, backpressure, flow control, HTTP/3, QUIC, WebSocket, or WebTransport behavior. It is part of Tigrcorn's split-package architecture, so it can be installed independently while remaining linked to the rest of the Tigrcorn package family on PyPI.
+Use <code>tigrcorn-protocols</code> when you need protocols-level behavior without pulling the entire server stack into the import surface. It is part of Tigrcorn's split-package architecture, so it can be installed independently while remaining linked to the rest of the Tigrcorn package family on PyPI.
 
 ## Import Surface
 
-~~~python
+```python
 import tigrcorn_protocols
 
 print(tigrcorn_protocols.__name__)
-~~~
+```
 
 The package exposes its supported public surface through the <code>tigrcorn_protocols</code> namespace. The root [tigrcorn](https://pypi.org/project/tigrcorn/) package keeps compatibility shims for users who install the full server distribution.
 
+## Related Packages
+
+- [tigrcorn-core](https://pypi.org/project/tigrcorn-core/)
+- [tigrcorn-config](https://pypi.org/project/tigrcorn-config/)
+- [tigrcorn-asgi](https://pypi.org/project/tigrcorn-asgi/)
+- [tigrcorn-http](https://pypi.org/project/tigrcorn-http/)
+- [tigrcorn-transports](https://pypi.org/project/tigrcorn-transports/)
+- [tigrcorn](https://pypi.org/project/tigrcorn/)
+
 ## Package Graph
 
-[tigrcorn](https://pypi.org/project/tigrcorn/) | [tigrcorn-core](https://pypi.org/project/tigrcorn-core/) | [tigrcorn-config](https://pypi.org/project/tigrcorn-config/) | [tigrcorn-asgi](https://pypi.org/project/tigrcorn-asgi/) | [tigrcorn-contract](https://pypi.org/project/tigrcorn-contract/) | [tigrcorn-transports](https://pypi.org/project/tigrcorn-transports/) | [tigrcorn-protocols](https://pypi.org/project/tigrcorn-protocols/) | [tigrcorn-http](https://pypi.org/project/tigrcorn-http/) | [tigrcorn-security](https://pypi.org/project/tigrcorn-security/) | [tigrcorn-runtime](https://pypi.org/project/tigrcorn-runtime/) | [tigrcorn-static](https://pypi.org/project/tigrcorn-static/) | [tigrcorn-observability](https://pypi.org/project/tigrcorn-observability/) | [tigrcorn-compat](https://pypi.org/project/tigrcorn-compat/) | [tigrcorn-certification](https://pypi.org/project/tigrcorn-certification/)
+[tigrcorn-core](https://pypi.org/project/tigrcorn-core/) | [tigrcorn-config](https://pypi.org/project/tigrcorn-config/) | [tigrcorn-http](https://pypi.org/project/tigrcorn-http/) | [tigrcorn-asgi](https://pypi.org/project/tigrcorn-asgi/) | [tigrcorn-contract](https://pypi.org/project/tigrcorn-contract/) | [tigrcorn-transports](https://pypi.org/project/tigrcorn-transports/) | [tigrcorn-security](https://pypi.org/project/tigrcorn-security/) | [tigrcorn-protocols](https://pypi.org/project/tigrcorn-protocols/) | [tigrcorn-static](https://pypi.org/project/tigrcorn-static/) | [tigrcorn-observability](https://pypi.org/project/tigrcorn-observability/) | [tigrcorn-runtime](https://pypi.org/project/tigrcorn-runtime/) | [tigrcorn-compat](https://pypi.org/project/tigrcorn-compat/) | [tigrcorn-certification](https://pypi.org/project/tigrcorn-certification/)
+
+## Best Practices
+
+- Use this package for protocol-state machines and stream/session behavior, not for transport bootstrapping.
+- Keep HTTP, WebSocket, and HTTP/3 behavior aligned with the certified protocol surface.
+- Validate new protocol work against shared ASGI and HTTP helper layers before widening runtime claims.
+
+## License
+
+Apache-2.0

