SpringBoot "Server" header is missing in HTTP/2 responses

Bug Report

With both server.server-header=CustomServer and server.http2.enabled=true set in application.properties, the Server: CustomerServer header is missing in HTTP/2 responses, though it works for HTTP/1.1.

Steps to Reproduce

1. Create a Spring Boot application with spring-boot-starter-web.

```gradle // build.gradle

plugins { id 'java' id 'org.springframework.boot' version '3.3.4' id 'io.spring.dependency-management' version '1.1.6' }

group = 'com.example' version = '0.0.1-SNAPSHOT'

java { toolchain { languageVersion = JavaLanguageVersion.of(21) } }

repositories { mavenCentral() }

dependencies { implementation 'org.springframework.boot:spring-boot-starter-web' testImplementation 'org.springframework.boot:spring-boot-starter-test' testRuntimeOnly 'org.junit.platform:junit-platform-launcher' }

tasks.named('test') { useJUnitPlatform() } ```

1. Add the following content to application.properties.

   server.server-header=CustomServer
   server.http2.enabled=true
   server.ssl.bundle=web
   spring.ssl.bundle.pem.web.keystore.certificate=file:/path/to/localhost.crt
   spring.ssl.bundle.pem.web.keystore.private-key=file:/path/to/localhost.key
   

2. Run the application and make requests in HTTP/1.1 and HTTP/2 respectively.

   $ curl -D - --http1.1 https://localhost:8080/
   HTTP/1.1 404 
   Vary: Origin
   Vary: Access-Control-Request-Method
   Vary: Access-Control-Request-Headers
   Content-Type: application/json
   Transfer-Encoding: chunked
   Date: Thu, 26 Sep 2024 04:53:34 GMT
   Server: CustomServer
   
   {"timestamp":"2024-09-26T04:53:34.550+00:00","status":404,"error":"Not Found","path":"/"}
   
   $ curl -D - --http2 https://localhost:8080/
   HTTP/2 404 
   vary: Origin
   vary: Access-Control-Request-Method
   vary: Access-Control-Request-Headers
   content-type: application/json
   date: Thu, 26 Sep 2024 04:53:38 GMT
   
   {"timestamp":"2024-09-26T04:53:38.853+00:00","status":404,"error":"Not Found","path":"/"}
   

---

Please let me know if I'm creating the issue in the wrong repo.

Comment From: wilkinsona

As far as I can tell, this is out of Spring Boot's control. We set the server property and add the Http2Protocol to the same Connector instance:

https://github.com/spring-projects/spring-boot/blob/eb7b6a776dd8b01849a0ea35d097b81f7eeec23e/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/tomcat/TomcatServletWebServerFactory.java#L345-L357

It's then up to Tomcat to honor these settings. It does so in Http11Processor which doesn't apply to HTTP/2. I'm going to close this one as I don't think there's anything that Spring Boot should do differently.

@markt-asf is it worth @ziqin raising this in Tomcat's issue tracker or is the behavior being specific to HTTP/1.1 intentional?

Comment From: markt-asf

That looks like an oversight to me. I'll add server and serverRemoveAppProvidedValues to the attributes the HTTP/2 protocol picks up from the HTTP/1.1 protocol. The fix should be in the October releases.

Comment From: wilkinsona

Thanks very much, Mark.