Adding upstream version 110.0.1.upstream/110.0.1upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

99 files changed, 22506 insertions, 0 deletions

diff --git a/testing/web-platform/tests/tools/third_party/h2/.coveragerc b/testing/web-platform/tests/tools/third_party/h2/.coveragerc
new file mode 100644
index 0000000000..153e38d3e0
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/.coveragerc
@@ -0,0 +1,18 @@
+[run]
+branch = True
+source = h2
+
+[report]
+fail_under = 100
+show_missing = True
+exclude_lines =
+    pragma: no cover
+    .*:.* # Python \d.*
+    assert False, "Should not be reachable"
+    .*:.* # Platform-specific:
+
+[paths]
+source =
+    h2/
+    .tox/*/lib/python*/site-packages/h2
+    .tox/pypy*/site-packages/h2
diff --git a/testing/web-platform/tests/tools/third_party/h2/CONTRIBUTORS.rst b/testing/web-platform/tests/tools/third_party/h2/CONTRIBUTORS.rst
new file mode 100644
index 0000000000..5c4849fef0
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/CONTRIBUTORS.rst
@@ -0,0 +1,115 @@
+Hyper-h2 is written and maintained by Cory Benfield and various contributors:
+
+Development Lead
+````````````````
+
+- Cory Benfield <cory@lukasa.co.uk>
+
+Contributors
+````````````
+
+In chronological order:
+
+- Robert Collins (@rbtcollins)
+
+  - Provided invaluable and substantial early input into API design and layout.
+  - Added code preventing ``Proxy-Authorization`` from getting added to HPACK
+    compression contexts.
+
+- Maximilian Hils (@maximilianhils)
+
+  - Added asyncio example.
+
+- Alex Chan (@alexwlchan)
+
+  - Fixed docstring, added URLs to README.
+
+- Glyph Lefkowitz (@glyph)
+
+  - Improved example Twisted server.
+
+- Thomas Kriechbaumer (@Kriechi)
+
+  - Fixed incorrect arguments being passed to ``StreamIDTooLowError``.
+  - Added new arguments to ``close_connection``.
+
+- WeiZheng Xu (@boyxuper)
+
+  - Reported a bug relating to hyper-h2's updating of the connection window in
+    response to SETTINGS_INITIAL_WINDOW_SIZE.
+
+- Evgeny Tataurov (@etataurov)
+
+  - Added the ``additional_data`` field to the ``ConnectionTerminated`` event.
+
+- Brett Cannon (@brettcannon)
+
+  - Changed Travis status icon to SVG.
+  - Documentation improvements.
+
+- Felix Yan (@felixonmars)
+
+  - Widened allowed version numbers of enum34.
+  - Updated test requirements.
+
+- Keith Dart (@kdart)
+
+  - Fixed curio example server flow control problems.
+
+- Gil Gonçalves (@LuRsT)
+
+  - Added code forbidding non-RFC 7540 pseudo-headers.
+
+- Louis Taylor (@kragniz)
+
+  - Cleaned up the README
+
+- Berker Peksag (@berkerpeksag)
+
+  - Improved the docstring for ``StreamIDTooLowError``.
+
+- Adrian Lewis (@aidylewis)
+
+  - Fixed the broken Twisted HEAD request example.
+  - Added verification logic for ensuring that responses to HEAD requests have
+    no body.
+
+- Lorenzo (@Mec-iS)
+
+  - Changed documentation to stop using dictionaries for header blocks.
+
+- Kracekumar Ramaraj (@kracekumar)
+
+  - Cleaned up Twisted example.
+
+- @mlvnd
+
+  - Cleaned up curio example.
+
+- Tom Offermann (@toffer)
+
+  - Added Tornado example.
+
+- Tarashish Mishra (@sunu)
+
+  - Added code to reject header fields with leading/trailing whitespace.
+  - Added code to remove leading/trailing whitespace from sent header fields.
+
+- Nate Prewitt (@nateprewitt)
+
+  - Added code to validate that trailers do not contain pseudo-header fields.
+
+- Chun-Han, Hsiao (@chhsiao90)
+
+  - Fixed a bug with invalid ``HTTP2-Settings`` header output in plaintext
+    upgrade.
+
+- Bhavishya (@bhavishyagopesh)
+
+  - Added support for equality testing to ``h2.settings.Settings`` objects.
+
+- Fred Thomsen (@fredthomsen)
+
+  - Added logging.
+  - Enhance equality testing of ``h2.settings.Settings`` objects with
+    ``hypothesis``.
diff --git a/testing/web-platform/tests/tools/third_party/h2/HISTORY.rst b/testing/web-platform/tests/tools/third_party/h2/HISTORY.rst
new file mode 100644
index 0000000000..5244cd8a94
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/HISTORY.rst
@@ -0,0 +1,760 @@
+Release History
+===============
+
+3.2.0 (2020-02-08)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- Receiving DATA frames on closed (or reset) streams now properly emit a
+  WINDOW_UPDATE to keep the connection flow window topped up.
+
+API Changes (Backward-Incompatible)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- ``h2.config.logger`` now uses a `trace(...)` function, in addition
+  to `debug(...)`. If you defined a custom logger object, you need to handle
+  these new function calls.
+
+
+3.1.1 (2019-08-02)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- Ignore WINDOW_UPDATE and RST_STREAM frames received after stream
+  closure.
+
+
+3.1.0 (2019-01-22)
+------------------
+
+API Changes (Backward-Incompatible)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- ``h2.connection.H2Connection.data_to_send`` first and only argument ``amt``
+  was renamed to ``amount``.
+- Support for Python 3.3 has been removed.
+
+API Changes (Backward-Compatible)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- ``h2.connection.H2Connection.send_data`` now supports ``data`` parameter
+  being a ``memoryview`` object.
+- Refactor ping-related events: a ``h2.events.PingReceived`` event is fired
+  when a PING frame is received and a ``h2.events.PingAckReceived`` event is
+  fired when a PING frame with an ACK flag is received.
+  ``h2.events.PingAcknowledged`` is deprecated in favour of the identical
+  ``h2.events.PingAckReceived``.
+- Added ``ENABLE_CONNECT_PROTOCOL`` to ``h2.settings.SettingCodes``.
+- Support ``CONNECT`` requests with a ``:protocol`` pseudo header
+  thereby supporting RFC 8441.
+- A limit to the number of closed streams kept in memory by the
+  connection is applied. It can be configured by
+  ``h2.connection.H2Connection.MAX_CLOSED_STREAMS``.
+
+Bugfixes
+~~~~~~~~
+
+- Debug logging when stream_id is None is now fixed and no longer errors.
+
+3.0.1 (2017-04-03)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- CONTINUATION frames sent on closed streams previously caused stream errors
+  of type STREAM_CLOSED. RFC 7540 § 6.10 requires that these be connection
+  errors of type PROTOCOL_ERROR, and so this release changes to match that
+  behaviour.
+- Remote peers incrementing their inbound connection window beyond the maximum
+  allowed value now cause stream-level errors, rather than connection-level
+  errors, allowing connections to stay up longer.
+- h2 now rejects receiving and sending request header blocks that are missing
+  any of the mandatory pseudo-header fields (:path, :scheme, and :method).
+- h2 now rejects receiving and sending request header blocks that have an empty
+  :path pseudo-header value.
+- h2 now rejects receiving and sending request header blocks that contain
+  response-only pseudo-headers, and vice versa.
+- h2 now correct respects user-initiated changes to the HEADER_TABLE_SIZE
+  local setting, and ensures that if users shrink or increase the header
+  table size it is policed appropriately.
+
+
+2.6.2 (2017-04-03)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- CONTINUATION frames sent on closed streams previously caused stream errors
+  of type STREAM_CLOSED. RFC 7540 § 6.10 requires that these be connection
+  errors of type PROTOCOL_ERROR, and so this release changes to match that
+  behaviour.
+- Remote peers incrementing their inbound connection window beyond the maximum
+  allowed value now cause stream-level errors, rather than connection-level
+  errors, allowing connections to stay up longer.
+- h2 now rejects receiving and sending request header blocks that are missing
+  any of the mandatory pseudo-header fields (:path, :scheme, and :method).
+- h2 now rejects receiving and sending request header blocks that have an empty
+  :path pseudo-header value.
+- h2 now rejects receiving and sending request header blocks that contain
+  response-only pseudo-headers, and vice versa.
+- h2 now correct respects user-initiated changes to the HEADER_TABLE_SIZE
+  local setting, and ensures that if users shrink or increase the header
+  table size it is policed appropriately.
+
+
+2.5.4 (2017-04-03)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- CONTINUATION frames sent on closed streams previously caused stream errors
+  of type STREAM_CLOSED. RFC 7540 § 6.10 requires that these be connection
+  errors of type PROTOCOL_ERROR, and so this release changes to match that
+  behaviour.
+- Remote peers incrementing their inbound connection window beyond the maximum
+  allowed value now cause stream-level errors, rather than connection-level
+  errors, allowing connections to stay up longer.
+- h2 now correct respects user-initiated changes to the HEADER_TABLE_SIZE
+  local setting, and ensures that if users shrink or increase the header
+  table size it is policed appropriately.
+
+
+3.0.0 (2017-03-24)
+------------------
+
+API Changes (Backward-Incompatible)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- By default, hyper-h2 now joins together received cookie header fields, per
+  RFC 7540 Section 8.1.2.5.
+- Added a ``normalize_inbound_headers`` flag to the ``H2Configuration`` object
+  that defaults to ``True``. Setting this to ``False`` changes the behaviour
+  from the previous point back to the v2 behaviour.
+- Removed deprecated fields from ``h2.errors`` module.
+- Removed deprecated fields from ``h2.settings`` module.
+- Removed deprecated ``client_side`` and ``header_encoding`` arguments from
+  ``H2Connection``.
+- Removed deprecated ``client_side`` and ``header_encoding`` properties from
+  ``H2Connection``.
+- ``dict`` objects are no longer allowed for user-supplied headers.
+- The default header encoding is now ``None``, not ``utf-8``: this means that
+  all events that carry headers now return those headers as byte strings by
+  default. The header encoding can be set back to ``utf-8`` to restore the old
+  behaviour.
+
+API Changes (Backward-Compatible)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Added new ``UnknownFrameReceived`` event that fires when unknown extension
+  frames have been received. This only fires when using hyperframe 5.0 or
+  later: earlier versions of hyperframe cause us to silently ignore extension
+  frames.
+
+Bugfixes
+~~~~~~~~
+
+None
+
+
+2.6.1 (2017-03-16)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- Allowed hyperframe v5 support while continuing to ignore unexpected frames.
+
+
+2.5.3 (2017-03-16)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- Allowed hyperframe v5 support while continuing to ignore unexpected frames.
+
+
+2.4.4 (2017-03-16)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- Allowed hyperframe v5 support while continuing to ignore unexpected frames.
+
+
+2.6.0 (2017-02-28)
+------------------
+
+API Changes (Backward-Compatible)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Added a new ``h2.events.Event`` class that acts as a base class for all
+  events.
+- Rather than reject outbound Connection-specific headers, h2 will now
+  normalize the header block by removing them.
+- Implement equality for the ``h2.settings.Settings`` class.
+- Added ``h2.settings.SettingCodes``, an enum that is used to store all the
+  HTTP/2 setting codes. This allows us to use a better printed representation of
+  the setting code in most places that it is used.
+- The ``setting`` field in ``ChangedSetting`` for the ``RemoteSettingsChanged``
+  and ``SettingsAcknowledged`` events has been updated to be instances of
+  ``SettingCodes`` whenever they correspond to a known setting code. When they
+  are an unknown setting code, they are instead ``int``. As ``SettingCodes`` is
+  a subclass of ``int``, this is non-breaking.
+- Deprecated the other fields in ``h2.settings``. These will be removed in
+  3.0.0.
+- Added an optional ``pad_length`` parameter to ``H2Connection.send_data``
+  to allow the user to include padding on a data frame.
+- Added a new parameter to the ``h2.config.H2Configuration`` initializer which
+  takes a logger.  This allows us to log by providing a logger that conforms
+  to the requirements of this module so that it can be used in different
+  environments.
+
+Bugfixes
+~~~~~~~~
+
+- Correctly reject pushed request header blocks whenever they have malformed
+  request header blocks.
+- Correctly normalize pushed request header blocks whenever they have
+  normalizable header fields.
+- Remote peers are now allowed to send zero or any positive number as a value
+  for ``SETTINGS_MAX_HEADER_LIST_SIZE``, where previously sending zero would
+  raise a ``InvalidSettingsValueError``.
+- Resolved issue where the ``HTTP2-Settings`` header value for plaintext
+  upgrade that was emitted by ``initiate_upgrade_connection`` included the
+  *entire* ``SETTINGS`` frame, instead of just the payload.
+- Resolved issue where the ``HTTP2-Settings`` header value sent by a client for
+  plaintext upgrade would be ignored by ``initiate_upgrade_connection``, rather
+  than have those settings applied appropriately.
+- Resolved an issue whereby certain frames received from a peer in the CLOSED
+  state would trigger connection errors when RFC 7540 says they should have
+  triggered stream errors instead. Added more detailed stream closure tracking
+  to ensure we don't throw away connections unnecessarily.
+
+
+2.5.2 (2017-01-27)
+------------------
+
+- Resolved issue where the ``HTTP2-Settings`` header value for plaintext
+  upgrade that was emitted by ``initiate_upgrade_connection`` included the
+  *entire* ``SETTINGS`` frame, instead of just the payload.
+- Resolved issue where the ``HTTP2-Settings`` header value sent by a client for
+  plaintext upgrade would be ignored by ``initiate_upgrade_connection``, rather
+  than have those settings applied appropriately.
+
+
+2.4.3 (2017-01-27)
+------------------
+
+- Resolved issue where the ``HTTP2-Settings`` header value for plaintext
+  upgrade that was emitted by ``initiate_upgrade_connection`` included the
+  *entire* ``SETTINGS`` frame, instead of just the payload.
+- Resolved issue where the ``HTTP2-Settings`` header value sent by a client for
+  plaintext upgrade would be ignored by ``initiate_upgrade_connection``, rather
+  than have those settings applied appropriately.
+
+
+2.3.4 (2017-01-27)
+------------------
+
+- Resolved issue where the ``HTTP2-Settings`` header value for plaintext
+  upgrade that was emitted by ``initiate_upgrade_connection`` included the
+  *entire* ``SETTINGS`` frame, instead of just the payload.
+- Resolved issue where the ``HTTP2-Settings`` header value sent by a client for
+  plaintext upgrade would be ignored by ``initiate_upgrade_connection``, rather
+  than have those settings applied appropriately.
+
+
+2.5.1 (2016-12-17)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- Remote peers are now allowed to send zero or any positive number as a value
+  for ``SETTINGS_MAX_HEADER_LIST_SIZE``, where previously sending zero would
+  raise a ``InvalidSettingsValueError``.
+
+
+2.5.0 (2016-10-25)
+------------------
+
+API Changes (Backward-Compatible)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Added a new ``H2Configuration`` object that allows rich configuration of
+  a ``H2Connection``. This object supersedes the prior keyword arguments to the
+  ``H2Connection`` object, which are now deprecated and will be removed in 3.0.
+- Added support for automated window management via the
+  ``acknowledge_received_data`` method. See the documentation for more details.
+- Added a ``DenialOfServiceError`` that is raised whenever a behaviour that
+  looks like a DoS attempt is encountered: for example, an overly large
+  decompressed header list. This is a subclass of ``ProtocolError``.
+- Added support for setting and managing ``SETTINGS_MAX_HEADER_LIST_SIZE``.
+  This setting is now defaulted to 64kB.
+- Added ``h2.errors.ErrorCodes``, an enum that is used to store all the HTTP/2
+  error codes. This allows us to use a better printed representation of the
+  error code in most places that it is used.
+- The ``error_code`` fields on ``ConnectionTerminated`` and ``StreamReset``
+  events have been updated to be instances of ``ErrorCodes`` whenever they
+  correspond to a known error code. When they are an unknown error code, they
+  are instead ``int``. As ``ErrorCodes`` is a subclass of ``int``, this is
+  non-breaking.
+- Deprecated the other fields in ``h2.errors``. These will be removed in 3.0.0.
+
+Bugfixes
+~~~~~~~~
+
+- Correctly reject request header blocks with neither :authority nor Host
+  headers, or header blocks which contain mismatched :authority and Host
+  headers, per RFC 7540 Section 8.1.2.3.
+- Correctly expect that responses to HEAD requests will have no body regardless
+  of the value of the Content-Length header, and reject those that do.
+- Correctly refuse to send header blocks that contain neither :authority nor
+  Host headers, or header blocks which contain mismatched :authority and Host
+  headers, per RFC 7540 Section 8.1.2.3.
+- Hyper-h2 will now reject header field names and values that contain leading
+  or trailing whitespace.
+- Correctly strip leading/trailing whitespace from header field names and
+  values.
+- Correctly refuse to send header blocks with a TE header whose value is not
+  ``trailers``, per RFC 7540 Section 8.1.2.2.
+- Correctly refuse to send header blocks with connection-specific headers,
+  per RFC 7540 Section 8.1.2.2.
+- Correctly refuse to send header blocks that contain duplicate pseudo-header
+  fields, or with pseudo-header fields that appear after ordinary header fields,
+  per RFC 7540 Section 8.1.2.1.
+
+  This may cause passing a dictionary as the header block to ``send_headers``
+  to throw a ``ProtocolError``, because dictionaries are unordered and so they
+  may trip this check.  Passing dictionaries here is deprecated, and callers
+  should change to using a sequence of 2-tuples as their header blocks.
+- Correctly reject trailers that contain HTTP/2 pseudo-header fields, per RFC
+  7540 Section 8.1.2.1.
+- Correctly refuse to send trailers that contain HTTP/2 pseudo-header fields,
+  per RFC 7540 Section 8.1.2.1.
+- Correctly reject responses that do not contain the ``:status`` header field,
+  per RFC 7540 Section 8.1.2.4.
+- Correctly refuse to send responses that do not contain the ``:status`` header
+  field, per RFC 7540 Section 8.1.2.4.
+- Correctly update the maximum frame size when the user updates the value of
+  that setting. Prior to this release, if the user updated the maximum frame
+  size hyper-h2 would ignore the update, preventing the remote peer from using
+  the higher frame sizes.
+
+2.4.2 (2016-10-25)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- Correctly update the maximum frame size when the user updates the value of
+  that setting. Prior to this release, if the user updated the maximum frame
+  size hyper-h2 would ignore the update, preventing the remote peer from using
+  the higher frame sizes.
+
+2.3.3 (2016-10-25)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- Correctly update the maximum frame size when the user updates the value of
+  that setting. Prior to this release, if the user updated the maximum frame
+  size hyper-h2 would ignore the update, preventing the remote peer from using
+  the higher frame sizes.
+
+2.2.7 (2016-10-25)
+------------------
+
+*Final 2.2.X release*
+
+Bugfixes
+~~~~~~~~
+
+- Correctly update the maximum frame size when the user updates the value of
+  that setting. Prior to this release, if the user updated the maximum frame
+  size hyper-h2 would ignore the update, preventing the remote peer from using
+  the higher frame sizes.
+
+2.4.1 (2016-08-23)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- Correctly expect that responses to HEAD requests will have no body regardless
+  of the value of the Content-Length header, and reject those that do.
+
+2.3.2 (2016-08-23)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- Correctly expect that responses to HEAD requests will have no body regardless
+  of the value of the Content-Length header, and reject those that do.
+
+2.4.0 (2016-07-01)
+------------------
+
+API Changes (Backward-Compatible)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Adds ``additional_data`` to ``H2Connection.close_connection``, allowing the
+  user to send additional debug data on the GOAWAY frame.
+- Adds ``last_stream_id`` to ``H2Connection.close_connection``, allowing the
+  user to manually control what the reported last stream ID is.
+- Add new method: ``prioritize``.
+- Add support for emitting stream priority information when sending headers
+  frames using three new keyword arguments: ``priority_weight``,
+  ``priority_depends_on``, and ``priority_exclusive``.
+- Add support for "related events": events that fire simultaneously on a single
+  frame.
+
+
+2.3.1 (2016-05-12)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- Resolved ``AttributeError`` encountered when receiving more than one sequence
+  of CONTINUATION frames on a given connection.
+
+
+2.2.5 (2016-05-12)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- Resolved ``AttributeError`` encountered when receiving more than one sequence
+  of CONTINUATION frames on a given connection.
+
+
+2.3.0 (2016-04-26)
+------------------
+
+API Changes (Backward-Compatible)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Added a new flag to the ``H2Connection`` constructor: ``header_encoding``,
+  that controls what encoding is used (if any) to decode the headers from bytes
+  to unicode. This defaults to UTF-8 for backward compatibility. To disable the
+  decode and use bytes exclusively, set the field to False, None, or the empty
+  string. This affects all headers, including those pushed by servers.
+- Bumped the minimum version of HPACK allowed from 2.0 to 2.2.
+- Added support for advertising RFC 7838 Alternative services.
+- Allowed users to provide ``hpack.HeaderTuple`` and
+  ``hpack.NeverIndexedHeaderTuple`` objects to all methods that send headers.
+- Changed all events that carry headers to emit ``hpack.HeaderTuple`` and
+  ``hpack.NeverIndexedHeaderTuple`` instead of plain tuples. This allows users
+  to maintain header indexing state.
+- Added support for plaintext upgrade with the ``initiate_upgrade_connection``
+  method.
+
+Bugfixes
+~~~~~~~~
+
+- Automatically ensure that all ``Authorization`` and ``Proxy-Authorization``
+  headers, as well as short ``Cookie`` headers, are prevented from being added
+  to encoding contexts.
+
+2.2.4 (2016-04-25)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- Correctly forbid pseudo-headers that were not defined in RFC 7540.
+- Ignore AltSvc frames, rather than exploding when receiving them.
+
+2.1.5 (2016-04-25)
+------------------
+
+*Final 2.1.X release*
+
+Bugfixes
+~~~~~~~~
+
+- Correctly forbid pseudo-headers that were not defined in RFC 7540.
+- Ignore AltSvc frames, rather than exploding when receiving them.
+
+2.2.3 (2016-04-13)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- Allowed the 4.X series of hyperframe releases as dependencies.
+
+2.1.4 (2016-04-13)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- Allowed the 4.X series of hyperframe releases as dependencies.
+
+
+2.2.2 (2016-04-05)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- Fixed issue where informational responses were erroneously not allowed to be
+  sent in the ``HALF_CLOSED_REMOTE`` state.
+- Fixed issue where informational responses were erroneously not allowed to be
+  received in the ``HALF_CLOSED_LOCAL`` state.
+- Fixed issue where we allowed information responses to be sent or received
+  after final responses.
+
+2.2.1 (2016-03-23)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- Fixed issue where users using locales that did not default to UTF-8 were
+  unable to install source distributions of the package.
+
+2.2.0 (2016-03-23)
+------------------
+
+API Changes (Backward-Compatible)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Added support for sending informational responses (responses with 1XX status)
+  codes as part of the standard flow. HTTP/2 allows zero or more informational
+  responses with no upper limit: hyper-h2 does too.
+- Added support for receiving informational responses (responses with 1XX
+  status) codes as part of the standard flow. HTTP/2 allows zero or more
+  informational responses with no upper limit: hyper-h2 does too.
+- Added a new event: ``ReceivedInformationalResponse``. This response is fired
+  when informational responses (those with 1XX status codes).
+- Added an ``additional_data`` field to the ``ConnectionTerminated`` event that
+  carries any additional data sent on the GOAWAY frame. May be ``None`` if no
+  such data was sent.
+- Added the ``initial_values`` optional argument to the ``Settings`` object.
+
+Bugfixes
+~~~~~~~~
+
+- Correctly reject all of the connection-specific headers mentioned in RFC 7540
+  § 8.1.2.2, not just the ``Connection:`` header.
+- Defaulted the value of ``SETTINGS_MAX_CONCURRENT_STREAMS`` to 100, unless
+  explicitly overridden. This is a safe defensive initial value for this
+  setting.
+
+2.1.3 (2016-03-16)
+------------------
+
+Deprecations
+~~~~~~~~~~~~
+
+- Passing dictionaries to ``send_headers`` as the header block is deprecated,
+  and will be removed in 3.0.
+
+2.1.2 (2016-02-17)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- Reject attempts to push streams on streams that were themselves pushed:
+  streams can only be pushed on streams that were initiated by the client.
+- Correctly allow CONTINUATION frames to extend the header block started by a
+  PUSH_PROMISE frame.
+- Changed our handling of frames received on streams that were reset by the
+  user.
+
+  Previously these would, at best, cause ProtocolErrors to be raised and the
+  connection to be torn down (rather defeating the point of resetting streams
+  at all) and, at worst, would cause subtle inconsistencies in state between
+  hyper-h2 and the remote peer that could lead to header block decoding errors
+  or flow control blockages.
+
+  Now when the user resets a stream all further frames received on that stream
+  are ignored except where they affect some form of connection-level state,
+  where they have their effect and are then ignored.
+- Fixed a bug whereby receiving a PUSH_PROMISE frame on a stream that was
+  closed would cause a RST_STREAM frame to be emitted on the closed-stream,
+  but not the newly-pushed one. Now this causes a ``ProtocolError``.
+
+2.1.1 (2016-02-05)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- Added debug representations for all events.
+- Fixed problems with setup.py that caused trouble on older setuptools/pip
+  installs.
+
+2.1.0 (2016-02-02)
+------------------
+
+API Changes (Backward-Compatible)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Added new field to ``DataReceived``: ``flow_controlled_length``. This is the
+  length of the frame including padded data, allowing users to correctly track
+  changes to the flow control window.
+- Defined new ``UnsupportedFrameError``, thrown when frames that are known to
+  hyperframe but not supported by hyper-h2 are received. For
+  backward-compatibility reasons, this is a ``ProtocolError`` *and* a
+  ``KeyError``.
+
+Bugfixes
+~~~~~~~~
+
+- Hyper-h2 now correctly accounts for padding when maintaining flow control
+  windows.
+- Resolved a bug where hyper-h2 would mistakenly apply
+  SETTINGS_INITIAL_WINDOW_SIZE to the connection flow control window in
+  addition to the stream-level flow control windows.
+- Invalid Content-Length headers now throw ``ProtocolError`` exceptions and
+  correctly tear the connection down, instead of leaving the connection in an
+  indeterminate state.
+- Invalid header blocks now throw ``ProtocolError``, rather than a grab bag of
+  possible other exceptions.
+
+2.0.0 (2016-01-25)
+------------------
+
+API Changes (Breaking)
+~~~~~~~~~~~~~~~~~~~~~~
+
+- Attempts to open streams with invalid stream IDs, either by the remote peer
+  or by the user, are now rejected as a ``ProtocolError``. Previously these
+  were allowed, and would cause remote peers to error.
+- Receiving frames that have invalid padding now causes the connection to be
+  terminated with a ``ProtocolError`` being raised. Previously these passed
+  undetected.
+- Settings values set by both the user and the remote peer are now validated
+  when they're set. If they're invalid, a new ``InvalidSettingsValueError`` is
+  raised and, if set by the remote peer, a connection error is signaled.
+  Previously, it was possible to set invalid values. These would either be
+  caught when building frames, or would be allowed to stand.
+- Settings changes no longer require user action to be acknowledged: hyper-h2
+  acknowledges them automatically. This moves the location where some
+  exceptions may be thrown, and also causes the ``acknowledge_settings`` method
+  to be removed from the public API.
+- Removed a number of methods on the ``H2Connection`` object from the public,
+  semantically versioned API, by renaming them to have leading underscores.
+  Specifically, removed:
+
+    - ``get_stream_by_id``
+    - ``get_or_create_stream``
+    - ``begin_new_stream``
+    - ``receive_frame``
+    - ``acknowledge_settings``
+
+- Added full support for receiving CONTINUATION frames, including policing
+  logic about when and how they are received. Previously, receiving
+  CONTINUATION frames was not supported and would throw exceptions.
+- All public API functions on ``H2Connection`` except for ``receive_data`` no
+  longer return lists of events, because these lists were always empty. Events
+  are now only raised by ``receive_data``.
+- Calls to ``increment_flow_control_window`` with out of range values now raise
+  ``ValueError`` exceptions. Previously they would be allowed, or would cause
+  errors when serializing frames.
+
+API Changes (Backward-Compatible)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Added ``PriorityUpdated`` event for signaling priority changes.
+- Added ``get_next_available_stream_id`` function.
+- Receiving DATA frames on streams not in the OPEN or HALF_CLOSED_LOCAL states
+  now causes a stream reset, rather than a connection reset. The error is now
+  also classified as a ``StreamClosedError``, rather than a more generic
+  ``ProtocolError``.
+- Receiving HEADERS or PUSH_PROMISE frames in the HALF_CLOSED_REMOTE state now
+  causes a stream reset, rather than a connection reset.
+- Receiving frames that violate the max frame size now causes connection errors
+  with error code FRAME_SIZE_ERROR, not a generic PROTOCOL_ERROR. This
+  condition now also raises a ``FrameTooLargeError``, a new subclass of
+  ``ProtocolError``.
+- Made ``NoSuchStreamError`` a subclass of ``ProtocolError``.
+- The ``StreamReset`` event is now also fired whenever a protocol error from
+  the remote peer forces a stream to close early. This is only fired once.
+- The ``StreamReset`` event now carries a flag, ``remote_reset``, that is set
+  to ``True`` in all cases where ``StreamReset`` would previously have fired
+  (e.g. when the remote peer sent a RST_STREAM), and is set to ``False`` when
+  it fires because the remote peer made a protocol error.
+- Hyper-h2 now rejects attempts by peers to increment a flow control window by
+  zero bytes.
+- Hyper-h2 now rejects peers sending header blocks that are ill-formed for a
+  number of reasons as set out in RFC 7540 Section 8.1.2.
+- Attempting to send non-PRIORITY frames on closed streams now raises
+  ``StreamClosedError``.
+- Remote peers attempting to increase the flow control window beyond
+  ``2**31 - 1``, either by window increment or by settings frame, are now
+  rejected as ``ProtocolError``.
+- Local attempts to increase the flow control window beyond ``2**31 - 1`` by
+  window increment are now rejected as ``ProtocolError``.
+- The bytes that represent individual settings are now available in
+  ``h2.settings``, instead of needing users to import them from hyperframe.
+
+Bugfixes
+~~~~~~~~
+
+- RFC 7540 requires that a separate minimum stream ID be used for inbound and
+  outbound streams. Hyper-h2 now obeys this requirement.
+- Hyper-h2 now does a better job of reporting the last stream ID it has
+  partially handled when terminating connections.
+- Fixed an error in the arguments of ``StreamIDTooLowError``.
+- Prevent ``ValueError`` leaking from Hyperframe.
+- Prevent ``struct.error`` and ``InvalidFrameError`` leaking from Hyperframe.
+
+1.1.1 (2015-11-17)
+------------------
+
+Bugfixes
+~~~~~~~~
+
+- Forcibly lowercase all header names to improve compatibility with
+  implementations that demand lower-case header names.
+
+1.1.0 (2015-10-28)
+------------------
+
+API Changes (Backward-Compatible)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Added a new ``ConnectionTerminated`` event, which fires when GOAWAY frames
+  are received.
+- Added a subclass of ``NoSuchStreamError``, called ``StreamClosedError``, that
+  fires when actions are taken on a stream that is closed and has had its state
+  flushed from the system.
+- Added ``StreamIDTooLowError``, raised when the user or the remote peer
+  attempts to create a stream with an ID lower than one previously used in the
+  dialog. Inherits from ``ValueError`` for backward-compatibility reasons.
+
+Bugfixes
+~~~~~~~~
+
+- Do not throw ``ProtocolError`` when attempting to send multiple GOAWAY
+  frames on one connection.
+- We no longer forcefully change the decoder table size when settings changes
+  are ACKed, instead waiting for remote acknowledgement of the change.
+- Improve the performance of checking whether a stream is open.
+- We now attempt to lazily garbage collect closed streams, to avoid having the
+  state hang around indefinitely, leaking memory.
+- Avoid further per-stream allocations, leading to substantial performance
+  improvements when many short-lived streams are used.
+
+1.0.0 (2015-10-15)
+------------------
+
+- First production release!
diff --git a/testing/web-platform/tests/tools/third_party/h2/LICENSE b/testing/web-platform/tests/tools/third_party/h2/LICENSE
new file mode 100644
index 0000000000..7bb76c58ec
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015-2016 Cory Benfield and contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/testing/web-platform/tests/tools/third_party/h2/MANIFEST.in b/testing/web-platform/tests/tools/third_party/h2/MANIFEST.in
new file mode 100644
index 0000000000..04400de6b7
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/MANIFEST.in
@@ -0,0 +1,8 @@
+include README.rst LICENSE CONTRIBUTORS.rst HISTORY.rst tox.ini test_requirements.txt .coveragerc Makefile
+recursive-include test *.py *.sh
+graft docs
+prune docs/build
+graft visualizer
+recursive-include examples *.py *.crt *.key *.pem *.csr
+recursive-include utils *.sh
+recursive-include _travis *.sh
diff --git a/testing/web-platform/tests/tools/third_party/h2/Makefile b/testing/web-platform/tests/tools/third_party/h2/Makefile
new file mode 100644
index 0000000000..689077472f
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/Makefile
@@ -0,0 +1,9 @@
+.PHONY: publish test
+
+publish:
+	rm -rf dist/
+	python setup.py sdist bdist_wheel
+	twine upload -s dist/*
+
+test:
+	py.test -n 4 --cov h2 test/
diff --git a/testing/web-platform/tests/tools/third_party/h2/README.rst b/testing/web-platform/tests/tools/third_party/h2/README.rst
new file mode 100644
index 0000000000..7140d37acc
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/README.rst
@@ -0,0 +1,65 @@
+===============================
+hyper-h2: HTTP/2 Protocol Stack
+===============================
+
+.. image:: https://raw.github.com/Lukasa/hyper/development/docs/source/images/hyper.png
+
+.. image:: https://travis-ci.org/python-hyper/hyper-h2.svg?branch=master
+    :target: https://travis-ci.org/python-hyper/hyper-h2
+
+This repository contains a pure-Python implementation of a HTTP/2 protocol
+stack. It's written from the ground up to be embeddable in whatever program you
+choose to use, ensuring that you can speak HTTP/2 regardless of your
+programming paradigm.
+
+You use it like this:
+
+.. code-block:: python
+
+    import h2.connection
+
+    conn = h2.connection.H2Connection()
+    conn.send_headers(stream_id=stream_id, headers=headers)
+    conn.send_data(stream_id, data)
+    socket.sendall(conn.data_to_send())
+    events = conn.receive_data(socket_data)
+
+This repository does not provide a parsing layer, a network layer, or any rules
+about concurrency. Instead, it's a purely in-memory solution, defined in terms
+of data actions and HTTP/2 frames. This is one building block of a full Python
+HTTP implementation.
+
+To install it, just run:
+
+.. code-block:: console
+
+    $ pip install h2
+
+Documentation
+=============
+
+Documentation is available at http://python-hyper.org/h2/.
+
+Contributing
+============
+
+``hyper-h2`` welcomes contributions from anyone! Unlike many other projects we
+are happy to accept cosmetic contributions and small contributions, in addition
+to large feature requests and changes.
+
+Before you contribute (either by opening an issue or filing a pull request),
+please `read the contribution guidelines`_.
+
+.. _read the contribution guidelines: http://python-hyper.org/en/latest/contributing.html
+
+License
+=======
+
+``hyper-h2`` is made available under the MIT License. For more details, see the
+``LICENSE`` file in the repository.
+
+Authors
+=======
+
+``hyper-h2`` is maintained by Cory Benfield, with contributions from others. For
+more details about the contributors, please see ``CONTRIBUTORS.rst``.
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/Makefile b/testing/web-platform/tests/tools/third_party/h2/docs/Makefile
new file mode 100644
index 0000000000..32b233be83
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/Makefile
@@ -0,0 +1,177 @@
+# Makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line.
+SPHINXOPTS    =
+SPHINXBUILD   = sphinx-build
+PAPER         =
+BUILDDIR      = build
+
+# User-friendly check for sphinx-build
+ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1)
+$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/)
+endif
+
+# Internal variables.
+PAPEROPT_a4     = -D latex_paper_size=a4
+PAPEROPT_letter = -D latex_paper_size=letter
+ALLSPHINXOPTS   = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source
+# the i18n builder cannot share the environment and doctrees with the others
+I18NSPHINXOPTS  = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source
+
+.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext
+
+help:
+	@echo "Please use \`make <target>' where <target> is one of"
+	@echo "  html       to make standalone HTML files"
+	@echo "  dirhtml    to make HTML files named index.html in directories"
+	@echo "  singlehtml to make a single large HTML file"
+	@echo "  pickle     to make pickle files"
+	@echo "  json       to make JSON files"
+	@echo "  htmlhelp   to make HTML files and a HTML help project"
+	@echo "  qthelp     to make HTML files and a qthelp project"
+	@echo "  devhelp    to make HTML files and a Devhelp project"
+	@echo "  epub       to make an epub"
+	@echo "  latex      to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
+	@echo "  latexpdf   to make LaTeX files and run them through pdflatex"
+	@echo "  latexpdfja to make LaTeX files and run them through platex/dvipdfmx"
+	@echo "  text       to make text files"
+	@echo "  man        to make manual pages"
+	@echo "  texinfo    to make Texinfo files"
+	@echo "  info       to make Texinfo files and run them through makeinfo"
+	@echo "  gettext    to make PO message catalogs"
+	@echo "  changes    to make an overview of all changed/added/deprecated items"
+	@echo "  xml        to make Docutils-native XML files"
+	@echo "  pseudoxml  to make pseudoxml-XML files for display purposes"
+	@echo "  linkcheck  to check all external links for integrity"
+	@echo "  doctest    to run all doctests embedded in the documentation (if enabled)"
+
+clean:
+	rm -rf $(BUILDDIR)/*
+
+html:
+	$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
+	@echo
+	@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
+
+dirhtml:
+	$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
+	@echo
+	@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
+
+singlehtml:
+	$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
+	@echo
+	@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
+
+pickle:
+	$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
+	@echo
+	@echo "Build finished; now you can process the pickle files."
+
+json:
+	$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
+	@echo
+	@echo "Build finished; now you can process the JSON files."
+
+htmlhelp:
+	$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
+	@echo
+	@echo "Build finished; now you can run HTML Help Workshop with the" \
+	      ".hhp project file in $(BUILDDIR)/htmlhelp."
+
+qthelp:
+	$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
+	@echo
+	@echo "Build finished; now you can run "qcollectiongenerator" with the" \
+	      ".qhcp project file in $(BUILDDIR)/qthelp, like this:"
+	@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/hyper-h2.qhcp"
+	@echo "To view the help file:"
+	@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/hyper-h2.qhc"
+
+devhelp:
+	$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
+	@echo
+	@echo "Build finished."
+	@echo "To view the help file:"
+	@echo "# mkdir -p $$HOME/.local/share/devhelp/hyper-h2"
+	@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/hyper-h2"
+	@echo "# devhelp"
+
+epub:
+	$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
+	@echo
+	@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
+
+latex:
+	$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
+	@echo
+	@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
+	@echo "Run \`make' in that directory to run these through (pdf)latex" \
+	      "(use \`make latexpdf' here to do that automatically)."
+
+latexpdf:
+	$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
+	@echo "Running LaTeX files through pdflatex..."
+	$(MAKE) -C $(BUILDDIR)/latex all-pdf
+	@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
+
+latexpdfja:
+	$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
+	@echo "Running LaTeX files through platex and dvipdfmx..."
+	$(MAKE) -C $(BUILDDIR)/latex all-pdf-ja
+	@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
+
+text:
+	$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
+	@echo
+	@echo "Build finished. The text files are in $(BUILDDIR)/text."
+
+man:
+	$(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man
+	@echo
+	@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
+
+texinfo:
+	$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
+	@echo
+	@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
+	@echo "Run \`make' in that directory to run these through makeinfo" \
+	      "(use \`make info' here to do that automatically)."
+
+info:
+	$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
+	@echo "Running Texinfo files through makeinfo..."
+	make -C $(BUILDDIR)/texinfo info
+	@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
+
+gettext:
+	$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
+	@echo
+	@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
+
+changes:
+	$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
+	@echo
+	@echo "The overview file is in $(BUILDDIR)/changes."
+
+linkcheck:
+	$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
+	@echo
+	@echo "Link check complete; look for any errors in the above output " \
+	      "or in $(BUILDDIR)/linkcheck/output.txt."
+
+doctest:
+	$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
+	@echo "Testing of doctests in the sources finished, look at the " \
+	      "results in $(BUILDDIR)/doctest/output.txt."
+
+xml:
+	$(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml
+	@echo
+	@echo "Build finished. The XML files are in $(BUILDDIR)/xml."
+
+pseudoxml:
+	$(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml
+	@echo
+	@echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml."
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/make.bat b/testing/web-platform/tests/tools/third_party/h2/docs/make.bat
new file mode 100644
index 0000000000..537686d817
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/make.bat
@@ -0,0 +1,242 @@
+@ECHO OFF