tigrcorn_protocols-0.3.16.dev11/README.md

@@ -0,0 +1,101 @@
+<div align="center">
+<h1>tigrcorn-protocols</h1>
+<img
+  src="https://raw.githubusercontent.com/Tigrbl/tigrcorn/master/assets/tigrcorn_logo.png"
+  alt="Tigrcorn tiger-unicorn logo"
+  width="140"
+/>
+
+<p><strong>Protocol handlers for Tigrcorn HTTP/1.1, HTTP/2, HTTP/3, QUIC, WebSocket, WebTransport, lifespan, and ASGI3 traffic.</strong></p>
+
+<a href="https://pypi.org/project/tigrcorn-protocols/"><img alt="PyPI version for tigrcorn-protocols" src="https://img.shields.io/pypi/v/tigrcorn-protocols?label=PyPI"></a>
+<a href="https://pypi.org/project/tigrcorn-protocols/"><img alt="tigrcorn-protocols package on PyPI" src="https://img.shields.io/badge/package-PyPI-blue"></a>
+<a href="https://pepy.tech/project/tigrcorn-protocols"><img alt="Downloads for tigrcorn-protocols" src="https://static.pepy.tech/badge/tigrcorn-protocols"></a>
+<a href="https://github.com/tigrbl/tigrcorn/blob/master/pkgs/tigrcorn-protocols/README.md"><img alt="Hits for tigrcorn-protocols README" src="https://hits.sh/github.com/tigrbl/tigrcorn/blob/master/pkgs/tigrcorn-protocols/README.md.svg?label=hits"></a>
+<a href="LICENSE"><img alt="Apache 2.0 license" src="https://img.shields.io/badge/license-Apache%202.0-525252"></a>
+<a href="pyproject.toml"><img alt="Python 3.10 | 3.11 | 3.12 | 3.13 | 3.14 supported" src="https://img.shields.io/badge/python-3.10%20%7C%203.11%20%7C%203.12%20%7C%203.13%20%7C%203.14-3776ab"></a>
+<a href="https://pypi.org/project/tigrcorn-protocols/"><img alt="protocols role package" src="https://img.shields.io/badge/role-protocols-0a7f5a"></a>
+</div>
+
+<p align="center"><a href="https://github.com/Tigrbl/tigrcorn/blob/master/.ssot/registry.json"><img alt="SSOT governed" src="https://img.shields.io/badge/SSOT-governed-2f6f4e.svg"></a> <a href="https://discord.gg/jzvrbEtTtt"><img alt="Discord" src="https://img.shields.io/badge/Discord-Join%20chat-5865F2?logo=discord&amp;logoColor=white"></a></p>
+
+## Install
+
+```bash
+uv add tigrcorn-protocols
+```
+
+```bash
+pip install tigrcorn-protocols
+```
+
+Use the aggregate [tigrcorn](https://pypi.org/project/tigrcorn/) distribution when you want the full ASGI3 Python web server stack. Install <code>tigrcorn-protocols</code> directly when you want only this package boundary and its declared dependencies.
+
+## What It Owns
+
+<code>tigrcorn-protocols</code> owns http1, http2, http3, websocket, lifespan, rawframed, custom protocols, flow control, scheduler primitives, sessions, and streams. Its import package is <code>tigrcorn_protocols</code>, and its declared package dependencies are: tigrcorn-core, tigrcorn-config, tigrcorn-asgi, tigrcorn-http, tigrcorn-transports.
+
+This package page is written for developers searching for Tigrcorn ASGI3 server components, Python web server packages, HTTP/3 and QUIC support, WebSocket and WebTransport-adjacent surfaces, and Apache 2.0 licensed infrastructure.
+
+## Why Use This?
+
+Use <code>tigrcorn-protocols</code> when you want the protocols layer as a direct install target instead of the full server bundle. It lets application, operator, or certification workflows depend on this boundary explicitly while keeping the broader Tigrcorn runtime assembled from smaller repo-owned package surfaces.
+
+## FAQ
+
+### What does this package export?
+
+The package exports through the <code>tigrcorn_protocols</code> namespace and keeps the root <code>tigrcorn</code> package as the compatibility umbrella.
+
+### Which boundary does this package own?
+
+It is the package boundary for http1, http2, http3, websocket, lifespan, rawframed, custom protocols, flow control, scheduler primitives, sessions, and streams in the Tigrcorn package graph.
+
+### What protocol families are implemented here?
+
+This package is the main protocol plane for HTTP/1.1, HTTP/2, HTTP/3, WebSocket, WebTransport-adjacent protocol logic, lifespan, rawframed, scheduler primitives, sessions, and streams.
+
+## Features
+
+- Owns http1, http2, http3, websocket, lifespan, rawframed, custom protocols, flow control, scheduler primitives, sessions, and streams inside the Tigrcorn split-package architecture.
+- Publishes the <code>tigrcorn_protocols</code> import surface for module-oriented public surfaces.
+- Declared runtime dependencies: tigrcorn-core, tigrcorn-config, tigrcorn-asgi, tigrcorn-http, tigrcorn-transports.
+- Optional dependency surface: none.
+- Supports Python 3.10, 3.11, 3.12, 3.13, and 3.14.
+
+## Use It When
+
+Use <code>tigrcorn-protocols</code> when you need protocols-level behavior without pulling the entire server stack into the import surface. It is part of Tigrcorn's split-package architecture, so it can be installed independently while remaining linked to the rest of the Tigrcorn package family on PyPI.
+
+## Import Surface
+
+```python
+import tigrcorn_protocols
+
+print(tigrcorn_protocols.__name__)
+```
+
+The package exposes its supported public surface through the <code>tigrcorn_protocols</code> namespace. The root [tigrcorn](https://pypi.org/project/tigrcorn/) package keeps compatibility shims for users who install the full server distribution.
+
+## Related Packages
+
+- [tigrcorn-core](https://pypi.org/project/tigrcorn-core/)
+- [tigrcorn-config](https://pypi.org/project/tigrcorn-config/)
+- [tigrcorn-asgi](https://pypi.org/project/tigrcorn-asgi/)
+- [tigrcorn-http](https://pypi.org/project/tigrcorn-http/)
+- [tigrcorn-transports](https://pypi.org/project/tigrcorn-transports/)
+- [tigrcorn](https://pypi.org/project/tigrcorn/)
+
+## Package Graph
+
+[tigrcorn-core](https://pypi.org/project/tigrcorn-core/) | [tigrcorn-config](https://pypi.org/project/tigrcorn-config/) | [tigrcorn-http](https://pypi.org/project/tigrcorn-http/) | [tigrcorn-asgi](https://pypi.org/project/tigrcorn-asgi/) | [tigrcorn-contract](https://pypi.org/project/tigrcorn-contract/) | [tigrcorn-transports](https://pypi.org/project/tigrcorn-transports/) | [tigrcorn-security](https://pypi.org/project/tigrcorn-security/) | [tigrcorn-protocols](https://pypi.org/project/tigrcorn-protocols/) | [tigrcorn-static](https://pypi.org/project/tigrcorn-static/) | [tigrcorn-observability](https://pypi.org/project/tigrcorn-observability/) | [tigrcorn-runtime](https://pypi.org/project/tigrcorn-runtime/) | [tigrcorn-compat](https://pypi.org/project/tigrcorn-compat/) | [tigrcorn-certification](https://pypi.org/project/tigrcorn-certification/)
+
+## Best Practices
+
+- Use this package for protocol-state machines and stream/session behavior, not for transport bootstrapping.
+- Keep HTTP, WebSocket, and HTTP/3 behavior aligned with the certified protocol surface.
+- Validate new protocol work against shared ASGI and HTTP helper layers before widening runtime claims.
+
+## License
+
+Apache-2.0

