Testing of and fix for HTTP2 "Rapid Reset" issue

[maxlee-diagnoseearly]

I'm using Actix-web in several different projects between different companies, and this vulnerability was brought up to my attention by our IT person.

• Has actix been testing for this vulnerability yet?
• What would be the appropriate way to go about remediating the vulnerability if it does exist?

While I might be missing something, at least what I'm looking at here, it doesn't seem like there are any facilities set up to check if a client is abusing the connection, and I'm beginning the process of trying to understand how it would be added into this framework.

Link to Google's write-up of of the "rapid reset" vulnerability:
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack

[robjtede]

The h2 crate, which Actix Web relies on for HTTP/2 support, is unaffected.