+

+REM Command file for Sphinx documentation

+

+if "%SPHINXBUILD%" == "" (

+	set SPHINXBUILD=sphinx-build

+)

+set BUILDDIR=build

+set ALLSPHINXOPTS=-d %BUILDDIR%/doctrees %SPHINXOPTS% source

+set I18NSPHINXOPTS=%SPHINXOPTS% source

+if NOT "%PAPER%" == "" (

+	set ALLSPHINXOPTS=-D latex_paper_size=%PAPER% %ALLSPHINXOPTS%

+	set I18NSPHINXOPTS=-D latex_paper_size=%PAPER% %I18NSPHINXOPTS%

+)

+

+if "%1" == "" goto help

+

+if "%1" == "help" (

+	:help

+	echo.Please use `make ^<target^>` where ^<target^> is one of

+	echo.  html       to make standalone HTML files

+	echo.  dirhtml    to make HTML files named index.html in directories

+	echo.  singlehtml to make a single large HTML file

+	echo.  pickle     to make pickle files

+	echo.  json       to make JSON files

+	echo.  htmlhelp   to make HTML files and a HTML help project

+	echo.  qthelp     to make HTML files and a qthelp project

+	echo.  devhelp    to make HTML files and a Devhelp project

+	echo.  epub       to make an epub

+	echo.  latex      to make LaTeX files, you can set PAPER=a4 or PAPER=letter

+	echo.  text       to make text files

+	echo.  man        to make manual pages

+	echo.  texinfo    to make Texinfo files

+	echo.  gettext    to make PO message catalogs

+	echo.  changes    to make an overview over all changed/added/deprecated items

+	echo.  xml        to make Docutils-native XML files

+	echo.  pseudoxml  to make pseudoxml-XML files for display purposes

+	echo.  linkcheck  to check all external links for integrity

+	echo.  doctest    to run all doctests embedded in the documentation if enabled

+	goto end

+)

+

+if "%1" == "clean" (

+	for /d %%i in (%BUILDDIR%\*) do rmdir /q /s %%i

+	del /q /s %BUILDDIR%\*

+	goto end

+)

+

+

+%SPHINXBUILD% 2> nul

+if errorlevel 9009 (

+	echo.

+	echo.The 'sphinx-build' command was not found. Make sure you have Sphinx

+	echo.installed, then set the SPHINXBUILD environment variable to point

+	echo.to the full path of the 'sphinx-build' executable. Alternatively you

+	echo.may add the Sphinx directory to PATH.

+	echo.

+	echo.If you don't have Sphinx installed, grab it from

+	echo.http://sphinx-doc.org/

+	exit /b 1

+)

+

+if "%1" == "html" (

+	%SPHINXBUILD% -b html %ALLSPHINXOPTS% %BUILDDIR%/html

+	if errorlevel 1 exit /b 1

+	echo.

+	echo.Build finished. The HTML pages are in %BUILDDIR%/html.

+	goto end

+)

+

+if "%1" == "dirhtml" (

+	%SPHINXBUILD% -b dirhtml %ALLSPHINXOPTS% %BUILDDIR%/dirhtml

+	if errorlevel 1 exit /b 1

+	echo.