{tigrcorn_protocols-0.3.16.dev5 → tigrcorn_protocols-0.3.16.dev11}/pyproject.toml

@@ -4,10 +4,10 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "tigrcorn-protocols"
-version = "0.3.16.dev5"
+version = "0.3.16.dev11"
 description = "Protocol handlers for Tigrcorn HTTP/1.1, HTTP/2, HTTP/3, QUIC, WebSocket, WebTransport, lifespan, and ASGI3 traffic."
 readme = "README.md"
-requires-python = ">=3.11"
+requires-python = ">=3.10,<3.15"
 license = {file = "LICENSE"}
 authors = [{name = "Jacob Stewart", email = "jacob@swarmauri.com"}]
 keywords = ["tigrcorn", "http1", "http2", "http3", "websocket", "webtransport", "quic", "asgi3", "protocol-handlers"]
@@ -19,20 +19,22 @@ classifiers = [
   "Operating System :: OS Independent",
   "Programming Language :: Python :: 3",
   "Programming Language :: Python :: 3 :: Only",
+  "Programming Language :: Python :: 3.10",
   "Programming Language :: Python :: 3.11",
   "Programming Language :: Python :: 3.12",
   "Programming Language :: Python :: 3.13",
+  "Programming Language :: Python :: 3.14",
   "Topic :: Internet :: WWW/HTTP",
   "Topic :: Software Development :: Libraries :: Python Modules",
   "Topic :: System :: Networking",
   "Typing :: Typed",
 ]
 dependencies = [
-  "tigrcorn-core==0.3.16.dev5",
-  "tigrcorn-config==0.3.16.dev5",
-  "tigrcorn-asgi==0.3.16.dev5",
-  "tigrcorn-http==0.3.16.dev5",
-  "tigrcorn-transports==0.3.16.dev5",
+  "tigrcorn-core==0.3.16.dev11",
+  "tigrcorn-config==0.3.16.dev11",
+  "tigrcorn-asgi==0.3.16.dev11",
+  "tigrcorn-http==0.3.16.dev11",
+  "tigrcorn-transports==0.3.16.dev11",
 ]
 