+	echo.Build finished. The HTML pages are in %BUILDDIR%/dirhtml.

+	goto end

+)

+

+if "%1" == "singlehtml" (

+	%SPHINXBUILD% -b singlehtml %ALLSPHINXOPTS% %BUILDDIR%/singlehtml

+	if errorlevel 1 exit /b 1

+	echo.

+	echo.Build finished. The HTML pages are in %BUILDDIR%/singlehtml.

+	goto end

+)

+

+if "%1" == "pickle" (

+	%SPHINXBUILD% -b pickle %ALLSPHINXOPTS% %BUILDDIR%/pickle

+	if errorlevel 1 exit /b 1

+	echo.

+	echo.Build finished; now you can process the pickle files.

+	goto end

+)

+

+if "%1" == "json" (

+	%SPHINXBUILD% -b json %ALLSPHINXOPTS% %BUILDDIR%/json

+	if errorlevel 1 exit /b 1

+	echo.

+	echo.Build finished; now you can process the JSON files.

+	goto end

+)

+

+if "%1" == "htmlhelp" (

+	%SPHINXBUILD% -b htmlhelp %ALLSPHINXOPTS% %BUILDDIR%/htmlhelp

+	if errorlevel 1 exit /b 1

+	echo.

+	echo.Build finished; now you can run HTML Help Workshop with the ^

+.hhp project file in %BUILDDIR%/htmlhelp.

+	goto end

+)

+

+if "%1" == "qthelp" (

+	%SPHINXBUILD% -b qthelp %ALLSPHINXOPTS% %BUILDDIR%/qthelp

+	if errorlevel 1 exit /b 1

+	echo.

+	echo.Build finished; now you can run "qcollectiongenerator" with the ^

+.qhcp project file in %BUILDDIR%/qthelp, like this:

+	echo.^> qcollectiongenerator %BUILDDIR%\qthelp\hyper-h2.qhcp

+	echo.To view the help file:

+	echo.^> assistant -collectionFile %BUILDDIR%\qthelp\hyper-h2.ghc

+	goto end

+)

+

+if "%1" == "devhelp" (

+	%SPHINXBUILD% -b devhelp %ALLSPHINXOPTS% %BUILDDIR%/devhelp

+	if errorlevel 1 exit /b 1

+	echo.

+	echo.Build finished.

+	goto end

+)

+

+if "%1" == "epub" (

+	%SPHINXBUILD% -b epub %ALLSPHINXOPTS% %BUILDDIR%/epub

+	if errorlevel 1 exit /b 1

+	echo.

+	echo.Build finished. The epub file is in %BUILDDIR%/epub.

+	goto end

+)

+

+if "%1" == "latex" (

+	%SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex

+	if errorlevel 1 exit /b 1

+	echo.

+	echo.Build finished; the LaTeX files are in %BUILDDIR%/latex.

+	goto end

+)

+

+if "%1" == "latexpdf" (

+	%SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex

+	cd %BUILDDIR%/latex

+	make all-pdf

+	cd %BUILDDIR%/..

+	echo.

+	echo.Build finished; the PDF files are in %BUILDDIR%/latex.

+	goto end

+)

+

+if "%1" == "latexpdfja" (

+	%SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex

+	cd %BUILDDIR%/latex

+	make all-pdf-ja

+	cd %BUILDDIR%/..

+	echo.

+	echo.Build finished; the PDF files are in %BUILDDIR%/latex.

+	goto end

+)

+

+if "%1" == "text" (

+	%SPHINXBUILD% -b text %ALLSPHINXOPTS% %BUILDDIR%/text

+	if errorlevel 1 exit /b 1

+	echo.

+	echo.Build finished. The text files are in %BUILDDIR%/text.

+	goto end

+)

+

+if "%1" == "man" (

+	%SPHINXBUILD% -b man %ALLSPHINXOPTS% %BUILDDIR%/man

+	if errorlevel 1 exit /b 1

+	echo.

+	echo.Build finished. The manual pages are in %BUILDDIR%/man.

+	goto end

+)

+

+if "%1" == "texinfo" (

+	%SPHINXBUILD% -b texinfo %ALLSPHINXOPTS% %BUILDDIR%/texinfo

+	if errorlevel 1 exit /b 1

+	echo.

+	echo.Build finished. The Texinfo files are in %BUILDDIR%/texinfo.

+	goto end

+)

+

+if "%1" == "gettext" (

+	%SPHINXBUILD% -b gettext %I18NSPHINXOPTS% %BUILDDIR%/locale

+	if errorlevel 1 exit /b 1

+	echo.

+	echo.Build finished. The message catalogs are in %BUILDDIR%/locale.

+	goto end

+)

+

+if "%1" == "changes" (

+	%SPHINXBUILD% -b changes %ALLSPHINXOPTS% %BUILDDIR%/changes

+	if errorlevel 1 exit /b 1

+	echo.

+	echo.The overview file is in %BUILDDIR%/changes.

+	goto end

+)

+

+if "%1" == "linkcheck" (

+	%SPHINXBUILD% -b linkcheck %ALLSPHINXOPTS% %BUILDDIR%/linkcheck

+	if errorlevel 1 exit /b 1

+	echo.

+	echo.Link check complete; look for any errors in the above output ^

+or in %BUILDDIR%/linkcheck/output.txt.

+	goto end

+)

+

+if "%1" == "doctest" (

+	%SPHINXBUILD% -b doctest %ALLSPHINXOPTS% %BUILDDIR%/doctest

+	if errorlevel 1 exit /b 1

+	echo.

+	echo.Testing of doctests in the sources finished, look at the ^

+results in %BUILDDIR%/doctest/output.txt.

+	goto end

+)

+

+if "%1" == "xml" (

+	%SPHINXBUILD% -b xml %ALLSPHINXOPTS% %BUILDDIR%/xml

+	if errorlevel 1 exit /b 1

+	echo.

+	echo.Build finished. The XML files are in %BUILDDIR%/xml.

+	goto end

+)

+

+if "%1" == "pseudoxml" (

+	%SPHINXBUILD% -b pseudoxml %ALLSPHINXOPTS% %BUILDDIR%/pseudoxml

+	if errorlevel 1 exit /b 1

+	echo.

+	echo.Build finished. The pseudo-XML files are in %BUILDDIR%/pseudoxml.

+	goto end

+)

+

+:end

diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/_static/.keep b/testing/web-platform/tests/tools/third_party/h2/docs/source/_static/.keep
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/_static/.keep
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/_static/h2.connection.H2ConnectionStateMachine.dot.png b/testing/web-platform/tests/tools/third_party/h2/docs/source/_static/h2.connection.H2ConnectionStateMachine.dot.png
new file mode 100644
index 0000000000..f2c814ec77
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/_static/h2.connection.H2ConnectionStateMachine.dot.png
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/_static/h2.stream.H2StreamStateMachine.dot.png b/testing/web-platform/tests/tools/third_party/h2/docs/source/_static/h2.stream.H2StreamStateMachine.dot.png
new file mode 100644
index 0000000000..85bcb68321
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/_static/h2.stream.H2StreamStateMachine.dot.png
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/advanced-usage.rst b/testing/web-platform/tests/tools/third_party/h2/docs/source/advanced-usage.rst
new file mode 100644
index 0000000000..40496f0eae
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/advanced-usage.rst
@@ -0,0 +1,325 @@
+Advanced Usage
+==============
+
+Priority
+--------
+
+.. versionadded:: 2.0.0
+
+`RFC 7540`_ has a fairly substantial and complex section describing how to
+build a HTTP/2 priority tree, and the effect that should have on sending data
+from a server.
+
+Hyper-h2 does not enforce any priority logic by default for servers. This is
+because scheduling data sends is outside the scope of this library, as it
+likely requires fairly substantial understanding of the scheduler being used.
+
+However, for servers that *do* want to follow the priority recommendations
+given by clients, the Hyper project provides `an implementation`_ of the
+`RFC 7540`_ priority tree that will be useful to plug into a server. That,
+combined with the :class:`PriorityUpdated <h2.events.PriorityUpdated>` event from
+this library, can be used to build a server that conforms to RFC 7540's
+recommendations for priority handling.
+
+Related Events
+--------------
+
+.. versionadded:: 2.4.0
+
+In the 2.4.0 release hyper-h2 added support for signaling "related events".
+These are a HTTP/2-only construct that exist because certain HTTP/2 events can
+occur simultaneously: that is, one HTTP/2 frame can cause multiple state
+transitions to occur at the same time. One example of this is a HEADERS frame
+that contains priority information and carries the END_STREAM flag: this would
+cause three events to fire (one of the various request/response received
+events, a :class:`PriorityUpdated <h2.events.PriorityUpdated>` event, and a
+:class:`StreamEnded <h2.events.StreamEnded>` event).
+
+Ordinarily hyper-h2's logic will emit those events to you one at a time. This
+means that you may attempt to process, for example, a
+:class:`DataReceived <h2.events.DataReceived>` event, not knowing that the next
+event out will be a :class:`StreamEnded <h2.events.StreamEnded>` event.
+hyper-h2 *does* know this, however, and so will forbid you from taking certain
+actions that are a violation of the HTTP/2 protocol.
+
+To avoid this asymmetry of information, events that can occur simultaneously
+now carry properties for their "related events". These allow users to find the
+events that can have occurred simultaneously with each other before the event
+is emitted by hyper-h2. The following objects have "related events":
+
+- :class:`RequestReceived <h2.events.RequestReceived>`:
+
+    - :data:`stream_ended <h2.events.RequestReceived.stream_ended>`: any
+      :class:`StreamEnded <h2.events.StreamEnded>` event that occurred at the
+      same time as receiving this request.
+
+    - :data:`priority_updated
+      <h2.events.RequestReceived.priority_updated>`: any
+      :class:`PriorityUpdated <h2.events.PriorityUpdated>` event that occurred
+      at the same time as receiving this request.
+
+- :class:`ResponseReceived <h2.events.ResponseReceived>`:
+
+    - :data:`stream_ended <h2.events.ResponseReceived.stream_ended>`: any
+      :class:`StreamEnded <h2.events.StreamEnded>` event that occurred at the
+      same time as receiving this response.
+
+    - :data:`priority_updated
+      <h2.events.ResponseReceived.priority_updated>`: any
+      :class:`PriorityUpdated <h2.events.PriorityUpdated>` event that occurred
+      at the same time as receiving this response.
+
+- :class:`TrailersReceived <h2.events.TrailersReceived>`:
+
+    - :data:`stream_ended <h2.events.TrailersReceived.stream_ended>`: any
+      :class:`StreamEnded <h2.events.StreamEnded>` event that occurred at the
+      same time as receiving this set of trailers. This will **always** be
+      present for trailers, as they must terminate streams.
+
+    - :data:`priority_updated
+      <h2.events.TrailersReceived.priority_updated>`: any
+      :class:`PriorityUpdated <h2.events.PriorityUpdated>` event that occurred
+      at the same time as receiving this response.
+
+- :class:`InformationalResponseReceived
+  <h2.events.InformationalResponseReceived>`:
+
+    - :data:`priority_updated
+      <h2.events.InformationalResponseReceived.priority_updated>`: any
+      :class:`PriorityUpdated <h2.events.PriorityUpdated>` event that occurred
+      at the same time as receiving this informational response.
+
+- :class:`DataReceived <h2.events.DataReceived>`:
+
+    - :data:`stream_ended <h2.events.DataReceived.stream_ended>`: any
+      :class:`StreamEnded <h2.events.StreamEnded>` event that occurred at the
+      same time as receiving this data.
+
+
+.. warning:: hyper-h2 does not know if you are looking for related events or
+             expecting to find events in the event stream. Therefore, it will
+             always emit "related events" in the event stream. If you are using
+             the "related events" event pattern, you will want to be careful to
+             avoid double-processing related events.
+
+.. _h2-connection-advanced:
+
+Connections: Advanced
+---------------------
+
+Thread Safety
+~~~~~~~~~~~~~
+
+``H2Connection`` objects are *not* thread-safe. They cannot safely be accessed
+from multiple threads at once. This is a deliberate design decision: it is not
+trivially possible to design the ``H2Connection`` object in a way that would
+be either lock-free or have the locks at a fine granularity.
+
+Your implementations should bear this in mind, and handle it appropriately. It
+should be simple enough to use locking alongside the ``H2Connection``: simply
+lock around the connection object itself. Because the ``H2Connection`` object
+does no I/O it should be entirely safe to do that. Alternatively, have a single
+thread take ownership of the ``H2Connection`` and use a message-passing
+interface to serialize access to the ``H2Connection``.
+
+If you are using a non-threaded concurrency approach (e.g. Twisted), this
+should not affect you.
+
+Internal Buffers
+~~~~~~~~~~~~~~~~
+
+In order to avoid doing I/O, the ``H2Connection`` employs an internal buffer.
+This buffer is *unbounded* in size: it can potentially grow infinitely. This
+means that, if you are not making sure to regularly empty it, you are at risk
+of exceeding the memory limit of a single process and finding your program
+crashes.
+
+It is highly recommended that you send data at regular intervals, ideally as
+soon as possible.
+
+.. _advanced-sending-data:
+
+Sending Data
+~~~~~~~~~~~~
+
+When sending data on the network, it's important to remember that you may not
+be able to send an unbounded amount of data at once. Particularly when using
+TCP, it is often the case that there are limits on how much data may be in
+flight at any one time. These limits can be very low, and your operating system
+will only buffer so much data in memory before it starts to complain.
+
+For this reason, it is possible to consume only a subset of the data available
+when you call :meth:`data_to_send <h2.connection.H2Connection.data_to_send>`.
+However, once you have pulled the data out of the ``H2Connection`` internal
+buffer, it is *not* possible to put it back on again. For that reason, it is
+adviseable that you confirm how much space is available in the OS buffer before
+sending.
+
+Alternatively, use tools made available by your framework. For example, the
+Python standard library :mod:`socket <python:socket>` module provides a
+:meth:`sendall <python:socket.socket.sendall>` method that will automatically
+block until all the data has been sent. This will enable you to always use the
+unbounded form of
+:meth:`data_to_send <h2.connection.H2Connection.data_to_send>`, and will help
+you avoid subtle bugs.
+
+When To Send
+~~~~~~~~~~~~
+
+In addition to knowing how much data to send (see :ref:`advanced-sending-data`)
+it is important to know when to send data. For hyper-h2, this amounts to
+knowing when to call :meth:`data_to_send
+<h2.connection.H2Connection.data_to_send>`.
+
+Hyper-h2 may write data into its send buffer at two times. The first is
+whenever :meth:`receive_data <h2.connection.H2Connection.receive_data>` is
+called. This data is sent in response to some control frames that require no
+user input: for example, responding to PING frames. The second time is in
+response to user action: whenever a user calls a method like
+:meth:`send_headers <h2.connection.H2Connection.send_headers>`, data may be
+written into the buffer.
+
+In a standard design for a hyper-h2 consumer, then, that means there are two
+places where you'll potentially want to send data. The first is in your
+"receive data" loop. This is where you take the data you receive, pass it into
+:meth:`receive_data <h2.connection.H2Connection.receive_data>`, and then
+dispatch events. For this loop, it is usually best to save sending data until
+the loop is complete: that allows you to empty the buffer only once.
+
+The other place you'll want to send the data is when initiating requests or
+taking any other active, unprompted action on the connection. In this instance,
+you'll want to make all the relevant ``send_*`` calls, and *then* call
+:meth:`data_to_send <h2.connection.H2Connection.data_to_send>`.
+
+Headers
+-------
+
+HTTP/2 defines several "special header fields" which are used to encode data
+that was previously sent in either the request or status line of HTTP/1.1.
+These header fields are distinguished from ordinary header fields because their
+field name begins with a ``:`` character. The special header fields defined in
+`RFC 7540`_ are:
+
+- ``:status``
+- ``:path``
+- ``:method``
+- ``:scheme``
+- ``:authority``
+
+`RFC 7540`_ **mandates** that all of these header fields appear *first* in the
+header block, before the ordinary header fields. This could cause difficulty if
+the :meth:`send_headers <h2.connection.H2Connection.send_headers>` method
+accepted a plain ``dict`` for the ``headers`` argument, because ``dict``
+objects are unordered. For this reason, we require that you provide a list of
+two-tuples.
+
+.. _RFC 7540: https://tools.ietf.org/html/rfc7540
+.. _an implementation: http://python-hyper.org/projects/priority/en/latest/
+
+Flow Control
+------------
+
+HTTP/2 defines a complex flow control system that uses a sliding window of
+data on both a per-stream and per-connection basis. Essentially, each
+implementation allows its peer to send a specific amount of data at any time
+(the "flow control window") before it must stop. Each stream has a separate
+window, and the connection as a whole has a window. Each window can be opened
+by an implementation by sending a ``WINDOW_UPDATE`` frame, either on a specific
+stream (causing the window for that stream to be opened), or on stream ``0``,
+which causes the window for the entire connection to be opened.
+
+In HTTP/2, only data in ``DATA`` frames is flow controlled. All other frames
+are exempt from flow control. Each ``DATA`` frame consumes both stream and
+connection flow control window bytes. This means that the maximum amount of
+data that can be sent on any one stream before a ``WINDOW_UPDATE`` frame is
+received is the *lower* of the stream and connection windows. The maximum
+amount of data that can be sent on *all* streams before a ``WINDOW_UPDATE``
+frame is received is the size of the connection flow control window.
+
+Working With Flow Control
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The amount of flow control window a ``DATA`` frame consumes is the sum of both
+its contained application data *and* the amount of padding used. hyper-h2 shows
+this to the user in a :class:`DataReceived <h2.events.DataReceived>` event by
+using the :data:`flow_controlled_length
+<h2.events.DataReceived.flow_controlled_length>` field. When working with flow
+control in hyper-h2, users *must* use this field: simply using
+``len(datareceived.data)`` can eventually lead to deadlock.
+
+When data has been received and given to the user in a :class:`DataReceived
+<h2.events.DataReceived>`, it is the responsibility of the user to re-open the
+flow control window when the user is ready for more data. hyper-h2 does not do
+this automatically to avoid flooding the user with data: if we did, the remote
+peer could send unbounded amounts of data that the user would need to buffer
+before processing.
+
+To re-open the flow control window, then, the user must call
+:meth:`increment_flow_control_window
+<h2.connection.H2Connection.increment_flow_control_window>` with the
+:data:`flow_controlled_length <h2.events.DataReceived.flow_controlled_length>`
+of the received data. hyper-h2 requires that you manage both the connection
+and the stream flow control windows separately, so you may need to increment
+both the stream the data was received on and stream ``0``.
+
+When sending data, a HTTP/2 implementation must not send more than flow control
+window available for that stream. As noted above, the maximum amount of data
+that can be sent on the stream is the minimum of the stream and the connection
+flow control windows. You can find out how much data you can send on a given
+stream by using the :meth:`local_flow_control_window
+<h2.connection.H2Connection.local_flow_control_window>` method, which will do
+all of these calculations for you. If you attempt to send more than this amount
+of data on a stream, hyper-h2 will throw a :class:`ProtocolError
+<h2.exceptions.ProtocolError>` and refuse to send the data.
+
+In hyper-h2, receiving a ``WINDOW_UPDATE`` frame causes a :class:`WindowUpdated
+<h2.events.WindowUpdated>` event to fire. This will notify you that there is
+potentially more room in a flow control window. Note that, just because an
+increment of a given size was received *does not* mean that that much more data
+can be sent: remember that both the connection and stream flow control windows
+constrain how much data can be sent.
+
+As a result, when a :class:`WindowUpdated <h2.events.WindowUpdated>` event
+fires with a non-zero stream ID, and the user has more data to send on that
+stream, the user should call :meth:`local_flow_control_window
+<h2.connection.H2Connection.local_flow_control_window>` to check if there
+really is more room to send data on that stream.
+
+When a :class:`WindowUpdated <h2.events.WindowUpdated>` event fires with a
+stream ID of ``0``, that may have unblocked *all* streams that are currently
+blocked. The user should use :meth:`local_flow_control_window
+<h2.connection.H2Connection.local_flow_control_window>` to check all blocked
+streams to see if more data is available.
+
+Auto Flow Control
+~~~~~~~~~~~~~~~~~
+
+.. versionadded:: 2.5.0
+
+In most cases, there is no advantage for users in managing their own flow
+control strategies. While particular high performance or specific-use-case
+applications may gain value from directly controlling the emission of
+``WINDOW_UPDATE`` frames, the average application can use a
+lowest-common-denominator strategy to emit those frames. As of version 2.5.0,
+hyper-h2 now provides this automatic strategy for users, if they want to use
+it.
+
+This automatic strategy is built around a single method:
+:meth:`acknowledge_received_data
+<h2.connection.H2Connection.acknowledge_received_data>`. This method
+flags to the connection object that your application has dealt with a certain
+number of flow controlled bytes, and that the window should be incremented in
+some way. Whenever your application has "processed" some received bytes, this
+method should be called to signal that they have been processed.
+
+The key difference between this method and :meth:`increment_flow_control_window
+<h2.connection.H2Connection.increment_flow_control_window>` is that the method
+:meth:`acknowledge_received_data
+<h2.connection.H2Connection.acknowledge_received_data>` does not guarantee that
+it will emit a ``WINDOW_UPDATE`` frame, and if it does it will not necessarily
+emit them for *only* the stream or *only* the frame. Instead, the
+``WINDOW_UPDATE`` frames will be *coalesced*: they will be emitted only when
+a certain number of bytes have been freed up.
+
+For most applications, this method should be preferred to the manual flow
+control mechanism.
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/api.rst b/testing/web-platform/tests/tools/third_party/h2/docs/source/api.rst
new file mode 100644
index 0000000000..a46f8cce7d
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/api.rst
@@ -0,0 +1,169 @@
+Hyper-h2 API
+============
+
+This document details the API of Hyper-h2.
+
+Semantic Versioning
+-------------------
+
+Hyper-h2 follows semantic versioning for its public API. Please note that the
+guarantees of semantic versioning apply only to the API that is *documented
+here*. Simply because a method or data field is not prefaced by an underscore
+does not make it part of Hyper-h2's public API. Anything not documented here is
+subject to change at any time.
+
+Connection
+----------
+
+.. autoclass:: h2.connection.H2Connection
+   :members:
+   :exclude-members: inbound_flow_control_window
+
+
+Configuration
+-------------
+
+.. autoclass:: h2.config.H2Configuration
+   :members:
+
+
+.. _h2-events-api:
+
+Events
+------
+
+.. autoclass:: h2.events.RequestReceived
+   :members:
+
+.. autoclass:: h2.events.ResponseReceived
+   :members:
+
+.. autoclass:: h2.events.TrailersReceived
+   :members:
+
+.. autoclass:: h2.events.InformationalResponseReceived
+   :members:
+
+.. autoclass:: h2.events.DataReceived
+   :members:
+
+.. autoclass:: h2.events.WindowUpdated
+   :members:
+
+.. autoclass:: h2.events.RemoteSettingsChanged
+   :members:
+
+.. autoclass:: h2.events.PingReceived
+   :members:
+
+.. autoclass:: h2.events.PingAckReceived
+   :members:
+
+.. autoclass:: h2.events.StreamEnded
+   :members:
+
+.. autoclass:: h2.events.StreamReset
+   :members:
+
+.. autoclass:: h2.events.PushedStreamReceived
+   :members:
+
+.. autoclass:: h2.events.SettingsAcknowledged
+   :members:
+
+.. autoclass:: h2.events.PriorityUpdated
+   :members:
+
+.. autoclass:: h2.events.ConnectionTerminated
+   :members:
+
+.. autoclass:: h2.events.AlternativeServiceAvailable
+   :members:
+
+.. autoclass:: h2.events.UnknownFrameReceived
+   :members:
+
+
+Exceptions
+----------
+
+.. autoclass:: h2.exceptions.H2Error
+   :members:
+
+.. autoclass:: h2.exceptions.NoSuchStreamError
+   :show-inheritance:
+   :members:
+
+.. autoclass:: h2.exceptions.StreamClosedError
+   :show-inheritance:
+   :members:
+
+.. autoclass:: h2.exceptions.RFC1122Error
+   :show-inheritance:
+   :members:
+
+
+Protocol Errors
+~~~~~~~~~~~~~~~
+
+.. autoclass:: h2.exceptions.ProtocolError
+   :show-inheritance:
+   :members:
+
+.. autoclass:: h2.exceptions.FrameTooLargeError
+   :show-inheritance:
+   :members:
+
+.. autoclass:: h2.exceptions.FrameDataMissingError
+   :show-inheritance:
+   :members:
+
+.. autoclass:: h2.exceptions.TooManyStreamsError
+   :show-inheritance:
+   :members:
+
+.. autoclass:: h2.exceptions.FlowControlError
+   :show-inheritance:
+   :members:
+
+.. autoclass:: h2.exceptions.StreamIDTooLowError
+   :show-inheritance:
+   :members:
+
+.. autoclass:: h2.exceptions.InvalidSettingsValueError
+   :members:
+
+.. autoclass:: h2.exceptions.NoAvailableStreamIDError
+   :show-inheritance:
+   :members:
+
+.. autoclass:: h2.exceptions.InvalidBodyLengthError
+   :show-inheritance:
+   :members:
+
+.. autoclass:: h2.exceptions.UnsupportedFrameError
+   :members:
+
+.. autoclass:: h2.exceptions.DenialOfServiceError
+   :show-inheritance:
+   :members:
+
+
+HTTP/2 Error Codes
+------------------
+
+.. automodule:: h2.errors
+   :members:
+
+
+Settings
+--------
+
+.. autoclass:: h2.settings.SettingCodes
+   :members:
+
+.. autoclass:: h2.settings.Settings
+   :inherited-members:
+
+.. autoclass:: h2.settings.ChangedSetting
+   :members:
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/asyncio-example.rst b/testing/web-platform/tests/tools/third_party/h2/docs/source/asyncio-example.rst
new file mode 100644
index 0000000000..d3afbfd051
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/asyncio-example.rst
@@ -0,0 +1,17 @@
+Asyncio Example Server
+======================
+
+This example is a basic HTTP/2 server written using `asyncio`_, using some
+functionality that was introduced in Python 3.5. This server represents
+basically just the same JSON-headers-returning server that was built in the
+:doc:`basic-usage` document.
+
+This example demonstrates some basic asyncio techniques.
+
+.. literalinclude:: ../../examples/asyncio/asyncio-server.py
+   :language: python
+   :linenos:
+   :encoding: utf-8
+
+
+.. _asyncio: https://docs.python.org/3/library/asyncio.html
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/basic-usage.rst b/testing/web-platform/tests/tools/third_party/h2/docs/source/basic-usage.rst
new file mode 100644
index 0000000000..b9aab6c6cf
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/basic-usage.rst
@@ -0,0 +1,746 @@
+Getting Started: Writing Your Own HTTP/2 Server
+===============================================
+
+This document explains how to get started writing fully-fledged HTTP/2
+implementations using Hyper-h2 as the underlying protocol stack. It covers the
+basic concepts you need to understand, and talks you through writing a very
+simple HTTP/2 server.
+
+This document assumes you're moderately familiar with writing Python, and have
+*some* understanding of how computer networks work. If you don't, you'll find
+it a lot easier if you get some understanding of those concepts first and then
+return to this documentation.
+
+
+.. _h2-connection-basic:
+
+Connections
+-----------
+
+Hyper-h2's core object is the
+:class:`H2Connection <h2.connection.H2Connection>` object. This object is an
+abstract representation of the state of a single HTTP/2 connection, and holds
+all the important protocol state. When using Hyper-h2, this object will be the
+first thing you create and the object that does most of the heavy lifting.
+
+The interface to this object is relatively simple. For sending data, you
+call the object with methods indicating what actions you want to perform: for
+example, you may want to send headers (you'd use the
+:meth:`send_headers <h2.connection.H2Connection.send_headers>` method), or
+send data (you'd use the
+:meth:`send_data <h2.connection.H2Connection.send_data>` method). After you've
+decided what actions you want to perform, you get some bytes out of the object
+that represent the HTTP/2-encoded representation of your actions, and send them
+out over the network however you see fit.
+
+When you receive data from the network, you pass that data in to the
+``H2Connection`` object, which returns a list of *events*.
+These events, covered in more detail later in :ref:`h2-events-basic`, define
+the set of actions the remote peer has performed on the connection, as
+represented by the HTTP/2-encoded data you just passed to the object.
+
+Thus, you end up with a simple loop (which you may recognise as a more-specific
+form of an `event loop`_):
+
+    1. First, you perform some actions.
+    2. You send the data created by performing those actions to the network.
+    3. You read data from the network.
+    4. You decode those into events.
+    5. The events cause you to trigger some actions: go back to step 1.
+
+Of course, HTTP/2 is more complex than that, but in the very simplest case you
+can write a fairly effective HTTP/2 tool using just that kind of loop. Later in
+this document, we'll do just that.
+
+Some important subtleties of ``H2Connection`` objects are covered in
+:doc:`advanced-usage`: see :ref:`h2-connection-advanced` for more information.
+However, one subtlety should be covered, and that is this: Hyper-h2's
+``H2Connection`` object doesn't do I/O. Let's talk briefly about why.
+
+I/O
+~~~
+
+Any useful HTTP/2 tool eventually needs to do I/O. This is because it's not
+very useful to be able to speak to other computers using a protocol like HTTP/2
+unless you actually *speak* to them sometimes.
+
+However, doing I/O is not a trivial thing: there are lots of different ways to
+do it, and once you choose a way to do it your code usually won't work well
+with the approaches you *didn't* choose.
+
+While there are lots of different ways to do I/O, when it comes down to it
+all HTTP/2 implementations transform bytes received into events, and events
+into bytes to send. So there's no reason to have lots of different versions of
+this core protocol code: one for Twisted, one for gevent, one for threading,
+and one for synchronous code.
+
+This is why we said at the top that Hyper-h2 is a *HTTP/2 Protocol Stack*, not
+a *fully-fledged implementation*. Hyper-h2 knows how to transform bytes into
+events and back, but that's it. The I/O and smarts might be different, but
+the core HTTP/2 logic is the same: that's what Hyper-h2 provides.
+
+Not doing I/O makes Hyper-h2 general, and also relatively simple. It has an
+easy-to-understand performance envelope, it's easy to test (and as a result
+easy to get correct behaviour out of), and it behaves in a reproducible way.
+These are all great traits to have in a library that is doing something quite
+complex.
+
+This document will talk you through how to build a relatively simple HTTP/2
+implementation using Hyper-h2, to give you an understanding of where it fits in
+your software.
+
+
+.. _h2-events-basic:
+
+Events
+------
+
+When writing a HTTP/2 implementation it's important to know what the remote
+peer is doing: if you didn't care, writing networked programs would be a lot
+easier!
+
+Hyper-h2 encodes the actions of the remote peer in the form of *events*. When
+you receive data from the remote peer and pass it into your ``H2Connection``
+object (see :ref:`h2-connection-basic`), the ``H2Connection`` returns a list
+of objects, each one representing a single event that has occurred. Each
+event refers to a single action the remote peer has taken.
+
+Some events are fairly high-level, referring to things that are more general
+than HTTP/2: for example, the
+:class:`RequestReceived <h2.events.RequestReceived>` event is a general HTTP
+concept, not just a HTTP/2 one. Other events are extremely HTTP/2-specific:
+for example, :class:`PushedStreamReceived <h2.events.PushedStreamReceived>`
+refers to Server Push, a very HTTP/2-specific concept.
+
+The reason these events exist is that Hyper-h2 is intended to be very general.
+This means that, in many cases, Hyper-h2 does not know exactly what to do in
+response to an event. Your code will need to handle these events, and make
+decisions about what to do. That's the major role of any HTTP/2 implementation
+built on top of Hyper-h2.
+
+A full list of events is available in :ref:`h2-events-api`. For the purposes
+of this example, we will handle only a small set of events.
+
+
+Writing Your Server
+-------------------
+
+Armed with the knowledge you just obtained, we're going to write a very simple