 [tool.setuptools]

{tigrcorn_protocols-0.3.16.dev5 → tigrcorn_protocols-0.3.16.dev11}/src/tigrcorn_protocols/http2/handler.py

@@ -4,7 +4,7 @@ import asyncio
 from contextlib import suppress
 from urllib.parse import urlsplit
 
-from tigrcorn_asgi.receive import HTTPRequestReceive, apply_request_trailer_policy
+from tigrcorn_asgi.receive import HTTP2QueuedRequestReceive, HTTPRequestReceive, apply_request_trailer_policy
 from tigrcorn_asgi.scopes.http import build_http_scope
 from tigrcorn_asgi.send import HTTPResponseCollector, iter_response_body_segments, response_body_segments_have_bytes
 from tigrcorn_config.model import ServerConfig
@@ -384,6 +384,7 @@ class HTTP2ConnectionHandler:
         for name, value in headers:
             if any(65 <= byte <= 90 for byte in name):
                 raise ProtocolError("uppercase header field name forbidden in HTTP/2")
+            self._validate_field_value(value)
             if name.startswith(b":"):
                 raise ProtocolError("trailer pseudo-header forbidden in HTTP/2")
             if name in {b"connection", b"upgrade", b"proxy-connection", b"transfer-encoding"}:
@@ -391,6 +392,36 @@ class HTTP2ConnectionHandler:
             if name == b"te" and value.lower() != b"trailers":
                 raise ProtocolError("invalid TE header for HTTP/2")
 
+    def _validate_field_value(self, value: bytes) -> None:
+        if any(byte in {0x00, 0x0A, 0x0D} for byte in value):
+            raise ProtocolError("invalid HTTP/2 header field value")
+        if value[:1] in {b" ", b"\t"} or value[-1:] in {b" ", b"\t"}:
+            raise ProtocolError("invalid HTTP/2 header field value")
+
+    def _parse_content_length(self, headers: list[tuple[bytes, bytes]]) -> int | None:
+        values: list[bytes] = []
+        for name, value in headers:
+            if name.lower() != b"content-length":
+                continue
+            for part in value.split(b","):
+                parsed = part.strip()
+                if not parsed:
+                    raise ProtocolError("invalid content-length header")
+                values.append(parsed)
+        if not values:
+            return None
+        parsed_value: int | None = None
+        for value in values:
+            if not value.isdigit():
+                raise ProtocolError("invalid content-length header")
+            current = int(value)
+            if parsed_value is None:
+                parsed_value = current
+                continue
+            if parsed_value != current:
+                raise ProtocolError("conflicting content-length values")
+        return parsed_value
+
     async def _handle_headers(self, frame: HTTP2Frame) -> None:
         if frame.stream_id == 0:
             raise ProtocolError("HEADERS must use a stream id")
@@ -540,10 +571,19 @@ class HTTP2ConnectionHandler:
         elif payload:
             if state.buffered_body_size + len(payload) > self.config.max_body_size:
                 raise ProtocolError("request body exceeds configured max_body_size")
-            state.append_body(payload)
-        await self._maybe_replenish_receive_credit(frame.stream_id, len(payload))
+            if state.request_receive is not None:
+                await state.request_receive.put_body(payload, more_body=not bool(frame.flags & FLAG_END_STREAM))
+            else:
+                state.append_body(payload)
+            if (
+                state.expected_content_length is not None
+                and state.buffered_body_size > state.expected_content_length
+            ):
+                raise ProtocolError("request body exceeds content-length")
         if frame.flags & FLAG_END_STREAM:
             state.receive_end_stream()
+            if state.request_receive is not None and not payload:
+                await state.request_receive.finish_body()
             await self._maybe_dispatch(frame.stream_id)
             self._finalize_stream_if_complete(frame.stream_id)
 
@@ -558,6 +598,7 @@ class HTTP2ConnectionHandler:
         else:
             state.headers = headers
             state.headers_complete = True
+            state.expected_content_length = self._parse_content_length(headers)
         state.header_fragments.clear()
         state.header_block_bytes = 0
         state.awaiting_continuation = False
@@ -567,9 +608,31 @@ class HTTP2ConnectionHandler:
         state = self.streams.find(stream_id)
         if state is None or state.dispatched or not state.headers_complete:
             return
+        protocol = self._extended_connect_protocol(state.headers)
         is_ws = self._is_extended_connect_websocket(state.headers)
         is_connect = self._is_generic_connect_tunnel(state.headers)
-        if not is_ws and not is_connect and not state.end_stream_received:
+        if protocol is not None and (protocol != b"websocket" or not self.config.websocket.enabled):
+            request = self._build_request(state)
+            if not self._admit_stream_work(stream_id):
+                await self._send_response(stream_id, 503, [(b"content-type", b"text/plain")], b"scheduler overloaded")
+                self.access_logger.log_http(self.client, request.method, request.path, 503, "HTTP/2")
+                self._release_stream_work_lease(stream_id)
+                self._cancel_stream(stream_id)
+                self.streams.close(stream_id)
+                self._maybe_finish_after_goaway()
+                return
+            state.dispatched = True
+            await self._send_response(
+                stream_id,
+                501,
+                [(b"content-type", b"text/plain")],
+                b"unsupported extended connect protocol",
+            )
+            self.access_logger.log_http(self.client, request.method, request.path, 501, "HTTP/2")
+            self._release_stream_work_lease(stream_id)
+            self._cancel_stream(stream_id)
+            self.streams.close(stream_id)
+            self._maybe_finish_after_goaway()
             return
         if not self._admit_stream_work(stream_id):
             request = self._build_request(state)
@@ -673,13 +736,18 @@ class HTTP2ConnectionHandler:
     def _pseudo_headers(self, headers: list[tuple[bytes, bytes]]) -> dict[bytes, bytes]:
         return {k: v for k, v in headers if k.startswith(b":")}
 
-    def _is_extended_connect_websocket(self, headers: list[tuple[bytes, bytes]]) -> bool:
+    def _extended_connect_protocol(self, headers: list[tuple[bytes, bytes]]) -> bytes | None:
         pseudo = self._pseudo_headers(headers)
-        return pseudo.get(b":method") == b"CONNECT" and pseudo.get(b":protocol") == b"websocket"
+        if pseudo.get(b":method") != b"CONNECT":
+            return None
+        return pseudo.get(b":protocol")
+
+    def _is_extended_connect_websocket(self, headers: list[tuple[bytes, bytes]]) -> bool:
+        return self._extended_connect_protocol(headers) == b"websocket"
 
     def _is_generic_connect_tunnel(self, headers: list[tuple[bytes, bytes]]) -> bool:
         pseudo = self._pseudo_headers(headers)
-        return pseudo.get(b":method") == b"CONNECT" and pseudo.get(b":protocol") is None
+        return pseudo.get(b":method") == b"CONNECT" and self._extended_connect_protocol(headers) is None
     def _release_stream_work_lease(self, stream_id: int) -> None:
         lease = self.stream_work_leases.pop(stream_id, None)
         if lease is not None:
@@ -735,6 +803,8 @@ class HTTP2ConnectionHandler:
             method_text = method.decode("ascii", "strict").upper()
         else:
             method_text = str(method).upper()
+        if method_text not in {"GET", "HEAD"}:
+            raise ProtocolError("HTTP/2 server push requires a safe cacheable method")
         authority = message.get("authority")
         if authority is None:
             authority_bytes = pseudo.get(b":authority", b"")
@@ -875,6 +945,105 @@ class HTTP2ConnectionHandler:
         )
         return processed.status, processed.headers, processed.body, ([] if processed.head_response else trailers), informational, None, cleanup
 