+HTTP/2 web server. The goal of this server is to write a server that can handle
+a HTTP GET, and that returns the headers sent by the client, encoded in JSON.
+Basically, something a lot like `httpbin.org/get`_. Nothing fancy, but this is
+a good way to get a handle on how you should interact with Hyper-h2.
+
+For the sake of simplicity, we're going to write this using the Python standard
+library, in Python 3. In reality, you'll probably want to use an asynchronous
+framework of some kind: see the `examples directory`_ in the repository for
+some examples of how you'd do that.
+
+Before we start, create a new file called ``h2server.py``: we'll use that as
+our workspace. Additionally, you should install Hyper-h2: follow the
+instructions in :doc:`installation`.
+
+Step 1: Sockets
+~~~~~~~~~~~~~~~
+
+To begin with, we need to make sure we can listen for incoming data and send it
+back. To do that, we need to use the `standard library's socket module`_. For
+now we're going to skip doing TLS: if you want to reach your server from your
+web browser, though, you'll need to add TLS and some other function. Consider
+looking at our examples in our `examples directory`_ instead.
+
+Let's begin. First, open up ``h2server.py``. We need to import the socket
+module and start listening for connections.
+
+This is not a socket tutorial, so we're not going to dive too deeply into how
+this works. If you want more detail about sockets, there are lots of good
+tutorials on the web that you should investigate.
+
+When you want to listen for incoming connections, the you need to *bind* an
+address first. So let's do that. Try setting up your file to look like this:
+
+.. code-block:: python
+
+    import socket
+
+    sock = socket.socket()
+    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+    sock.bind(('0.0.0.0', 8080))
+    sock.listen(5)
+
+    while True:
+        print(sock.accept())
+
+In a shell window, execute this program (``python h2server.py``). Then, open
+another shell and run ``curl http://localhost:8080/``. In the first shell, you
+should see something like this:
+
+.. code-block:: console
+
+    $ python h2server.py
+    (<socket.socket fd=4, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('127.0.0.1', 8080), raddr=('127.0.0.1', 58800)>, ('127.0.0.1', 58800))
+
+Run that ``curl`` command a few more times. You should see a few more similar
+lines appear. Note that the ``curl`` command itself will exit with an error.
+That's fine: it happens because we didn't send any data.
+
+Now go ahead and stop the server running by hitting Ctrl+C in the first shell.
+You should see a ``KeyboardInterrupt`` error take the process down.
+
+What's the program above doing? Well, first it creates a
+:func:`socket <python:socket.socket>` object. This socket is then *bound* to
+a specific address: ``('0.0.0.0', 8080)``. This is a special address: it means
+that this socket should be listening for any traffic to TCP port 8080. Don't
+worry about the call to ``setsockopt``: it just makes sure you can run this
+program repeatedly.
+
+We then loop forever calling the :meth:`accept <python:socket.socket.accept>`
+method on the socket. The accept method blocks until someone attempts to
+connect to our TCP port: when they do, it returns a tuple: the first element is
+a new socket object, the second element is a tuple of the address the new
+connection is from. You can see this in the output from our ``h2server.py``
+script.
+
+At this point, we have a script that can accept inbound connections. This is a
+good start! Let's start getting HTTP/2 involved.
+
+
+Step 2: Add a H2Connection
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Now that we can listen for socket information, we want to prepare our HTTP/2
+connection object and start handing it data. For now, let's just see what
+happens as we feed it data.
+
+To make HTTP/2 connections, we need a tool that knows how to speak HTTP/2.
+Most versions of curl in the wild don't, so let's install a Python tool. In
+your Python environment, run ``pip install hyper``. This will install a Python
+command-line HTTP/2 tool called ``hyper``. To confirm that it works, try
+running this command and verifying that the output looks similar to the one
+shown below:
+
+.. code-block:: console
+
+    $ hyper GET https://nghttp2.org/httpbin/get
+    {'args': {},
+     'headers': {'Host': 'nghttp2.org'},
+     'origin': '10.0.0.2',
+     'url': 'https://nghttp2.org/httpbin/get'}
+
+Assuming it works, you're now ready to start sending HTTP/2 data.
+
+Back in our ``h2server.py`` script, we're going to want to start handling data.
+Let's add a function that takes a socket returned from ``accept``, and reads
+data from it. Let's call that function ``handle``. That function should create
+a :class:`H2Connection <h2.connection.H2Connection>` object and then loop on
+the socket, reading data and passing it to the connection.
+
+To read data from a socket we need to call ``recv``. The ``recv`` function
+takes a number as its argument, which is the *maximum* amount of data to be
+returned from a single call (note that ``recv`` will return as soon as any data
+is available, even if that amount is vastly less than the number you passed to
+it). For the purposes of writing this kind of software the specific value is
+not enormously useful, but should not be overly large. For that reason, when
+you're unsure, a number like 4096 or 65535 is a good bet. We'll use 65535 for
+this example.
+
+The function should look something like this:
+
+.. code-block:: python
+
+    import h2.connection
+    import h2.config
+
+    def handle(sock):
+        config = h2.config.H2Configuration(client_side=False)
+        conn = h2.connection.H2Connection(config=config)
+
+        while True:
+            data = sock.recv(65535)
+            print(conn.receive_data(data))
+
+Let's update our main loop so that it passes data on to our new data handling
+function. Your ``h2server.py`` should end up looking a like this:
+
+.. code-block:: python
+
+    import socket
+
+    import h2.connection
+    import h2.config
+
+    def handle(sock):
+        config = h2.config.H2Configuration(client_side=False)
+        conn = h2.connection.H2Connection(config=config)
+
+        while True:
+            data = sock.recv(65535)
+            if not data:
+                break
+
+            print(conn.receive_data(data))
+
+
+    sock = socket.socket()
+    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+    sock.bind(('0.0.0.0', 8080))
+    sock.listen(5)
+
+    while True:
+        handle(sock.accept()[0])
+
+Running that in one shell, in your other shell you can run
+``hyper --h2 GET http://localhost:8080/``. That shell should hang, and you
+should then see the following output from your ``h2server.py`` shell:
+
+.. code-block:: console
+
+    $ python h2server.py
+    [<h2.events.RemoteSettingsChanged object at 0x10c4ee390>]
+
+You'll then need to kill ``hyper`` and ``h2server.py`` with Ctrl+C. Feel free
+to do this a few times, to see how things behave.
+
+So, what did we see here? When the connection was opened, we used the
+:meth:`recv <python:socket.socket.recv>` method to read some data from the
+socket, in a loop. We then passed that data to the connection object, which
+returned us a single event object:
+:class:`RemoteSettingsChanged <h2.events.RemoteSettingsChanged>`.
+
+But what we didn't see was anything else. So it seems like all ``hyper`` did
+was change its settings, but nothing else. If you look at the other ``hyper``
+window, you'll notice that it hangs for a while and then eventually fails with
+a socket timeout. It was waiting for something: what?
+
+Well, it turns out that at the start of a connection, both sides need to send
+a bit of data, called "the HTTP/2 preamble". We don't need to get into too much
+detail here, but basically both sides need to send a single block of HTTP/2
+data that tells the other side what their settings are. ``hyper`` did that,
+but we didn't.
+
+Let's do that next.
+
+
+Step 3: Sending the Preamble
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Hyper-h2 makes doing connection setup really easy. All you need to do is call
+the
+:meth:`initiate_connection <h2.connection.H2Connection.initiate_connection>`
+method, and then send the corresponding data. Let's update our ``handle``
+function to do just that:
+
+.. code-block:: python
+
+    def handle(sock):
+        config = h2.config.H2Configuration(client_side=False)
+        conn = h2.connection.H2Connection(config=config)
+        conn.initiate_connection()
+        sock.sendall(conn.data_to_send())
+
+        while True:
+            data = sock.recv(65535)
+            print(conn.receive_data(data))
+
+
+The big change here is the call to ``initiate_connection``, but there's another
+new method in there:
+:meth:`data_to_send <h2.connection.H2Connection.data_to_send>`.
+
+When you make function calls on your ``H2Connection`` object, these will often
+want to cause HTTP/2 data to be written out to the network. But Hyper-h2
+doesn't do any I/O, so it can't do that itself. Instead, it writes it to an
+internal buffer. You can retrieve data from this buffer using the
+``data_to_send`` method. There are some subtleties about that method, but we
+don't need to worry about them right now: all we need to do is make sure we're
+sending whatever data is outstanding.
+
+Your ``h2server.py`` script should now look like this:
+
+.. code-block:: python
+
+    import socket
+
+    import h2.connection
+    import h2.config
+
+    def handle(sock):
+        config = h2.config.H2Configuration(client_side=False)
+        conn = h2.connection.H2Connection(config=config)
+        conn.initiate_connection()
+        sock.sendall(conn.data_to_send())
+
+        while True:
+            data = sock.recv(65535)
+            if not data:
+                break
+
+            print(conn.receive_data(data))
+
+
+    sock = socket.socket()
+    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+    sock.bind(('0.0.0.0', 8080))
+    sock.listen(5)
+
+    while True:
+        handle(sock.accept()[0])
+
+
+With this change made, rerun your ``h2server.py`` script and hit it with the
+same ``hyper`` command: ``hyper --h2 GET http://localhost:8080/``. The
+``hyper`` command still hangs, but this time we get a bit more output from our
+``h2server.py`` script:
+
+.. code-block:: console
+
+    $ python h2server.py
+    [<h2.events.RemoteSettingsChanged object at 0x10292d390>]
+    [<h2.events.SettingsAcknowledged object at 0x102b3a160>]
+    [<h2.events.RequestReceived object at 0x102b3a3c8>, <h2.events.StreamEnded object at 0x102b3a400>]
+
+So, what's happening?
+
+The first thing to note is that we're going around our loop more than once now.
+First, we receive some data that triggers a
+:class:`RemoteSettingsChanged <h2.events.RemoteSettingsChanged>` event.
+Then, we get some more data that triggers a
+:class:`SettingsAcknowledged <h2.events.SettingsAcknowledged>` event.
+Finally, even more data that triggers *two* events:
+:class:`RequestReceived <h2.events.RequestReceived>` and
+:class:`StreamEnded <h2.events.StreamEnded>`.
+
+So, what's happening is that ``hyper`` is telling us about its settings,
+acknowledging ours, and then sending us a request. Then it ends a *stream*,
+which is a HTTP/2 communications channel that holds a request and response
+pair.
+
+A stream isn't done until it's either *reset* or both sides *close* it:
+in this sense it's bi-directional. So what the ``StreamEnded`` event tells us
+is that ``hyper`` is closing its half of the stream: it won't send us any more
+data on that stream. That means the request is done.
+
+So why is ``hyper`` hanging? Well, we haven't sent a response yet: let's do
+that.
+
+
+Step 4: Handling Events
+~~~~~~~~~~~~~~~~~~~~~~~
+
+What we want to do is send a response when we receive a request. Happily, we
+get an event when we receive a request, so we can use that to be our signal.
+
+Let's define a new function that sends a response. For now, this response can
+just be a little bit of data that prints "it works!".
+
+The function should take the ``H2Connection`` object, and the event that
+signaled the request. Let's define it.
+
+.. code-block:: python
+
+    def send_response(conn, event):
+        stream_id = event.stream_id
+        conn.send_headers(
+            stream_id=stream_id,
+            headers=[
+                (':status', '200'),
+                ('server', 'basic-h2-server/1.0')
+            ],
+        )
+        conn.send_data(
+            stream_id=stream_id,
+            data=b'it works!',
+            end_stream=True
+        )
+
+So while this is only a short function, there's quite a lot going on here we
+need to unpack. Firstly, what's a stream ID? Earlier we discussed streams
+briefly, to say that they're a bi-directional communications channel that holds
+a request and response pair. Part of what makes HTTP/2 great is that there can
+be lots of streams going on at once, sending and receiving different requests
+and responses. To identify each stream, we use a *stream ID*. These are unique
+across the lifetime of a connection, and they go in ascending order.
+
+Most ``H2Connection`` functions take a stream ID: they require you to actively
+tell the connection which one to use. In this case, as a simple server, we will
+never need to choose a stream ID ourselves: the client will always choose one
+for us. That means we'll always be able to get the one we need off the events
+that fire.
+
+Next, we send some *headers*. In HTTP/2, a response is made up of some set of
+headers, and optionally some data. The headers have to come first: if you're a
+client then you'll be sending *request* headers, but in our case these headers
+are our *response* headers.
+
+Mostly these aren't very exciting, but you'll notice once special header in
+there: ``:status``. This is a HTTP/2-specific header, and it's used to hold the
+HTTP status code that used to go at the top of a HTTP response. Here, we're
+saying the response is ``200 OK``, which is successful.
+
+To send headers in Hyper-h2, you use the
+:meth:`send_headers <h2.connection.H2Connection.send_headers>` function.
+
+Next, we want to send the body data. To do that, we use the
+:meth:`send_data <h2.connection.H2Connection.send_data>` function. This also
+takes a stream ID. Note that the data is binary: Hyper-h2 does not work with
+unicode strings, so you *must* pass bytestrings to the ``H2Connection``. The
+one exception is headers: Hyper-h2 will automatically encode those into UTF-8.
+
+The last thing to note is that on our call to ``send_data``, we set
+``end_stream`` to ``True``. This tells Hyper-h2 (and the remote peer) that
+we're done with sending data: the response is over. Because we know that
+``hyper`` will have ended its side of the stream, when we end ours the stream
+will be totally done with.
+
+We're nearly ready to go with this: we just need to plumb this function in.
+Let's amend our ``handle`` function again:
+
+.. code-block:: python
+
+    import h2.events
+    import h2.config
+
+    def handle(sock):
+        config = h2.config.H2Configuration(client_side=False)
+        conn = h2.connection.H2Connection(config=config)
+        conn.initiate_connection()
+        sock.sendall(conn.data_to_send())
+
+        while True:
+            data = sock.recv(65535)
+            if not data:
+                break
+
+            events = conn.receive_data(data)
+            for event in events:
+                if isinstance(event, h2.events.RequestReceived):
+                    send_response(conn, event)
+
+            data_to_send = conn.data_to_send()
+            if data_to_send:
+                sock.sendall(data_to_send)
+
+The changes here are all at the end. Now, when we receive some events, we
+look through them for the ``RequestReceived`` event. If we find it, we make
+sure we send a response.
+
+Then, at the bottom of the loop we check whether we have any data to send, and
+if we do, we send it. Then, we repeat again.
+
+With these changes, your ``h2server.py`` file should look like this:
+
+.. code-block:: python
+
+    import socket
+
+    import h2.connection
+    import h2.events
+    import h2.config
+
+    def send_response(conn, event):
+        stream_id = event.stream_id
+        conn.send_headers(
+            stream_id=stream_id,
+            headers=[
+                (':status', '200'),
+                ('server', 'basic-h2-server/1.0')
+            ],
+        )
+        conn.send_data(
+            stream_id=stream_id,
+            data=b'it works!',
+            end_stream=True
+        )
+
+    def handle(sock):
+        config = h2.config.H2Configuration(client_side=False)
+        conn = h2.connection.H2Connection(config=config)
+        conn.initiate_connection()
+        sock.sendall(conn.data_to_send())
+
+        while True:
+            data = sock.recv(65535)
+            if not data:
+                break
+
+            events = conn.receive_data(data)
+            for event in events:
+                if isinstance(event, h2.events.RequestReceived):
+                    send_response(conn, event)
+
+            data_to_send = conn.data_to_send()
+            if data_to_send:
+                sock.sendall(data_to_send)
+
+
+    sock = socket.socket()
+    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+    sock.bind(('0.0.0.0', 8080))
+    sock.listen(5)
+
+    while True:
+        handle(sock.accept()[0])
+
+Alright. Let's run this, and then run our ``hyper`` command again.
+
+This time, nothing is printed from our server, and the ``hyper`` side prints
+``it works!``. Success! Try running it a few more times, and we can see that
+not only does it work the first time, it works the other times too!
+
+We can speak HTTP/2! Let's add the final step: returning the JSON-encoded
+request headers.
+
+Step 5: Returning Headers
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If we want to return the request headers in JSON, the first thing we have to do
+is find them. Handily, if you check the documentation for
+:class:`RequestReceived <h2.events.RequestReceived>` you'll find that this
+event carries, in addition to the stream ID, the request headers.
+
+This means we can make a really simple change to our ``send_response``
+function to take those headers and encode them as a JSON object. Let's do that:
+
+.. code-block:: python
+
+    import json
+
+    def send_response(conn, event):
+        stream_id = event.stream_id
+        response_data = json.dumps(dict(event.headers)).encode('utf-8')
+
+        conn.send_headers(
+            stream_id=stream_id,
+            headers=[
+                (':status', '200'),
+                ('server', 'basic-h2-server/1.0'),
+                ('content-length', str(len(response_data))),
+                ('content-type', 'application/json'),
+            ],
+        )
+        conn.send_data(
+            stream_id=stream_id,
+            data=response_data,
+            end_stream=True
+        )
+
+This is a really simple change, but it's all we need to do: a few extra headers
+and the JSON dump, but that's it.
+
+Section 6: Bringing It All Together
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This should be all we need!
+
+Let's take all the work we just did and throw that into our ``h2server.py``
+file, which should now look like this:
+
+.. code-block:: python
+
+    import json
+    import socket
+
+    import h2.connection
+    import h2.events
+    import h2.config
+
+    def send_response(conn, event):
+        stream_id = event.stream_id
+        response_data = json.dumps(dict(event.headers)).encode('utf-8')
+
+        conn.send_headers(
+            stream_id=stream_id,
+            headers=[
+                (':status', '200'),
+                ('server', 'basic-h2-server/1.0'),
+                ('content-length', str(len(response_data))),
+                ('content-type', 'application/json'),
+            ],
+        )
+        conn.send_data(
+            stream_id=stream_id,
+            data=response_data,
+            end_stream=True
+        )
+
+    def handle(sock):
+        config = h2.config.H2Configuration(client_side=False)
+        conn = h2.connection.H2Connection(config=config)
+        conn.initiate_connection()
+        sock.sendall(conn.data_to_send())
+
+        while True:
+            data = sock.recv(65535)
+            if not data:
+                break
+
+            events = conn.receive_data(data)
+            for event in events:
+                if isinstance(event, h2.events.RequestReceived):
+                    send_response(conn, event)
+
+            data_to_send = conn.data_to_send()
+            if data_to_send:
+                sock.sendall(data_to_send)
+
+
+    sock = socket.socket()
+    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+    sock.bind(('0.0.0.0', 8080))
+    sock.listen(5)
+
+    while True:
+        handle(sock.accept()[0])
+
+Now, execute ``h2server.py`` and then point ``hyper`` at it again. You should
+see something like the following output from ``hyper``:
+
+.. code-block:: console
+
+    $ hyper --h2 GET http://localhost:8080/
+    {":scheme": "http", ":authority": "localhost", ":method": "GET", ":path": "/"}
+
+Here you can see the HTTP/2 request 'special headers' that ``hyper`` sends.
+These are similar to the ``:status`` header we have to send on our response:
+they encode important parts of the HTTP request in a clearly-defined way. If
+you were writing a client stack using Hyper-h2, you'd need to make sure you
+were sending those headers.
+
+Congratulations!
+~~~~~~~~~~~~~~~~
+
+Congratulations! You've written your first HTTP/2 server! If you want to extend
+it, there are a few directions you could investigate:
+
+- We didn't handle a few events that we saw were being raised: you could add
+  some methods to handle those appropriately.
+- Right now our server is single threaded, so it can only handle one client at
+  a time. Consider rewriting this server to use threads, or writing this
+  server again using your favourite asynchronous programming framework.
+
+  If you plan to use threads, you should know that a ``H2Connection`` object is
+  deliberately not thread-safe. As a possible design pattern, consider creating
+  threads and passing the sockets returned by ``accept`` to those threads, and
+  then letting those threads create their own ``H2Connection`` objects.
+- Take a look at some of our long-form code examples in :doc:`examples`.
+- Alternatively, try playing around with our examples in our repository's
+  `examples directory`_. These examples are a bit more fully-featured, and can
+  be reached from your web browser. Try adjusting what they do, or adding new
+  features to them!
+- You may want to make this server reachable from your web browser. To do that,
+  you'll need to add proper TLS support to your server. This can be tricky, and
+  in many cases requires `PyOpenSSL`_ in addition to the other libraries you
+  have installed. Check the `Eventlet example`_ to see what PyOpenSSL code is
+  required to TLS-ify your server.
+
+
+
+.. _event loop: https://en.wikipedia.org/wiki/Event_loop
+.. _httpbin.org/get: https://httpbin.org/get
+.. _examples directory: https://github.com/python-hyper/hyper-h2/tree/master/examples
+.. _standard library's socket module: https://docs.python.org/3.5/library/socket.html
+.. _Application Layer Protocol Negotiation: https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation
+.. _get your certificate here: https://raw.githubusercontent.com/python-hyper/hyper-h2/master/examples/twisted/server.crt
+.. _get your private key here: https://raw.githubusercontent.com/python-hyper/hyper-h2/master/examples/twisted/server.key
+.. _PyOpenSSL: http://pyopenssl.readthedocs.org/
+.. _Eventlet example: https://github.com/python-hyper/hyper-h2/blob/master/examples/eventlet/eventlet-server.py
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/conf.py b/testing/web-platform/tests/tools/third_party/h2/docs/source/conf.py
new file mode 100644
index 0000000000..a15a214634
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/conf.py
@@ -0,0 +1,270 @@
+# -*- coding: utf-8 -*-
+#
+# hyper-h2 documentation build configuration file, created by
+# sphinx-quickstart on Thu Sep 17 10:06:02 2015.
+#
+# This file is execfile()d with the current directory set to its
+# containing dir.
+#
+# Note that not all possible configuration values are present in this
+# autogenerated file.
+#
+# All configuration values have a default; values that are commented out
+# serve to show the default.
+
+import sys
+import os
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+sys.path.insert(0, os.path.abspath('../..'))
+
+# -- General configuration ------------------------------------------------
+
+# If your documentation needs a minimal Sphinx version, state it here.
+#needs_sphinx = '1.0'
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+extensions = [
+    'sphinx.ext.autodoc',
+    'sphinx.ext.intersphinx',
+    'sphinx.ext.viewcode',
+]
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ['_templates']
+
+# The suffix of source filenames.
+source_suffix = '.rst'
+
+# The encoding of source files.
+#source_encoding = 'utf-8-sig'
+
+# The master toctree document.
+master_doc = 'index'
+
+# General information about the project.
+project = u'hyper-h2'
+copyright = u'2015, Cory Benfield'
+
+# The version info for the project you're documenting, acts as replacement for
+# |version| and |release|, also used in various other places throughout the
+# built documents.
+#
+# The short X.Y version.
+version = '3.2.0'
+# The full version, including alpha/beta/rc tags.
+release = '3.2.0'
+
+# The language for content autogenerated by Sphinx. Refer to documentation
+# for a list of supported languages.
+#language = None
+
+# There are two options for replacing |today|: either, you set today to some
+# non-false value, then it is used:
+#today = ''
+# Else, today_fmt is used as the format for a strftime call.
+#today_fmt = '%B %d, %Y'
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+exclude_patterns = []
+
+# The reST default role (used for this markup: `text`) to use for all
+# documents.
+#default_role = None
+
+# If true, '()' will be appended to :func: etc. cross-reference text.
+#add_function_parentheses = True
+
+# If true, the current module name will be prepended to all description
+# unit titles (such as .. function::).
+#add_module_names = True
+
+# If true, sectionauthor and moduleauthor directives will be shown in the
+# output. They are ignored by default.
+#show_authors = False
+
+# The name of the Pygments (syntax highlighting) style to use.
+pygments_style = 'sphinx'
+
+# A list of ignored prefixes for module index sorting.
+#modindex_common_prefix = []
+
+# If true, keep warnings as "system message" paragraphs in the built documents.
+#keep_warnings = False
+
+
+# -- Options for HTML output ----------------------------------------------
+
+# The theme to use for HTML and HTML Help pages.  See the documentation for
+# a list of builtin themes.
+html_theme = 'default'
+
+# Theme options are theme-specific and customize the look and feel of a theme
+# further.  For a list of options available for each theme, see the
+# documentation.
+#html_theme_options = {}
+
+# Add any paths that contain custom themes here, relative to this directory.
+#html_theme_path = []
+
+# The name for this set of Sphinx documents.  If None, it defaults to
+# "<project> v<release> documentation".
+#html_title = None
+
+# A shorter title for the navigation bar.  Default is the same as html_title.
+#html_short_title = None
+
+# The name of an image file (relative to this directory) to place at the top
+# of the sidebar.
+#html_logo = None
+
+# The name of an image file (within the static path) to use as favicon of the