+    async def _run_http_app_live(self, stream_id: int, request: ParsedRequest, *, allow_push: bool) -> int:
+        extensions = dict(self.scope_extensions)
+        state = self.streams.find(stream_id)
+        if state is None:
+            return 500
+        raw_request_trailers = list(state.trailers)
+        try:
+            request_trailers = apply_request_trailer_policy(raw_request_trailers, self.config.http.trailer_policy)
+        except ProtocolError:
+            await self._send_response(stream_id, 400, [(b"content-type", b"text/plain")], b"bad request trailers", [], body_segments=None)
+            return 400
+        if request.method.upper() == "CONNECT":
+            extensions["tigrcorn.http.connect"] = {"authority": request.target}
+        if request_trailers and self.config.http.trailer_policy != 'drop':
+            extensions["tigrcorn.http.request_trailers"] = {}
+        if allow_push and self.state.client_allows_push:
+            extensions["http.response.push"] = {}
+        extensions['tigrcorn.http.response.file'] = {'protocol': 'http/2', 'streaming': True, 'sendfile': False}
+        extensions['http.response.pathsend'] = {}
+        scope = build_http_scope(
+            request,
+            client=self.client,
+            server=self.server,
+            scheme=self.scheme,
+            extensions=extensions,
+            root_path=self.config.proxy.root_path,
+            proxy=self.config.proxy,
+        )
+        receive = HTTP2QueuedRequestReceive(
+            trailers=request_trailers,
+            trailer_policy=self.config.http.trailer_policy,
+            on_body_consumed=lambda amount: self._maybe_replenish_receive_credit(stream_id, amount),
+        )
+        state.request_receive = receive
+        for part in state.body_parts:
+            await receive.put_body(part, more_body=True)
+        state.body_parts.clear()
+        if state.end_stream_received:
+            await receive.finish_body()
+
+        response_started = False
+        response_complete = False
+        final_status = 500
+
+        async def send(message: dict) -> None:
+            nonlocal response_started, response_complete, final_status
+            message_type = message.get("type")
+            if message_type == "http.response.push":
+                if not allow_push or not self.state.client_allows_push:
+                    raise ProtocolError("HTTP/2 server push is not available on this stream")
+                await self._send_push_promise(stream_id, message)
+                return
+            if message_type == "http.response.start":
+                status = int(message["status"])
+                headers = list(message.get("headers", []))
+                if status < 200:
+                    await self._send_stream_headers(stream_id, status, sanitize_early_hints_headers(headers), end_stream=False)
+                    return
+                if response_started:
+                    raise ProtocolError("http.response.start sent more than once")
+                response_started = True
+                final_status = status
+                await self._send_stream_headers(stream_id, status, headers, end_stream=False)
+                return
+            if message_type == "http.response.body":
+                if response_complete:
+                    raise ProtocolError("http.response.body sent after response completion")
+                if not response_started:
+                    response_started = True
+                    final_status = 200
+                    await self._send_stream_headers(stream_id, 200, [], end_stream=False)
+                body = bytes(message.get("body", b""))
+                more_body = bool(message.get("more_body", False))
+                await self._send_stream_data(stream_id, body, end_stream=not more_body)
+                if not more_body:
+                    response_complete = True
+                return
+            raise ProtocolError(f"unsupported HTTP/2 ASGI send message: {message_type!r}")
+
+        try:
+            await self.app(scope, receive, send)
+            if not response_complete:
+                if not response_started:
+                    response_started = True
+                    final_status = 200
+                    await self._send_stream_headers(stream_id, 200, [], end_stream=False)
+                await self._send_stream_data(stream_id, b"", end_stream=True)
+                response_complete = True
+            return final_status
+        except Exception:
+            if not response_started and self.streams.find(stream_id) is not None:
+                await self._send_response(stream_id, 500, [(b"content-type", b"text/plain")], b"internal server error")
+            elif response_started and not response_complete and self.streams.find(stream_id) is not None:
+                await self._send_stream_data(stream_id, b"", end_stream=True)
+            return 500
+        finally:
+            if state.request_receive is receive:
+                state.request_receive = None
+
     async def _send_push_promise(self, parent_stream_id: int, message: dict) -> None:
         if not self.state.client_allows_push:
             return
@@ -1078,9 +1247,11 @@ class HTTP2ConnectionHandler:
         pseudo_seen: set[bytes] = set()
         regular_seen = False
         allowed_pseudo = {b":method", b":scheme", b":authority", b":path", b":protocol"}
+        host_values: list[bytes] = []
         for name, value in headers:
             if any(65 <= byte <= 90 for byte in name):
                 raise ProtocolError("uppercase header field name forbidden in HTTP/2")
+            self._validate_field_value(value)
             if name.startswith(b":"):
                 if regular_seen:
                     raise ProtocolError("pseudo-header after regular header")
@@ -1095,10 +1266,22 @@ class HTTP2ConnectionHandler:
                     raise ProtocolError("connection-specific header forbidden in HTTP/2")
                 if name == b"te" and value.lower() != b"trailers":
                     raise ProtocolError("invalid TE header for HTTP/2")
+                if name == b"host":
+                    host_values.append(value)
         if b":method" not in pseudo_seen:
             raise ProtocolError("missing :method pseudo-header")
-        method = dict(headers).get(b":method", b"GET")
-        protocol = dict(headers).get(b":protocol")
+        pseudo_headers = {name: value for name, value in headers if name.startswith(b":")}
+        method = pseudo_headers.get(b":method", b"GET")
+        protocol = pseudo_headers.get(b":protocol")
+        authority = pseudo_headers.get(b":authority")
+        if authority is not None and b"@" in authority:
+            raise ProtocolError("userinfo is forbidden in :authority")
+        if host_values:
+            normalized_hosts = {value.lower() for value in host_values}
+            if len(normalized_hosts) != 1:
+                raise ProtocolError("conflicting host header values")
+            if authority is not None and next(iter(normalized_hosts)) != authority.lower():
+                raise ProtocolError("host header must match :authority")
         if protocol is not None:
             if method != b"CONNECT":
                 raise ProtocolError("extended CONNECT requires CONNECT method")
@@ -1121,15 +1304,26 @@ class HTTP2ConnectionHandler:
         pseudo = {k: v for k, v in state.headers if k.startswith(b":")}
         headers = [(k, v) for k, v in state.headers if not k.startswith(b":")]
         method = pseudo.get(b":method", b"GET").decode("ascii", "strict")
+        if state.expected_content_length is not None:
+            observed = len(state.body)
+            if observed > state.expected_content_length:
+                raise ProtocolError("request body exceeds content-length")
+            if state.end_stream_received and observed != state.expected_content_length:
+                raise ProtocolError("request body does not match content-length")
         if method.upper() == "CONNECT" and pseudo.get(b":protocol") != b"websocket":
             target = pseudo.get(b":authority", b"").decode("ascii", "strict")
             path = target
             raw_path = target.encode("ascii", "strict")
             query_string = b""
         else:
-            target = pseudo.get(b":path", b"/").decode("ascii", "strict")
+            target_bytes = pseudo.get(b":path", b"")
+            if not target_bytes:
+                raise ProtocolError("empty :path pseudo-header")
+            target = target_bytes.decode("ascii", "strict")
             split = urlsplit(target)
-            path = split.path or "/"
+            if not split.path:
+                raise ProtocolError("malformed request target")
+            path = split.path
             raw_path = path.encode("utf-8")
             query_string = split.query.encode("ascii")
         return ParsedRequest(
@@ -1162,18 +1356,20 @@ class HTTP2ConnectionHandler:
                     self.streams.close(stream_id)
                 self._maybe_finish_after_goaway()
                 return
-            status, headers, body, trailers, informational, body_segments, cleanup = await self._run_http_app(stream_id, request, allow_push=True)
-            for interim_status, interim_headers in informational:
-                await self._send_stream_headers(stream_id, interim_status, sanitize_early_hints_headers(interim_headers), end_stream=False)
-            try:
-                await self._send_response(stream_id, status, headers, body, trailers, body_segments=body_segments)
-            finally:
-                if cleanup is not None:
-                    cleanup()
+            if state.end_stream_received:
+                status, headers, body, trailers, informational, body_segments, cleanup = await self._run_http_app(stream_id, request, allow_push=True)
+                for interim_status, interim_headers in informational:
+                    await self._send_stream_headers(stream_id, interim_status, sanitize_early_hints_headers(interim_headers), end_stream=False)
+                try:
+                    await self._send_response(stream_id, status, headers, body, trailers, body_segments=body_segments)
+                finally:
+                    if cleanup is not None:
+                        cleanup()
+            else:
+                status = await self._run_http_app_live(stream_id, request, allow_push=True)
             self.access_logger.log_http(self.client, request.method, request.path, status, "HTTP/2")
             if self.streams.find(stream_id) is not None:
-                self._cancel_stream(stream_id)
-                self.streams.close(stream_id)
+                self._finalize_stream_if_complete(stream_id)
             self._maybe_finish_after_goaway()
         finally:
             self._release_stream_work_lease(stream_id)