+# docs.  This file should be a Windows icon file (.ico) being 16x16 or 32x32
+# pixels large.
+#html_favicon = None
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+html_static_path = ['_static']
+
+# Add any extra paths that contain custom files (such as robots.txt or
+# .htaccess) here, relative to this directory. These files are copied
+# directly to the root of the documentation.
+#html_extra_path = []
+
+# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
+# using the given strftime format.
+#html_last_updated_fmt = '%b %d, %Y'
+
+# If true, SmartyPants will be used to convert quotes and dashes to
+# typographically correct entities.
+#html_use_smartypants = True
+
+# Custom sidebar templates, maps document names to template names.
+#html_sidebars = {}
+
+# Additional templates that should be rendered to pages, maps page names to
+# template names.
+#html_additional_pages = {}
+
+# If false, no module index is generated.
+#html_domain_indices = True
+
+# If false, no index is generated.
+#html_use_index = True
+
+# If true, the index is split into individual pages for each letter.
+#html_split_index = False
+
+# If true, links to the reST sources are added to the pages.
+#html_show_sourcelink = True
+
+# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
+#html_show_sphinx = True
+
+# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
+#html_show_copyright = True
+
+# If true, an OpenSearch description file will be output, and all pages will
+# contain a <link> tag referring to it.  The value of this option must be the
+# base URL from which the finished HTML is served.
+#html_use_opensearch = ''
+
+# This is the file name suffix for HTML files (e.g. ".xhtml").
+#html_file_suffix = None
+
+# Output file base name for HTML help builder.
+htmlhelp_basename = 'hyper-h2doc'
+
+
+# -- Options for LaTeX output ---------------------------------------------
+
+latex_elements = {
+# The paper size ('letterpaper' or 'a4paper').
+#'papersize': 'letterpaper',
+
+# The font size ('10pt', '11pt' or '12pt').
+#'pointsize': '10pt',
+
+# Additional stuff for the LaTeX preamble.
+#'preamble': '',
+}
+
+# Grouping the document tree into LaTeX files. List of tuples
+# (source start file, target name, title,
+#  author, documentclass [howto, manual, or own class]).
+latex_documents = [
+  ('index', 'hyper-h2.tex', u'hyper-h2 Documentation',
+   u'Cory Benfield', 'manual'),
+]
+
+# The name of an image file (relative to this directory) to place at the top of
+# the title page.
+#latex_logo = None
+
+# For "manual" documents, if this is true, then toplevel headings are parts,
+# not chapters.
+#latex_use_parts = False
+
+# If true, show page references after internal links.
+#latex_show_pagerefs = False
+
+# If true, show URL addresses after external links.
+#latex_show_urls = False
+
+# Documents to append as an appendix to all manuals.
+#latex_appendices = []
+
+# If false, no module index is generated.
+#latex_domain_indices = True
+
+
+# -- Options for manual page output ---------------------------------------
+
+# One entry per manual page. List of tuples
+# (source start file, name, description, authors, manual section).
+man_pages = [
+    ('index', 'hyper-h2', u'hyper-h2 Documentation',
+     [u'Cory Benfield'], 1)
+]
+
+# If true, show URL addresses after external links.
+#man_show_urls = False
+
+
+# -- Options for Texinfo output -------------------------------------------
+
+# Grouping the document tree into Texinfo files. List of tuples
+# (source start file, target name, title, author,
+#  dir menu entry, description, category)
+texinfo_documents = [
+  ('index', 'hyper-h2', u'hyper-h2 Documentation',
+   u'Cory Benfield', 'hyper-h2', 'One line description of project.',
+   'Miscellaneous'),
+]
+
+# Documents to append as an appendix to all manuals.
+#texinfo_appendices = []
+
+# If false, no module index is generated.
+#texinfo_domain_indices = True
+
+# How to display URL addresses: 'footnote', 'no', or 'inline'.
+#texinfo_show_urls = 'footnote'
+
+# If true, do not generate a @detailmenu in the "Top" node's menu.
+#texinfo_no_detailmenu = False
+
+
+# Example configuration for intersphinx: refer to the Python standard library.
+intersphinx_mapping = {
+    'python': ('https://docs.python.org/3.5/', None),
+    'hpack': ('https://python-hyper.org/hpack/en/stable/', None),
+    'pyopenssl': ('https://pyopenssl.readthedocs.org/en/latest/', None),
+}
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/contributors.rst b/testing/web-platform/tests/tools/third_party/h2/docs/source/contributors.rst
new file mode 100644
index 0000000000..d84c791f6d
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/contributors.rst
@@ -0,0 +1,4 @@
+Contributors
+============
+
+.. include:: ../../CONTRIBUTORS.rst
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/curio-example.rst b/testing/web-platform/tests/tools/third_party/h2/docs/source/curio-example.rst
new file mode 100644
index 0000000000..7cdb61608a
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/curio-example.rst
@@ -0,0 +1,17 @@
+Curio Example Server
+====================
+
+This example is a basic HTTP/2 server written using `curio`_, David Beazley's
+example of how to build a concurrent networking framework using Python 3.5's
+new ``async``/``await`` syntax.
+
+This example is notable for demonstrating the correct use of HTTP/2 flow
+control with Hyper-h2. It is also a good example of the brand new syntax.
+
+.. literalinclude:: ../../examples/curio/curio-server.py
+   :language: python
+   :linenos:
+   :encoding: utf-8
+
+
+.. _curio: https://curio.readthedocs.org/en/latest/
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/eventlet-example.rst b/testing/web-platform/tests/tools/third_party/h2/docs/source/eventlet-example.rst
new file mode 100644
index 0000000000..a23b5e248f
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/eventlet-example.rst
@@ -0,0 +1,19 @@
+Eventlet Example Server
+=======================
+
+This example is a basic HTTP/2 server written using the `eventlet`_ concurrent
+networking framework. This example is notable for demonstrating how to
+configure `PyOpenSSL`_, which `eventlet`_ uses for its TLS layer.
+
+In terms of HTTP/2 functionality, this example is very simple: it returns the
+request headers as a JSON document to the caller. It does not obey HTTP/2 flow
+control, which is a flaw, but it is otherwise functional.
+
+.. literalinclude:: ../../examples/eventlet/eventlet-server.py
+   :language: python
+   :linenos:
+   :encoding: utf-8
+
+
+.. _eventlet: http://eventlet.net/
+.. _PyOpenSSL: https://pyopenssl.readthedocs.org/en/stable/
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/examples.rst b/testing/web-platform/tests/tools/third_party/h2/docs/source/examples.rst
new file mode 100644
index 0000000000..ed7c5037bb
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/examples.rst
@@ -0,0 +1,28 @@
+Code Examples
+=============
+
+This section of the documentation contains long-form code examples. These are
+intended as references for developers that would like to get an understanding
+of how Hyper-h2 fits in with various Python I/O frameworks.
+
+Example Servers
+---------------
+
+.. toctree::
+   :maxdepth: 2
+
+   asyncio-example
+   twisted-example
+   eventlet-example
+   curio-example
+   tornado-example
+   wsgi-example
+
+Example Clients
+---------------
+
+.. toctree::
+   :maxdepth: 2
+
+   twisted-head-example
+   twisted-post-example
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/index.rst b/testing/web-platform/tests/tools/third_party/h2/docs/source/index.rst
new file mode 100644
index 0000000000..be85dec7c3
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/index.rst
@@ -0,0 +1,41 @@
+.. hyper-h2 documentation master file, created by
+   sphinx-quickstart on Thu Sep 17 10:06:02 2015.
+   You can adapt this file completely to your liking, but it should at least
+   contain the root `toctree` directive.
+
+Hyper-h2: A pure-Python HTTP/2 protocol stack
+=============================================
+
+Hyper-h2 is a HTTP/2 protocol stack, written entirely in Python. The goal of
+Hyper-h2 is to be a common HTTP/2 stack for the Python ecosystem,
+usable in all programs regardless of concurrency model or environment.
+
+To achieve this, Hyper-h2 is entirely self-contained: it does no I/O of any
+kind, leaving that up to a wrapper library to control. This ensures that it can
+seamlessly work in all kinds of environments, from single-threaded code to
+Twisted.
+
+Its goal is to be 100% compatible with RFC 7540, implementing a complete HTTP/2
+protocol stack build on a set of finite state machines. Its secondary goals are
+to be fast, clear, and efficient.
+
+For usage examples, see :doc:`basic-usage` or consult the examples in the
+repository.
+
+Contents
+--------
+
+.. toctree::
+   :maxdepth: 2
+
+   installation
+   basic-usage
+   negotiating-http2
+   examples
+   advanced-usage
+   low-level
+   api
+   testimonials
+   release-process
+   release-notes
+   contributors
\ No newline at end of file
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/installation.rst b/testing/web-platform/tests/tools/third_party/h2/docs/source/installation.rst
new file mode 100644
index 0000000000..683085f97b
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/installation.rst
@@ -0,0 +1,18 @@
+Installation
+============
+
+Hyper-h2 is a pure-python project. This means installing it is extremely
+simple. To get the latest release from PyPI, simply run:
+
+.. code-block:: console
+
+    $ pip install h2
+
+Alternatively, feel free to download one of the release tarballs from
+`our GitHub page`_, extract it to your favourite directory, and then run
+
+.. code-block:: console
+
+    $ python setup.py install
+
+.. _our GitHub page: https://github.com/python-hyper/hyper-h2
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/low-level.rst b/testing/web-platform/tests/tools/third_party/h2/docs/source/low-level.rst
new file mode 100644
index 0000000000..824ba8e6ea
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/low-level.rst
@@ -0,0 +1,159 @@
+Low-Level Details
+=================
+
+.. warning:: This section of the documentation covers low-level implementation
+             details of hyper-h2. This is most likely to be of use to hyper-h2
+             developers and to other HTTP/2 implementers, though it could well
+             be of general interest. Feel free to peruse it, but if you're
+             looking for information about how to *use* hyper-h2 you should
+             consider looking elsewhere.
+
+State Machines
+--------------
+
+hyper-h2 is fundamentally built on top of a pair of interacting Finite State
+Machines. One of these FSMs manages per-connection state, and another manages
+per-stream state. Almost without exception (see :ref:`priority` for more
+details) every single frame is unconditionally translated into events for
+both state machines and those state machines are turned.
+
+The advantages of a system such as this is that the finite state machines can
+very densely encode the kinds of things that are allowed at any particular
+moment in a HTTP/2 connection. However, most importantly, almost all protocols
+are defined *in terms* of finite state machines: that is, protocol descriptions
+can be reduced to a number of states and inputs. That makes FSMs a very natural
+tool for implementing protocol stacks.
+
+Indeed, most protocol implementations that do not explicitly encode a finite
+state machine almost always *implicitly* encode a finite state machine, by
+using classes with a bunch of variables that amount to state-tracking
+variables, or by using the call-stack as an implicit state tracking mechanism.
+While these methods are not immediately problematic, they tend to lack
+*explicitness*, and can lead to subtle bugs of the form "protocol action X is
+incorrectly allowed in state Y".
+
+For these reasons, we have implemented two *explicit* finite state machines.
+These machines aim to encode most of the protocol-specific state, in particular
+regarding what frame is allowed at what time. This target goal is sometimes not
+achieved: in particular, as of this writing the *stream* FSM contains a number
+of other state variables that really ought to be rolled into the state machine
+itself in the form of new states, or in the form of a transformation of the
+FSM to use state *vectors* instead of state *scalars*.
+
+The following sections contain some implementers notes on these FSMs.
+
+Connection State Machine
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+The "outer" state machine, the first one that is encountered when sending or
+receiving data, is the connection state machine. This state machine tracks
+whole-connection state.
+
+This state machine is primarily intended to forbid certain actions on the basis
+of whether the implementation is acting as a client or a server. For example,
+clients are not permitted to send ``PUSH_PROMISE`` frames: this state machine
+forbids that by refusing to define a valid transition from the ``CLIENT_OPEN``
+state for the ``SEND_PUSH_PROMISE`` event.
+
+Otherwise, this particular state machine triggers no side-effects. It has a
+very coarse, high-level, functionality.
+
+A visual representation of this FSM is shown below:
+
+.. image:: _static/h2.connection.H2ConnectionStateMachine.dot.png
+   :alt: A visual representation of the connection FSM.
+   :target: _static/h2.connection.H2ConnectionStateMachine.dot.png
+
+
+.. _stream-state-machine:
+
+Stream State Machine
+~~~~~~~~~~~~~~~~~~~~
+
+Once the connection state machine has been spun, any frame that belongs to a
+stream is passed to the stream state machine for its given stream. Each stream
+has its own instance of the state machine, but all of them share the transition
+table: this is because the table itself is sufficiently large that having it be
+per-instance would be a ridiculous memory overhead.
+
+Unlike the connection state machine, the stream state machine is quite complex.
+This is because it frequently needs to encode some side-effects. The most
+common side-effect is emitting a ``RST_STREAM`` frame when an error is
+encountered: the need to do this means that far more transitions need to be
+encoded than for the connection state machine.
+
+Many of the side-effect functions in this state machine also raise
+:class:`ProtocolError <h2.exceptions.ProtocolError>` exceptions. This is almost
+always done on the basis of an extra state variable, which is an annoying code
+smell: it should always be possible for the state machine itself to police
+these using explicit state management. A future refactor will hopefully address
+this problem by making these additional state variables part of the state
+definitions in the FSM, which will lead to an expansion of the number of states
+but a greater degree of simplicity in understanding and tracking what is going
+on in the state machine.
+
+The other action taken by the side-effect functions defined here is returning
+:ref:`events <h2-events-basic>`. Most of these events are returned directly to
+the user, and reflect the specific state transition that has taken place, but
+some of the events are purely *internal*: they are used to signal to other
+parts of the hyper-h2 codebase what action has been taken.
+
+The major use of the internal events functionality at this time is for
+validating header blocks: there are different rules for request headers than
+there are for response headers, and different rules again for trailers. The
+internal events are used to determine *exactly what* kind of data the user is
+attempting to send, and using that information to do the correct kind of
+validation. This approach ensures that the final source of truth about what's
+happening at the protocol level lives inside the FSM, which is an extremely
+important design principle we want to continue to enshrine in hyper-h2.
+
+A visual representation of this FSM is shown below:
+
+.. image:: _static/h2.stream.H2StreamStateMachine.dot.png
+   :alt: A visual representation of the stream FSM.
+   :target: _static/h2.stream.H2StreamStateMachine.dot.png
+
+
+.. _priority:
+
+Priority
+~~~~~~~~
+
+In the :ref:`stream-state-machine` section we said that any frame that belongs
+to a stream is passed to the stream state machine. This turns out to be not
+quite true.
+
+Specifically, while ``PRIORITY`` frames are technically sent on a given stream
+(that is, `RFC 7540 Section 6.3`_ defines them as "always identifying a stream"
+and forbids the use of stream ID ``0`` for them), in practice they are almost
+completely exempt from the usual stream FSM behaviour. Specifically, the RFC
+has this to say:
+
+    The ``PRIORITY`` frame can be sent on a stream in any state, though it
+    cannot be sent between consecutive frames that comprise a single
+    header block (Section 4.3).
+
+Given that the consecutive header block requirement is handled outside of the
+FSMs, this section of the RFC essentially means that there is *never* a
+situation where it is invalid to receive a ``PRIORITY`` frame. This means that
+including it in the stream FSM would require that we allow ``SEND_PRIORITY``
+and ``RECV_PRIORITY`` in all states.
+
+This is not a totally onerous task: however, another key note is that hyper-h2
+uses the *absence* of a stream state machine to flag a closed stream. This is
+primarily for memory conservation reasons: if we needed to keep around an FSM
+for every stream we've ever seen, that would cause long-lived HTTP/2
+connections to consume increasingly large amounts of memory. On top of this,
+it would require us to create a stream FSM each time we received a ``PRIORITY``
+frame for a given stream, giving a malicious peer an easy route to force a
+hyper-h2 user to allocate nearly unbounded amounts of memory.
+
+For this reason, hyper-h2 circumvents the stream FSM entirely for ``PRIORITY``
+frames. Instead, these frames are treated as being connection-level frames that
+*just happen* to identify a specific stream. They do not bring streams into
+being, or in any sense interact with hyper-h2's view of streams. Their stream
+details are treated as strictly metadata that hyper-h2 is not interested in
+beyond being able to parse it out.
+
+
+.. _RFC 7540 Section 6.3: https://tools.ietf.org/html/rfc7540#section-6.3
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/negotiating-http2.rst b/testing/web-platform/tests/tools/third_party/h2/docs/source/negotiating-http2.rst
new file mode 100644
index 0000000000..20d58a71f1
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/negotiating-http2.rst
@@ -0,0 +1,103 @@
+Negotiating HTTP/2
+==================
+
+`RFC 7540`_ specifies three methods of negotiating HTTP/2 connections. This document outlines how to use Hyper-h2 with each one.
+
+.. _starting-alpn:
+
+HTTPS URLs (ALPN)
+-------------------------
+
+Starting HTTP/2 for HTTPS URLs is outlined in `RFC 7540 Section 3.3`_. In this case, the client and server use a TLS extension to negotiate HTTP/2: `ALPN`_. How to use ALPN is currently not covered in this document: please consult the documentation for either the :mod:`ssl module <python:ssl>` in the standard library, or the :mod:`PyOpenSSL <pyopenssl:OpenSSL.SSL>` third-party modules, for more on this topic.
+
+This method is the simplest to use once the TLS connection is established. To use it with Hyper-h2, after you've established the connection and confirmed that HTTP/2 has been negotiated with `ALPN`_, create a :class:`H2Connection <h2.connection.H2Connection>` object and call :meth:`H2Connection.initiate_connection <h2.connection.H2Connection.initiate_connection>`. This will ensure that the appropriate preamble data is placed in the data buffer. You should then immediately send the data returned by :meth:`H2Connection.data_to_send <h2.connection.H2Connection.data_to_send>` on your TLS connection.
+
+At this point, you're free to use all the HTTP/2 functionality provided by Hyper-h2.
+
+.. note::
+   Although Hyper-h2 is not concerned with negotiating protocol versions, it is important to note that support for `ALPN`_ is not available in the standard library of Python versions < 2.7.9.
+   As a consequence, clients may encounter various errors due to protocol versions mismatch.
+
+Server Setup Example
+~~~~~~~~~~~~~~~~~~~~
+
+This example uses the APIs as defined in Python 3.5. If you are using an older version of Python you may not have access to the APIs used here. As noted above, please consult the documentation for the :mod:`ssl module <python:ssl>` to confirm.
+
+.. literalinclude:: ../../examples/fragments/server_https_setup_fragment.py
+   :language: python
+   :linenos:
+   :encoding: utf-8
+
+
+Client Setup Example
+~~~~~~~~~~~~~~~~~~~~
+
+The client example is very similar to the server example above. The :class:`SSLContext <python:ssl.SSLContext>` object requires some minor changes, as does the :class:`H2Connection <h2.connection.H2Connection>`, but the bulk of the code is the same.
+
+.. literalinclude:: ../../examples/fragments/client_https_setup_fragment.py
+   :language: python
+   :linenos:
+   :encoding: utf-8
+
+
+.. _starting-upgrade:
+
+HTTP URLs (Upgrade)
+-------------------
+
+Starting HTTP/2 for HTTP URLs is outlined in `RFC 7540 Section 3.2`_. In this case, the client and server use the HTTP Upgrade mechanism originally described in `RFC 7230 Section 6.7`_. The client sends its initial HTTP/1.1 request with two extra headers. The first is ``Upgrade: h2c``, which requests upgrade to cleartext HTTP/2. The second is a ``HTTP2-Settings`` header, which contains a specially formatted string that encodes a HTTP/2 Settings frame.
+
+To do this with Hyper-h2 you have two slightly different flows: one for clients, one for servers.
+
+Clients
+~~~~~~~
+
+For a client, when sending the first request you should manually add your ``Upgrade`` header. You should then create a :class:`H2Connection <h2.connection.H2Connection>` object and call :meth:`H2Connection.initiate_upgrade_connection <h2.connection.H2Connection.initiate_upgrade_connection>` with no arguments. This method will return a bytestring to use as the value of your ``HTTP2-Settings`` header.
+
+If the server returns a ``101`` status code, it has accepted the upgrade, and you should immediately send the data returned by :meth:`H2Connection.data_to_send <h2.connection.H2Connection.data_to_send>`. Now you should consume the entire ``101`` header block. All data after the ``101`` header block is HTTP/2 data that should be fed directly to :meth:`H2Connection.receive_data <h2.connection.H2Connection.receive_data>` and handled as normal with Hyper-h2.
+
+If the server does not return a ``101`` status code then it is not upgrading. Continue with HTTP/1.1 as normal: you may throw away your :class:`H2Connection <h2.connection.H2Connection>` object, as it is of no further use.
+
+The server will respond to your original request in HTTP/2. Please pay attention to the events received from Hyper-h2, as they will define the server's response.
+
+Client Example
+^^^^^^^^^^^^^^
+
+The code below demonstrates how to handle a plaintext upgrade from the perspective of the client. For the purposes of keeping the example code as simple and generic as possible it uses the synchronous socket API that comes with the Python standard library: if you want to use asynchronous I/O, you will need to translate this code to the appropriate idiom.
+
+.. literalinclude:: ../../examples/fragments/client_upgrade_fragment.py
+   :language: python
+   :linenos:
+   :encoding: utf-8
+
+
+Servers
+~~~~~~~
+
+If the first request you receive on a connection from the client contains an ``Upgrade`` header with the ``h2c`` token in it, and you're willing to upgrade, you should create a :class:`H2Connection <h2.connection.H2Connection>` object and call :meth:`H2Connection.initiate_upgrade_connection <h2.connection.H2Connection.initiate_upgrade_connection>` with the value of the ``HTTP2-Settings`` header (as a bytestring) as the only argument.
+
+Then, you should send back a ``101`` response that contains ``h2c`` in the ``Upgrade`` header. That response will inform the client that you're switching to HTTP/2. Then, you should immediately send the data that is returned to you by :meth:`H2Connection.data_to_send <h2.connection.H2Connection.data_to_send>` on the connection: this is a necessary part of the HTTP/2 upgrade process.
+
+At this point, you may now respond to the original HTTP/1.1 request in HTTP/2 by calling the appropriate methods on the :class:`H2Connection <h2.connection.H2Connection>` object. No further HTTP/1.1 may be sent on this connection: from this point onward, all data sent by you and the client will be HTTP/2 data.
+
+Server Example
+^^^^^^^^^^^^^^
+
+The code below demonstrates how to handle a plaintext upgrade from the perspective of the server. For the purposes of keeping the example code as simple and generic as possible it uses the synchronous socket API that comes with the Python standard library: if you want to use asynchronous I/O, you will need to translate this code to the appropriate idiom.
+
+.. literalinclude:: ../../examples/fragments/server_upgrade_fragment.py
+   :language: python
+   :linenos:
+   :encoding: utf-8
+
+
+Prior Knowledge
+---------------
+
+It's possible that you as a client know that a particular server supports HTTP/2, and that you do not need to perform any of the negotiations described above. In that case, you may follow the steps in :ref:`starting-alpn`, ignoring all references to ALPN: there's no need to perform the upgrade dance described in :ref:`starting-upgrade`.
+
+.. _RFC 7540: https://tools.ietf.org/html/rfc7540
+.. _RFC 7540 Section 3.2: https://tools.ietf.org/html/rfc7540#section-3.2
+.. _RFC 7540 Section 3.3: https://tools.ietf.org/html/rfc7540#section-3.3
+.. _ALPN: https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation
+.. _RFC 7230 Section 6.7: https://tools.ietf.org/html/rfc7230#section-6.7
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/release-notes.rst b/testing/web-platform/tests/tools/third_party/h2/docs/source/release-notes.rst
new file mode 100644
index 0000000000..fa425f1fef
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/release-notes.rst
@@ -0,0 +1,101 @@
+Release Notes
+=============
+
+This document contains release notes for Hyper-h2. In addition to the
+:ref:`detailed-release-notes` found at the bottom of this document, this
+document also includes a high-level prose overview of each major release after
+1.0.0.
+
+High Level Notes
+----------------
+
+3.0.0: 24 March 2017
+~~~~~~~~~~~~~~~~~~~~
+
+The Hyper-h2 team and the Hyper project are delighted to announce the release
+of Hyper-h2 version 3.0.0! Unlike the really notable 2.0.0 release, this
+release is proportionally quite small: however, it has the effect of removing a
+lot of cruft and complexity that has built up in the codebase over the lifetime
+of the v2 release series.
+
+This release was motivated primarily by discovering that applications that
+attempted to use both HTTP/1.1 and HTTP/2 using hyper-h2 would encounter
+problems with cookies, because hyper-h2 did not join together cookie headers as
+required by RFC 7540. Normally adding such behaviour would be a non-breaking
+change, but we previously had no flags to prevent normalization of received
+HTTP headers.
+
+Because it makes no sense for the cookie to be split *by default*, we needed to
+add a controlling flag and set it to true. The breaking nature of this change
+is very subtle, and it's possible most users would never notice, but
+nevertheless it *is* a breaking change and we need to treat it as such.
+
+Happily, we can take this opportunity to finalise a bunch of deprecations we'd
+made over the past year. The v2 release series was long-lived and successful,
+having had a series of releases across the past year-and-a-bit, and the Hyper
+team are very proud of it. However, it's time to open a new chapter, and remove
+the deprecated code.
+
+The past year has been enormously productive for the Hyper team. A total of 30
+v2 releases were made, an enormous amount of work. A good number of people have
+made their first contribution in this time, more than I can thank reasonably
+without taking up an unreasonable amount of space in this document, so instead
+I invite you to check out `our awesome contributor list`_.
+
+We're looking forward to the next chapter in hyper-h2: it's been a fun ride so
+far, and we hope even more of you come along and join in the fun over the next
+year!
+
+.. _our awesome contributor list: https://github.com/python-hyper/hyper-h2/graphs/contributors
+
+
+2.0.0: 25 January 2016
+~~~~~~~~~~~~~~~~~~~~~~
+
+The Hyper-h2 team and the Hyper project are delighted to announce the release
+of Hyper-h2 version 2.0.0! This is an enormous release that contains a gigantic
+collection of new features and fixes, with the goal of making it easier than
+ever to use Hyper-h2 to build a compliant HTTP/2 server or client.
+
+An enormous chunk of this work has been focused on tighter enforcement of
+restrictions in RFC 7540, ensuring that we correctly police the actions of
+remote peers, and error appropriately when those peers violate the
+specification. Several of these constitute breaking changes, because data that
+was previously received and handled without obvious error now raises
+``ProtocolError`` exceptions and causes the connection to be terminated.
+
+Additionally, the public API was cleaned up and had several helper methods that
+had been inavertently exposed removed from the public API. The team wants to
+stress that while Hyper-h2 follows semantic versioning, the guarantees of
+semver apply only to the public API as documented in :doc:`api`. Reducing the
+surface area of these APIs makes it easier for us to continue to ensure that
+the guarantees of semver are respected on our public API.
+
+We also attempted to clear up some of the warts that had appeared in the API,
+and add features that are helpful for implementing HTTP/2 endpoints. For
+example, the :class:`H2Connection <h2.connection.H2Connection>` object now
+exposes a method for generating the next stream ID that your client or server
+can use to initiate a connection (:meth:`get_next_available_stream_id
+<h2.connection.H2Connection.get_next_available_stream_id>`). We also removed
+some needless return values that were guaranteed to return empty lists, which
+were an attempt to make a forward-looking guarantee that was entirely unneeded.
+
+Altogether, this has been an extremely productive period for Hyper-h2, and a
+lot of great work has been done by the community. To that end, we'd also like
+to extend a great thankyou to those contributors who made their first contribution
+to the project between release 1.0.0 and 2.0.0. Many thanks to:
+`Thomas Kriechbaumer`_, `Alex Chan`_, `Maximilian Hils`_, and `Glyph`_. For a
+full historical list of contributors, see :doc:`contributors`.
+
+We're looking forward to the next few months of Python HTTP/2 work, and hoping
+that you'll find lots of excellent HTTP/2 applications to build with Hyper-h2!
+
+
+.. _Thomas Kriechbaumer: https://github.com/Kriechi
+.. _Alex Chan: https://github.com/alexwlchan
+.. _Maximilian Hils: https://github.com/mhils
+.. _Glyph: https://github.com/glyph
+
+
+.. _detailed-release-notes:
+.. include:: ../../HISTORY.rst
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/release-process.rst b/testing/web-platform/tests/tools/third_party/h2/docs/source/release-process.rst
new file mode 100644
index 0000000000..e7b46064d5
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/release-process.rst
@@ -0,0 +1,56 @@
+Release Process
+===============
+
+Because of Hyper-h2's place at the bottom of the dependency tree, it is
+extremely important that the project maintains a diligent release schedule.
+This document outlines our process for managing releases.
+
+Versioning
+----------
+
+Hyper-h2 follows `semantic versioning`_ of its public API when it comes to
+numbering releases. The public API of Hyper-h2 is strictly limited to the
+entities listed in the :doc:`api` documentation: anything not mentioned in that
+document is not considered part of the public API and is not covered by the
+versioning guarantees given by semantic versioning.
+
+Maintenance
+-----------
+
+Hyper-h2 has the notion of a "release series", given by a major and minor
+version number: for example, there is the 2.1 release series. When each minor
+release is made and a release series is born, a branch is made off the release
+tag: for example, for the 2.1 release series, the 2.1.X branch.
+
+All changes merged into the master branch will be evaluated for whether they
+can be considered 'bugfixes' only (that is, they do not affect the public API).
+If they can, they will also be cherry-picked back to all active maintenance
+branches that require the bugfix. If the bugfix is not necessary, because the
+branch in question is unaffected by that bug, the bugfix will not be
+backported.
+
+Supported Release Series'
+-------------------------
+
+The developers of Hyper-h2 commit to supporting the following release series:
+
+- The most recent, as identified by the first two numbers in the highest
+  version currently released.
+- The immediately prior release series.
+
+The only exception to this policy is that no release series earlier than the
+2.1 series will be supported. In this context, "supported" means that they will
+continue to receive bugfix releases.
+
+For releases other than the ones identified above, no support is guaranteed.
+The developers may *choose* to support such a release series, but they do not
+promise to.
+
+The exception here is for security vulnerabilities. If a security vulnerability
+is identified in an out-of-support release series, the developers will do their
+best to patch it and issue an emergency release. For more information, see
+`our security documentation`_.
+
+
+.. _semantic versioning: http://semver.org/
+.. _our security documentation: http://python-hyper.org/en/latest/security.html
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/testimonials.rst b/testing/web-platform/tests/tools/third_party/h2/docs/source/testimonials.rst
new file mode 100644
index 0000000000..ec32fb9572
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/testimonials.rst
@@ -0,0 +1,9 @@
+Testimonials
+============
+
+Glyph Lefkowitz
+~~~~~~~~~~~~~~~
+
+Frankly, Hyper-h2 is almost SURREAL in how well-factored and decoupled the implementation is from I/O.  If libraries in the Python ecosystem looked like this generally, Twisted would be a much better platform than it is.  (Frankly, most of Twisted's _own_ protocol implementations should aspire to such cleanliness.)
+
+(`Source <https://twistedmatrix.com/pipermail/twisted-python/2015-November/029894.html>`_)
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/tornado-example.rst b/testing/web-platform/tests/tools/third_party/h2/docs/source/tornado-example.rst
new file mode 100644
index 0000000000..c7a80713a1
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/tornado-example.rst
@@ -0,0 +1,16 @@
+Tornado Example Server
+======================
+
+This example is a basic HTTP/2 server written using the `Tornado`_ asynchronous
+networking library.
+
+The server returns the request headers as a JSON document to the caller, just
+like the example from the :doc:`basic-usage` document.
+
+.. literalinclude:: ../../examples/tornado/tornado-server.py
+   :language: python
+   :linenos:
+   :encoding: utf-8
+
+
+.. _Tornado: http://www.tornadoweb.org/
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/twisted-example.rst b/testing/web-platform/tests/tools/third_party/h2/docs/source/twisted-example.rst
new file mode 100644
index 0000000000..10d111628b
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/twisted-example.rst
@@ -0,0 +1,18 @@
+Twisted Example Server
+======================
+
+This example is a basic HTTP/2 server written for the `Twisted`_ asynchronous
+networking framework. This is a relatively fleshed out example, and in
+particular it makes sure to obey HTTP/2 flow control rules.
+
+This server differs from some of the other example servers by serving files,
+rather than simply sending JSON responses. This makes the example lengthier,
+but also brings it closer to a real-world use-case.
+
+.. literalinclude:: ../../examples/twisted/twisted-server.py
+   :language: python
+   :linenos:
+   :encoding: utf-8
+
+
+.. _Twisted: https://twistedmatrix.com/
\ No newline at end of file
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/twisted-head-example.rst b/testing/web-platform/tests/tools/third_party/h2/docs/source/twisted-head-example.rst
new file mode 100644
index 0000000000..df93b144e7
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/twisted-head-example.rst
@@ -0,0 +1,17 @@
+Twisted Example Client: Head Requests
+=====================================
+
+This example is a basic HTTP/2 client written for the `Twisted`_ asynchronous
+networking framework.
+
+This client is fairly simple: it makes a hard-coded HEAD request to
+nghttp2.org/httpbin/ and prints out the response data. Its purpose is to demonstrate
+how to write a very basic HTTP/2 client implementation.
+
+.. literalinclude:: ../../examples/twisted/head_request.py
+   :language: python
+   :linenos:
+   :encoding: utf-8
+
+
+.. _Twisted: https://twistedmatrix.com/
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/twisted-post-example.rst b/testing/web-platform/tests/tools/third_party/h2/docs/source/twisted-post-example.rst
new file mode 100644
index 0000000000..7e3aba41a3
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/twisted-post-example.rst
@@ -0,0 +1,18 @@
+Twisted Example Client: Post Requests
+=====================================
+
+This example is a basic HTTP/2 client written for the `Twisted`_ asynchronous
+networking framework.
+
+This client is fairly simple: it makes a hard-coded POST request to
+nghttp2.org/httpbin/post and prints out the response data, sending a file that is provided
+on the command line or the script itself. Its purpose is to demonstrate how to
+write a HTTP/2 client implementation that handles flow control.
+
+.. literalinclude:: ../../examples/twisted/post_request.py
+   :language: python
+   :linenos:
+   :encoding: utf-8
+
+
+.. _Twisted: https://twistedmatrix.com/
diff --git a/testing/web-platform/tests/tools/third_party/h2/docs/source/wsgi-example.rst b/testing/web-platform/tests/tools/third_party/h2/docs/source/wsgi-example.rst
new file mode 100644
index 0000000000..82513899b2
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/docs/source/wsgi-example.rst
@@ -0,0 +1,23 @@
+Example HTTP/2-only WSGI Server
+===============================
+
+This example is a more complex HTTP/2 server that acts as a WSGI server,
+passing data to an arbitrary WSGI application. This example is written using
+`asyncio`_. The server supports most of PEP-3333, and so could in principle be
+used as a production WSGI server: however, that's *not recommended* as certain
+shortcuts have been taken to ensure ease of implementation and understanding.
+
+The main advantages of this example are:
+
+1. It properly demonstrates HTTP/2 flow control management.
+2. It demonstrates how to plug hyper-h2 into a larger, more complex
+   application.
+
+
+.. literalinclude:: ../../examples/asyncio/wsgi-server.py
+   :language: python
+   :linenos:
+   :encoding: utf-8
+
+
+.. _asyncio: https://docs.python.org/3/library/asyncio.html
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/asyncio/asyncio-server.py b/testing/web-platform/tests/tools/third_party/h2/examples/asyncio/asyncio-server.py
new file mode 100644
index 0000000000..278774644b
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/asyncio/asyncio-server.py
@@ -0,0 +1,210 @@
+# -*- coding: utf-8 -*-
+"""
+asyncio-server.py
+~~~~~~~~~~~~~~~~~
+
+A fully-functional HTTP/2 server using asyncio. Requires Python 3.5+.
+
+This example demonstrates handling requests with bodies, as well as handling
+those without. In particular, it demonstrates the fact that DataReceived may
+be called multiple times, and that applications must handle that possibility.
+"""
+import asyncio
+import io
+import json
+import ssl
+import collections
+from typing import List, Tuple
+
+from h2.config import H2Configuration
+from h2.connection import H2Connection
+from h2.events import (
+    ConnectionTerminated, DataReceived, RemoteSettingsChanged,
+    RequestReceived, StreamEnded, StreamReset, WindowUpdated
+)
+from h2.errors import ErrorCodes
+from h2.exceptions import ProtocolError, StreamClosedError
+from h2.settings import SettingCodes
+
+
+RequestData = collections.namedtuple('RequestData', ['headers', 'data'])
+
+
+class H2Protocol(asyncio.Protocol):
+    def __init__(self):
+        config = H2Configuration(client_side=False, header_encoding='utf-8')
+        self.conn = H2Connection(config=config)
+        self.transport = None
+        self.stream_data = {}
+        self.flow_control_futures = {}
+
+    def connection_made(self, transport: asyncio.Transport):
+        self.transport = transport
+        self.conn.initiate_connection()
+        self.transport.write(self.conn.data_to_send())
+
+    def connection_lost(self, exc):
+        for future in self.flow_control_futures.values():
+            future.cancel()
+        self.flow_control_futures = {}
+
+    def data_received(self, data: bytes):
+        try:
+            events = self.conn.receive_data(data)
+        except ProtocolError as e:
+            self.transport.write(self.conn.data_to_send())
+            self.transport.close()
+        else:
+            self.transport.write(self.conn.data_to_send())
+            for event in events:
+                if isinstance(event, RequestReceived):
+                    self.request_received(event.headers, event.stream_id)
+                elif isinstance(event, DataReceived):
+                    self.receive_data(event.data, event.stream_id)
+                elif isinstance(event, StreamEnded):
+                    self.stream_complete(event.stream_id)
+                elif isinstance(event, ConnectionTerminated):
+                    self.transport.close()
+                elif isinstance(event, StreamReset):
+                    self.stream_reset(event.stream_id)
+                elif isinstance(event, WindowUpdated):
+                    self.window_updated(event.stream_id, event.delta)
+                elif isinstance(event, RemoteSettingsChanged):
+                    if SettingCodes.INITIAL_WINDOW_SIZE in event.changed_settings:
+                        self.window_updated(None, 0)
+
+                self.transport.write(self.conn.data_to_send())
+
+    def request_received(self, headers: List[Tuple[str, str]], stream_id: int):
+        headers = collections.OrderedDict(headers)
+        method = headers[':method']
+
+        # Store off the request data.
+        request_data = RequestData(headers, io.BytesIO())
+        self.stream_data[stream_id] = request_data
+
+    def stream_complete(self, stream_id: int):
+        """
+        When a stream is complete, we can send our response.
+        """
+        try:
+            request_data = self.stream_data[stream_id]
+        except KeyError:
+            # Just return, we probably 405'd this already
+            return
+
+        headers = request_data.headers
+        body = request_data.data.getvalue().decode('utf-8')
+
+        data = json.dumps(
+            {"headers": headers, "body": body}, indent=4
+        ).encode("utf8")
+
+        response_headers = (
+            (':status', '200'),
+            ('content-type', 'application/json'),
+            ('content-length', str(len(data))),
+            ('server', 'asyncio-h2'),
+        )
+        self.conn.send_headers(stream_id, response_headers)
+        asyncio.ensure_future(self.send_data(data, stream_id))
+
+    def receive_data(self, data: bytes, stream_id: int):
+        """
+        We've received some data on a stream. If that stream is one we're
+        expecting data on, save it off. Otherwise, reset the stream.
+        """
+        try:
+            stream_data = self.stream_data[stream_id]
+        except KeyError:
+            self.conn.reset_stream(
+                stream_id, error_code=ErrorCodes.PROTOCOL_ERROR
+            )
+        else:
+            stream_data.data.write(data)
+
+    def stream_reset(self, stream_id):
+        """
+        A stream reset was sent. Stop sending data.
+        """
+        if stream_id in self.flow_control_futures:
+            future = self.flow_control_futures.pop(stream_id)
+            future.cancel()
+
+    async def send_data(self, data, stream_id):
+        """
+        Send data according to the flow control rules.
+        """
+        while data:
+            while self.conn.local_flow_control_window(stream_id) < 1:
+                try:
+                    await self.wait_for_flow_control(stream_id)
+                except asyncio.CancelledError:
+                    return
+
+            chunk_size = min(
+                self.conn.local_flow_control_window(stream_id),
+                len(data),
+                self.conn.max_outbound_frame_size,
+            )
+
+            try:
+                self.conn.send_data(
+                    stream_id,
+                    data[:chunk_size],
+                    end_stream=(chunk_size == len(data))
+                )
+            except (StreamClosedError, ProtocolError):
+                # The stream got closed and we didn't get told. We're done
+                # here.
+                break
+
+            self.transport.write(self.conn.data_to_send())
+            data = data[chunk_size:]
+
+    async def wait_for_flow_control(self, stream_id):
+        """
+        Waits for a Future that fires when the flow control window is opened.
+        """
+        f = asyncio.Future()
+        self.flow_control_futures[stream_id] = f
+        await f
+
+    def window_updated(self, stream_id, delta):
+        """
+        A window update frame was received. Unblock some number of flow control
+        Futures.
+        """
+        if stream_id and stream_id in self.flow_control_futures:
+            f = self.flow_control_futures.pop(stream_id)
+            f.set_result(delta)
+        elif not stream_id:
+            for f in self.flow_control_futures.values():
+                f.set_result(delta)
+
+            self.flow_control_futures = {}
+
+
+ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+ssl_context.options |= (
+    ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_COMPRESSION
+)
+ssl_context.load_cert_chain(certfile="cert.crt", keyfile="cert.key")
+ssl_context.set_alpn_protocols(["h2"])
+
+loop = asyncio.get_event_loop()
+# Each client connection will create a new protocol instance
+coro = loop.create_server(H2Protocol, '127.0.0.1', 8443, ssl=ssl_context)
+server = loop.run_until_complete(coro)
+
+# Serve requests until Ctrl+C is pressed
+print('Serving on {}'.format(server.sockets[0].getsockname()))
+try:
+    loop.run_forever()
+except KeyboardInterrupt:
+    pass
+
+# Close the server
+server.close()
+loop.run_until_complete(server.wait_closed())
+loop.close()
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/asyncio/cert.crt b/testing/web-platform/tests/tools/third_party/h2/examples/asyncio/cert.crt
new file mode 100644
index 0000000000..d6cf7d504d
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/asyncio/cert.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhTCCAm2gAwIBAgIJAOrxh0dOYJLdMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNTA5MTkxNDE2
+NDRaFw0xNTEwMTkxNDE2NDRaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l
+LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV
+BAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMqt
+A1iu8EN00FU0eBcBGlLVmNEgV7Jkbukra+kwS8j/U2y50QPGJc/FiIVDfuBqk5dL
+ACTNc6A/FQcXvWmOc5ixmC3QKKasMpuofqKz0V9C6irZdYXZ9rcsW0gHQIr989yd
+R+N1VbIlEVW/T9FJL3B2UD9GVIkUELzm47CSOWZvAxQUlsx8CUNuUCWqyZJoqTFN
+j0LeJDOWGCsug1Pkj0Q1x+jMVL6l6Zf6vMkLNOMsOsWsxUk+0L3tl/OzcTgUOCsw
+UzY59RIi6Rudrp0oaU8NuHr91yiSqPbKFlX10M9KwEEdnIpcxhND3dacrDycj3ux
+eWlqKync2vOFUkhwiaMCAwEAAaNQME4wHQYDVR0OBBYEFA0PN+PGoofZ+QIys2Jy
+1Zz94vBOMB8GA1UdIwQYMBaAFA0PN+PGoofZ+QIys2Jy1Zz94vBOMAwGA1UdEwQF
+MAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEplethBoPpcP3EbR5Rz6snDDIcbtAJu
+Ngd0YZppGT+P0DYnPJva4vRG3bb84ZMSuppz5j67qD6DdWte8UXhK8BzWiHzwmQE
+QmbKyzzTMKQgTNFntpx5cgsSvTtrHpNYoMHzHOmyAOboNeM0DWiRXsYLkWTitLTN
+qbOpstwPubExbT9lPjLclntShT/lCupt+zsbnrR9YiqlYFY/fDzfAybZhrD5GMBY
+XdMPItwAc/sWvH31yztarjkLmld76AGCcO5r8cSR/cX98SicyfjOBbSco8GkjYNY
+582gTPkKGYpStuN7GNT5tZmxvMq935HRa2XZvlAIe8ufp8EHVoYiF3c=
+-----END CERTIFICATE-----
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/asyncio/cert.key b/testing/web-platform/tests/tools/third_party/h2/examples/asyncio/cert.key
new file mode 100644
index 0000000000..bda69e836c
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/asyncio/cert.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAyq0DWK7wQ3TQVTR4FwEaUtWY0SBXsmRu6Str6TBLyP9TbLnR
+A8Ylz8WIhUN+4GqTl0sAJM1zoD8VBxe9aY5zmLGYLdAopqwym6h+orPRX0LqKtl1
+hdn2tyxbSAdAiv3z3J1H43VVsiURVb9P0UkvcHZQP0ZUiRQQvObjsJI5Zm8DFBSW
+zHwJQ25QJarJkmipMU2PQt4kM5YYKy6DU+SPRDXH6MxUvqXpl/q8yQs04yw6xazF
+ST7Qve2X87NxOBQ4KzBTNjn1EiLpG52unShpTw24ev3XKJKo9soWVfXQz0rAQR2c
+ilzGE0Pd1pysPJyPe7F5aWorKdza84VSSHCJowIDAQABAoIBACp+nh4BB/VMz8Wd
+q7Q/EfLeQB1Q57JKpoqTBRwueSVai3ZXe4CMEi9/HkG6xiZtkiZ9njkZLq4hq9oB
+2z//kzMnwV2RsIRJxI6ohGy+wR51HD4BvEdlTPpY/Yabpqe92VyfSYxidKZWaU0O
+QMED1EODOw4ZQ+4928iPrJu//PMB4e7TFao0b9Fk/XLWtu5/tQZz9jsrlTi1zthh
+7n+oaGNhfTeIJJL4jrhTrKW1CLHXATtr9SJlfZ3wbMxQVeyj2wUlP1V0M6kBuhNj
+tbGbMpixD5iCNJ49Cm2PHg+wBOfS3ADGIpi3PcGw5mb8nB3N9eGBRPhLShAlq5Hi
+Lv4tyykCgYEA8u3b3xJ04pxWYN25ou/Sc8xzgDCK4XvDNdHVTuZDjLVA+VTVPzql
+lw7VvJArsx47MSPvsaX/+4hQXYtfnR7yJpx6QagvQ+z4ludnIZYrQwdUmb9pFL1s
+8UNj+3j9QFRPenIiIQ8qxxNIQ9w2HsVQ8scvc9CjYop/YYAPaQyHaL8CgYEA1ZSz
+CR4NcpfgRSILdhb1dLcyw5Qus1VOSAx3DYkhDkMiB8XZwgMdJjwehJo9yaqRCLE8
+Sw5znMnkfoZpu7+skrjK0FqmMpXMH9gIszHvFG8wSw/6+2HIWS19/wOu8dh95LuC
+0zurMk8rFqxgWMWF20afhgYrUz42cvUTo10FVB0CgYEAt7mW6W3PArfUSCxIwmb4
+VmXREKkl0ATHDYQl/Cb//YHzot467TgQll883QB4XF5HzBFurX9rSzO7/BN1e6I0
+52i+ubtWC9xD4fUetXMaQvZfUGxIL8xXgVxDWKQXfLiG54c8Mp6C7s6xf8kjEUCP
+yR1F0SSA/Pzb+8RbY0p7eocCgYA+1rs+SXtHZev0KyoYGnUpW+Uxqd17ofOgOxqj
+/t6c5Z+TjeCdtnDTGQkZlo/rT6XQWuUUaDIXxUbW+xEMzj4mBPyXBLS1WWFvVQ5q
+OpzO9E/PJeqAH6rkof/aEelc+oc/zvOU1o9uA+D3kMvgEm1psIOq2RHSMhGvDPA0
+NmAk+QKBgQCwd1681GagdIYSZUCBecnLtevXmIsJyDW2yR1NNcIe/ukcVQREMDvy
+5DDkhnGDgnV1D5gYcXb34g9vYvbfTnBMl/JXmMAAG1kIS+3pvHyN6f1poVe3yJV1
+yHVuvymnJxKnyaV0L3ntepVvV0vVNIkA3oauoUTLto6txBI+b/ImDA==
+-----END RSA PRIVATE KEY-----
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/asyncio/wsgi-server.py b/testing/web-platform/tests/tools/third_party/h2/examples/asyncio/wsgi-server.py
new file mode 100644
index 0000000000..9fdb2fa0fc
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/asyncio/wsgi-server.py
@@ -0,0 +1,760 @@
+# -*- coding: utf-8 -*-
+"""
+asyncio-server.py
+~~~~~~~~~~~~~~~~~
+
+A fully-functional WSGI server, written using hyper-h2. Requires asyncio.
+
+To test it, try installing httpbin from pip (``pip install httpbin``) and then
+running the server (``python asyncio-server.py httpbin:app``).
+
+This server does not support HTTP/1.1: it is a HTTP/2-only WSGI server. The
+purpose of this code is to demonstrate how to integrate hyper-h2 into a more
+complex application, and to demonstrate several principles of concurrent
+programming.
+
+The architecture looks like this:
+
++---------------------------------+
+|     1x HTTP/2 Server Thread     |
+|        (running asyncio)        |
++---------------------------------+
++---------------------------------+
+|    N WSGI Application Threads   |
+|           (no asyncio)          |
++---------------------------------+
+
+Essentially, we spin up an asyncio-based event loop in the main thread. This
+launches one HTTP/2 Protocol instance for each inbound connection, all of which
+will read and write data from within the main thread in an asynchronous manner.
+
+When each HTTP request comes in, the server will build the WSGI environment
+dictionary and create a ``Stream`` object. This object will hold the relevant
+state for the request/response pair and will act as the WSGI side of the logic.
+That object will then be passed to a background thread pool, and when a worker
+is available the WSGI logic will begin to be executed. This model ensures that
+the asyncio web server itself is never blocked by the WSGI application.
+
+The WSGI application and the HTTP/2 server communicate via an asyncio queue,
+together with locks and threading events. The locks themselves are implicit in
+asyncio's "call_soon_threadsafe", which allows for a background thread to
+register an action with the main asyncio thread. When the asyncio thread
+eventually takes the action in question it sets as threading event, signaling
+to the background thread that it is free to continue its work.
+
+To make the WSGI application work with flow control, there is a very important
+invariant that must be observed. Any WSGI action that would cause data to be
+emitted to the network MUST be accompanied by a threading Event that is not
+set until that data has been written to the transport. This ensures that the
+WSGI application *blocks* until the data is actually sent. The reason we
+require this invariant is that the HTTP/2 server may choose to re-order some
+data chunks for flow control reasons: that is, the application for stream X may
+have actually written its data first, but the server may elect to send the data
+for stream Y first. This means that it's vital that there not be *two* writes
+for stream X active at any one point or they may get reordered, which would be
+particularly terrible.
+
+Thus, the server must cooperate to ensure that each threading event only fires
+when the *complete* data for that event has been written to the asyncio
+transport. Any earlier will cause untold craziness.
+"""
+import asyncio
+import importlib
+import queue
+import ssl
+import sys
+import threading
+
+from h2.config import H2Configuration
+from h2.connection import H2Connection
+from h2.events import (
+    DataReceived, RequestReceived, WindowUpdated, StreamEnded, StreamReset
+)
+
+
+# Used to signal that a request has completed.
+#
+# This is a convenient way to do "in-band" signaling of stream completion
+# without doing anything so heavyweight as using a class. Essentially, we can
+# test identity against this empty object. In fact, this is so convenient that
+# we use this object for all streams, for data in both directions: in and out.
+END_DATA_SENTINEL = object()
+
+# The WSGI callable. Stored here so that the protocol instances can get hold
+# of the data.
+APPLICATION = None
+
+
+class H2Protocol(asyncio.Protocol):
+    def __init__(self):
+        config = H2Configuration(client_side=False, header_encoding='utf-8')
+
+        # Our server-side state machine.
+        self.conn = H2Connection(config=config)
+
+        # The backing transport.
+        self.transport = None
+
+        # A dictionary of ``Stream`` objects, keyed by their stream ID. This
+        # makes it easy to route data to the correct WSGI application instance.
+        self.streams = {}
+
+        # A queue of data emitted by WSGI applications that has not yet been
+        # sent. Each stream may only have one chunk of data in either this
+        # queue or the flow_controlled_data dictionary at any one time.
+        self._stream_data = asyncio.Queue()
+
+        # Data that has been pulled off the queue that is for a stream blocked
+        # behind flow control limitations. This is used to avoid spinning on
+        # _stream_data queue when a stream cannot have its data sent. Data that
+        # cannot be sent on the connection when it is popped off the queue gets
+        # placed here until the stream flow control window opens up again.
+        self._flow_controlled_data = {}
+
+        # A reference to the loop in which this protocol runs. This is needed
+        # to synchronise up with background threads.
+        self._loop = asyncio.get_event_loop()
+
+        # Any streams that have been remotely reset. We keep track of these to
+        # ensure that we don't emit data from a WSGI application whose stream
+        # has been cancelled.
+        self._reset_streams = set()
+
+        # Keep track of the loop sending task so we can kill it when the
+        # connection goes away.
+        self._send_loop_task = None
+
+    def connection_made(self, transport):
+        """
+        The connection has been made. Here we need to save off our transport,
+        do basic HTTP/2 connection setup, and then start our data writing
+        coroutine.
+        """
+        self.transport = transport
+        self.conn.initiate_connection()
+        self.transport.write(self.conn.data_to_send())
+        self._send_loop_task = self._loop.create_task(self.sending_loop())
+
+    def connection_lost(self, exc):
+        """
+        With the end of the connection, we just want to cancel our data sending
+        coroutine.
+        """
+        self._send_loop_task.cancel()
+
+    def data_received(self, data):
+        """
+        Process inbound data.
+        """
+        events = self.conn.receive_data(data)
+
+        for event in events:
+            if isinstance(event, RequestReceived):
+                self.request_received(event)
+            elif isinstance(event, DataReceived):
+                self.data_frame_received(event)
+            elif isinstance(event, WindowUpdated):
+                self.window_opened(event)
+            elif isinstance(event, StreamEnded):
+                self.end_stream(event)
+            elif isinstance(event, StreamReset):
+                self.reset_stream(event)
+
+        outbound_data = self.conn.data_to_send()
+        if outbound_data:
+            self.transport.write(outbound_data)
+
+    def window_opened(self, event):
+        """
+        The flow control window got opened.
+
+        This is important because it's possible that we were unable to send
+        some WSGI data because the flow control window was too small. If that
+        happens, the sending_loop coroutine starts buffering data.
+
+        As the window gets opened, we need to unbuffer the data. We do that by
+        placing the data chunks back on the back of the send queue and letting
+        the sending loop take another shot at sending them.
+
+        This system only works because we require that each stream only have
+        *one* data chunk in the sending queue at any time. The threading events
+        force this invariant to remain true.
+        """
+        if event.stream_id:
+            # This is specific to a single stream.
+            if event.stream_id in self._flow_controlled_data:
+                self._stream_data.put_nowait(
+                    self._flow_controlled_data.pop(event.stream_id)
+                )
+        else:
+            # This event is specific to the connection. Free up *all* the
+            # streams. This is a bit tricky, but we *must not* yield the flow
+            # of control here or it all goes wrong.
+            for data in self._flow_controlled_data.values():
+                self._stream_data.put_nowait(data)
+
+            self._flow_controlled_data = {}
+
+    @asyncio.coroutine
+    def sending_loop(self):
+        """
+        A call that loops forever, attempting to send data. This sending loop
+        contains most of the flow-control smarts of this class: it pulls data
+        off of the asyncio queue and then attempts to send it.
+
+        The difficulties here are all around flow control. Specifically, a
+        chunk of data may be too large to send. In this case, what will happen
+        is that this coroutine will attempt to send what it can and will then
+        store the unsent data locally. When a flow control event comes in that
+        data will be freed up and placed back onto the asyncio queue, causing
+        it to pop back up into the sending logic of this coroutine.
+
+        This method explicitly *does not* handle HTTP/2 priority. That adds an
+        extra layer of complexity to what is already a fairly complex method,
+        and we'll look at how to do it another time.
+
+        This coroutine explicitly *does not end*.
+        """
+        while True:
+            stream_id, data, event = yield from self._stream_data.get()
+
+            # If this stream got reset, just drop the data on the floor. Note
+            # that we need to reset the event here to make sure that
+            # application doesn't lock up.
+            if stream_id in self._reset_streams:
+                event.set()
+
+            # Check if the body is done. If it is, this is really easy! Again,
+            # we *must* set the event here or the application will lock up.
+            if data is END_DATA_SENTINEL:
+                self.conn.end_stream(stream_id)
+                self.transport.write(self.conn.data_to_send())
+                event.set()
+                continue
+
+            # We need to send data, but not to exceed the flow control window.
+            # For that reason, grab only the data that fits: we'll buffer the
+            # rest.
+            window_size = self.conn.local_flow_control_window(stream_id)
+            chunk_size = min(window_size, len(data))
+            data_to_send = data[:chunk_size]
+            data_to_buffer = data[chunk_size:]
+
+            if data_to_send:
+                # There's a maximum frame size we have to respect. Because we
+                # aren't paying any attention to priority here, we can quite
+                # safely just split this string up into chunks of max frame
+                # size and blast them out.
+                #
+                # In a *real* application you'd want to consider priority here.
+                max_size = self.conn.max_outbound_frame_size
+                chunks = (
+                    data_to_send[x:x+max_size]
+                    for x in range(0, len(data_to_send), max_size)
+                )
+                for chunk in chunks:
+                    self.conn.send_data(stream_id, chunk)
+                self.transport.write(self.conn.data_to_send())
+
+            # If there's data left to buffer, we should do that. Put it in a
+            # dictionary and *don't set the event*: the app must not generate
+            # any more data until we got rid of all of this data.
+            if data_to_buffer:
+                self._flow_controlled_data[stream_id] = (
+                    stream_id, data_to_buffer, event
+                )
+            else:
+                # We sent everything. We can let the WSGI app progress.
+                event.set()
+
+    def request_received(self, event):
+        """
+        A HTTP/2 request has been received. We need to invoke the WSGI
+        application in a background thread to handle it.
+        """
+        # First, we are going to want an object to hold all the relevant state
+        # for this request/response. For that, we have a stream object. We
+        # need to store the stream object somewhere reachable for when data
+        # arrives later.
+        s = Stream(event.stream_id, self)
+        self.streams[event.stream_id] = s
+
+        # Next, we need to build the WSGI environ dictionary.
+        environ = _build_environ_dict(event.headers, s)
+
+        # Finally, we want to throw these arguments out to a threadpool and
+        # let it run.
+        self._loop.run_in_executor(
+            None,
+            s.run_in_threadpool,
+            APPLICATION,
+            environ,
+        )
+
+    def data_frame_received(self, event):
+        """
+        Data has been received by WSGI server and needs to be dispatched to a
+        running application.
+
+        Note that the flow control window is not modified here. That's
+        deliberate: see Stream.__next__ for a longer discussion of why.
+        """
+        # Grab the stream in question from our dictionary and pass it on.
+        stream = self.streams[event.stream_id]
+        stream.receive_data(event.data, event.flow_controlled_length)
+
+    def end_stream(self, event):
+        """
+        The stream data is complete.
+        """
+        stream = self.streams[event.stream_id]
+        stream.request_complete()
+
+    def reset_stream(self, event):
+        """
+        A stream got forcefully reset.
+
+        This is a tricky thing to deal with because WSGI doesn't really have a
+        good notion for it. Essentially, you have to let the application run
+        until completion, but not actually let it send any data.
+
+        We do that by discarding any data we currently have for it, and then
+        marking the stream as reset to allow us to spot when that stream is
+        trying to send data and drop that data on the floor.
+
+        We then *also* signal the WSGI application that no more data is
+        incoming, to ensure that it does not attempt to do further reads of the
+        data.
+        """
+        if event.stream_id in self._flow_controlled_data:
+            del self._flow_controlled_data
+
+        self._reset_streams.add(event.stream_id)
+        self.end_stream(event)
+
+    def data_for_stream(self, stream_id, data):
+        """
+        Thread-safe method called from outside the main asyncio thread in order
+        to send data on behalf of a WSGI application.
+
+        Places data being written by a stream on an asyncio queue. Returns a
+        threading event that will fire when that data is sent.
+        """
+        event = threading.Event()
+        self._loop.call_soon_threadsafe(
+            self._stream_data.put_nowait,
+            (stream_id, data, event)
+        )
+        return event
+
+    def send_response(self, stream_id, headers):
+        """
+        Thread-safe method called from outside the main asyncio thread in order
+        to send the HTTP response headers on behalf of a WSGI application.
+
+        Returns a threading event that will fire when the headers have been
+        emitted to the network.
+        """
+        event = threading.Event()
+
+        def _inner_send(stream_id, headers, event):
+            self.conn.send_headers(stream_id, headers, end_stream=False)
+            self.transport.write(self.conn.data_to_send())
+            event.set()
+
+        self._loop.call_soon_threadsafe(
+            _inner_send,
+            stream_id,
+            headers,
+            event
+        )
+        return event
+
+    def open_flow_control_window(self, stream_id, increment):
+        """
+        Opens a flow control window for the given stream by the given amount.
+        Called from a WSGI thread. Does not return an event because there's no
+        need to block on this action, it may take place at any time.
+        """
+        def _inner_open(stream_id, increment):
+            self.conn.increment_flow_control_window(increment, stream_id)
+            self.conn.increment_flow_control_window(increment, None)
+            self.transport.write(self.conn.data_to_send())
+
+        self._loop.call_soon_threadsafe(
+            _inner_open,
+            stream_id,
+            increment,
+        )
+
+
+class Stream:
+    """
+    This class holds all of the state for a single stream. It also provides
+    several of the callables used by the WSGI application. Finally, it provides
+    the logic for actually interfacing with the WSGI application.
+
+    For these reasons, the object has *strict* requirements on thread-safety.
+    While the object can be initialized in the main WSGI thread, the
+    ``run_in_threadpool`` method *must* be called from outside that thread. At
+    that point, the main WSGI thread may only call specific methods.
+    """
+    def __init__(self, stream_id, protocol):
+        self.stream_id = stream_id
+        self._protocol = protocol
+
+        # Queue for data that has been received from the network. This is a
+        # thread-safe queue, to allow both the WSGI application to block on
+        # receiving more data and to allow the asyncio server to keep sending
+        # more data.
+        #
+        # This queue is unbounded in size, but in practice it cannot contain
+        # too much data because the flow control window doesn't get adjusted
+        # unless data is removed from it.
+        self._received_data = queue.Queue()
+
+        # This buffer is used to hold partial chunks of data from
+        # _received_data that were not returned out of ``read`` and friends.
+        self._temp_buffer = b''
+
+        # Temporary variables that allow us to keep hold of the headers and
+        # response status until such time as the application needs us to send
+        # them.
+        self._response_status = b''
+        self._response_headers = []
+        self._headers_emitted = False
+
+        # Whether the application has received all the data from the network
+        # or not. This allows us to short-circuit some reads.
+        self._complete = False
+
+    def receive_data(self, data, flow_controlled_size):
+        """
+        Called by the H2Protocol when more data has been received from the
+        network.
+
+        Places the data directly on the queue in a thread-safe manner without
+        blocking. Does not introspect or process the data.
+        """
+        self._received_data.put_nowait((data, flow_controlled_size))
+
+    def request_complete(self):
+        """
+        Called by the H2Protocol when all the request data has been received.
+
+        This works by placing the ``END_DATA_SENTINEL`` on the queue. The
+        reading code knows, when it sees the ``END_DATA_SENTINEL``, to expect
+        no more data from the network. This ensures that the state of the
+        application only changes when it has finished processing the data from
+        the network, even though the server may have long-since finished
+        receiving all the data for this request.
+        """
+        self._received_data.put_nowait((END_DATA_SENTINEL, None))
+
+    def run_in_threadpool(self, wsgi_application, environ):
+        """
+        This method should be invoked in a threadpool. At the point this method
+        is invoked, the only safe methods to call from the original thread are
+        ``receive_data`` and ``request_complete``: any other method is unsafe.
+
+        This method handles the WSGI logic. It invokes the application callable
+        in this thread, passing control over to the WSGI application. It then
+        ensures that the data makes it back to the HTTP/2 connection via
+        the thread-safe APIs provided below.
+        """
+        result = wsgi_application(environ, self.start_response)
+
+        try:
+            for data in result:
+                self.write(data)
+        finally:
+            # This signals that we're done with data. The server will know that
+            # this allows it to clean up its state: we're done here.
+            self.write(END_DATA_SENTINEL)
+
+    # The next few methods are called by the WSGI application. Firstly, the
+    # three methods provided by the input stream.
+    def read(self, size=None):
+        """
+        Called by the WSGI application to read data.
+
+        This method is the one of two that explicitly pumps the input data
+        queue, which means it deals with the ``_complete`` flag and the
+        ``END_DATA_SENTINEL``.
+        """
+        # If we've already seen the END_DATA_SENTINEL, return immediately.
+        if self._complete:
+            return b''
+
+        # If we've been asked to read everything, just iterate over ourselves.
+        if size is None:
+            return b''.join(self)
+
+        # Otherwise, as long as we don't have enough data, spin looking for
+        # another data chunk.
+        data = b''
+        while len(data) < size:
+            try:
+                chunk = next(self)
+            except StopIteration:
+                break
+
+            # Concatenating strings this way is slow, but that's ok, this is
+            # just a demo.
+            data += chunk
+
+        # We have *at least* enough data to return, but we may have too much.
+        # If we do, throw it on a buffer: we'll use it later.
+        to_return = data[:size]
+        self._temp_buffer = data[size:]
+        return to_return
+
+    def readline(self, hint=None):
+        """
+        Called by the WSGI application to read a single line of data.
+
+        This method rigorously observes the ``hint`` parameter: it will only
+        ever read that much data. It then splits the data on a newline
+        character and throws everything it doesn't need into a buffer.
+        """
+        data = self.read(hint)
+        first_newline = data.find(b'\n')
+        if first_newline == -1:
+            # No newline, return all the data
+            return data
+
+        # We want to slice the data so that the head *includes* the first
+        # newline. Then, any data left in this line we don't care about should
+        # be prepended to the internal buffer.
+        head, tail = data[:first_newline + 1], data[first_newline + 1:]
+        self._temp_buffer = tail + self._temp_buffer
+
+        return head
+
+    def readlines(self, hint=None):
+        """
+        Called by the WSGI application to read several lines of data.
+
+        This method is really pretty stupid. It rigorously observes the
+        ``hint`` parameter, and quite happily returns the input split into
+        lines.
+        """
+        # This method is *crazy inefficient*, but it's also a pretty stupid
+        # method to call.
+        data = self.read(hint)
+        lines = data.split(b'\n')
+
+        # Split removes the newline character, but we want it, so put it back.
+        lines = [line + b'\n' for line in lines]
+
+        # Except if the last character was a newline character we now have an
+        # extra line that is just a newline: pull that out.
+        if lines[-1] == b'\n':
+            lines = lines[:-1]
+        return lines
+
+    def start_response(self, status, response_headers, exc_info=None):
+        """
+        This is the PEP-3333 mandated start_response callable.
+
+        All it does is store the headers for later sending, and return our
+        ```write`` callable.
+        """
+        if self._headers_emitted and exc_info is not None:
+            raise exc_info[1].with_traceback(exc_info[2])
+
+        assert not self._response_status or exc_info is not None
+        self._response_status = status
+        self._response_headers = response_headers
+
+        return self.write
+
+    def write(self, data):
+        """
+        Provides some data to write.
+
+        This function *blocks* until such time as the data is allowed by
+        HTTP/2 flow control. This allows a client to slow or pause the response
+        as needed.
+
+        This function is not supposed to be used, according to PEP-3333, but
+        once we have it it becomes quite convenient to use it, so this app
+        actually runs all writes through this function.
+        """
+        if not self._headers_emitted:
+            self._emit_headers()
+        event = self._protocol.data_for_stream(self.stream_id, data)
+        event.wait()
+        return
+
+    def _emit_headers(self):
+        """
+        Sends the response headers.
+
+        This is only called from the write callable and should only ever be
+        called once. It does some minor processing (converts the status line
+        into a status code because reason phrases are evil) and then passes
+        the headers on to the server. This call explicitly blocks until the
+        server notifies us that the headers have reached the network.
+        """
+        assert self._response_status and self._response_headers
+        assert not self._headers_emitted
+        self._headers_emitted = True
+
+        # We only need the status code
+        status = self._response_status.split(" ", 1)[0]
+        headers = [(":status", status)]
+        headers.extend(self._response_headers)
+        event = self._protocol.send_response(self.stream_id, headers)
+        event.wait()
+        return
+
+    # These two methods implement the iterator protocol. This allows a WSGI
+    # application to iterate over this Stream object to get the data.
+    def __iter__(self):
+        return self
+
+    def __next__(self):
+        # If the complete request has been read, abort immediately.
+        if self._complete:
+            raise StopIteration()
+
+        # If we have data stored in a temporary buffer for any reason, return
+        # that and clear the buffer.
+        #
+        # This can actually only happen when the application uses one of the
+        # read* callables, but that's fine.
+        if self._temp_buffer:
+            buffered_data = self._temp_buffer
+            self._temp_buffer = b''
+            return buffered_data
+
+        # Otherwise, pull data off the queue (blocking as needed). If this is
+        # the end of the request, we're done here: mark ourselves as complete
+        # and call it time. Otherwise, open the flow control window an
+        # appropriate amount and hand the chunk off.
+        chunk, chunk_size = self._received_data.get()
+        if chunk is END_DATA_SENTINEL:
+            self._complete = True
+            raise StopIteration()
+
+        # Let's talk a little bit about why we're opening the flow control
+        # window *here*, and not in the server thread.
+        #
+        # The purpose of HTTP/2 flow control is to allow for servers and
+        # clients to avoid needing to buffer data indefinitely because their
+        # peer is producing data faster than they can consume it. As a result,
+        # it's important that the flow control window be opened as late in the
+        # processing as possible. In this case, we open the flow control window
+        # exactly when the server hands the data to the application. This means
+        # that the flow control window essentially signals to the remote peer
+        # how much data hasn't even been *seen* by the application yet.
+        #
+        # If you wanted to be really clever you could consider not opening the
+        # flow control window until the application asks for the *next* chunk
+        # of data. That means that any buffers at the application level are now
+        # included in the flow control window processing. In my opinion, the
+        # advantage of that process does not outweigh the extra logical
+        # complexity involved in doing it, so we don't bother here.
+        #
+        # Another note: you'll notice that we don't include the _temp_buffer in
+        # our flow control considerations. This means you could in principle
+        # lead us to buffer slightly more than one connection flow control
+        # window's worth of data. That risk is considered acceptable for the
+        # much simpler logic available here.
+        #
+        # Finally, this is a pretty dumb flow control window management scheme:
+        # it causes us to emit a *lot* of window updates. A smarter server
+        # would want to use the content-length header to determine whether
+        # flow control window updates need to be emitted at all, and then to be
+        # more efficient about emitting them to avoid firing them off really
+        # frequently. For an example like this, there's very little gained by
+        # worrying about that.
+        self._protocol.open_flow_control_window(self.stream_id, chunk_size)
+
+        return chunk
+
+
+def _build_environ_dict(headers, stream):
+    """
+    Build the WSGI environ dictionary for a given request. To do that, we'll
+    temporarily create a dictionary for the headers. While this isn't actually
+    a valid way to represent headers, we know that the special headers we need
+    can only have one appearance in the block.
+
+    This code is arguably somewhat incautious: the conversion to dictionary
+    should only happen in a way that allows us to correctly join headers that
+    appear multiple times. That's acceptable in a demo app: in a productised
+    version you'd want to fix it.
+    """
+    header_dict = dict(headers)
+    path = header_dict.pop(u':path')
+    try:
+        path, query = path.split(u'?', 1)
+    except ValueError:
+        query = u""
+    server_name = header_dict.pop(u':authority')
+    try:
+        server_name, port = server_name.split(u':', 1)
+    except ValueError as e:
+        port = "8443"
+
+    environ = {
+        u'REQUEST_METHOD': header_dict.pop(u':method'),
+        u'SCRIPT_NAME': u'',
+        u'PATH_INFO': path,
+        u'QUERY_STRING': query,
+        u'SERVER_NAME': server_name,
+        u'SERVER_PORT': port,
+        u'SERVER_PROTOCOL': u'HTTP/2',
+        u'HTTPS': u"on",
+        u'SSL_PROTOCOL': u'TLSv1.2',
+        u'wsgi.version': (1, 0),
+        u'wsgi.url_scheme': header_dict.pop(u':scheme'),
+        u'wsgi.input': stream,
+        u'wsgi.errors': sys.stderr,
+        u'wsgi.multithread': True,
+        u'wsgi.multiprocess': False,
+        u'wsgi.run_once': False,
+    }
+    if u'content-type' in header_dict:
+        environ[u'CONTENT_TYPE'] = header_dict[u'content-type']
+    if u'content-length' in header_dict:
+        environ[u'CONTENT_LENGTH'] = header_dict[u'content-length']
+    for name, value in header_dict.items():
+        environ[u'HTTP_' + name.upper()] = value
+    return environ
+
+
+# Set up the WSGI app.
+application_string = sys.argv[1]
+path, func = application_string.split(':', 1)
+module = importlib.import_module(path)
+APPLICATION = getattr(module, func)
+
+# Set up TLS
+ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+ssl_context.options |= (
+    ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_COMPRESSION
+)
+ssl_context.set_ciphers("ECDHE+AESGCM")
+ssl_context.load_cert_chain(certfile="cert.crt", keyfile="cert.key")
+ssl_context.set_alpn_protocols(["h2"])
+
+# Do the asnycio bits
+loop = asyncio.get_event_loop()
+# Each client connection will create a new protocol instance
+coro = loop.create_server(H2Protocol, '127.0.0.1', 8443, ssl=ssl_context)
+server = loop.run_until_complete(coro)
+
+# Serve requests until Ctrl+C is pressed
+print('Serving on {}'.format(server.sockets[0].getsockname()))
+try:
+    loop.run_forever()
+except KeyboardInterrupt:
+    pass
+
+# Close the server
+server.close()
+loop.run_until_complete(server.wait_closed())
+loop.close()
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/curio/curio-server.py b/testing/web-platform/tests/tools/third_party/h2/examples/curio/curio-server.py
new file mode 100644
index 0000000000..f93d4db9d0
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/curio/curio-server.py
@@ -0,0 +1,206 @@
+#!/usr/bin/env python3.5
+# -*- coding: utf-8 -*-
+"""
+curio-server.py
+~~~~~~~~~~~~~~~
+
+A fully-functional HTTP/2 server written for curio.
+
+Requires Python 3.5+.
+"""
+import mimetypes
+import os
+import sys
+
+from curio import Event, spawn, socket, ssl, run
+
+import h2.config
+import h2.connection
+import h2.events
+
+
+# The maximum amount of a file we'll send in a single DATA frame.
+READ_CHUNK_SIZE = 8192
+
+
+async def create_listening_ssl_socket(address, certfile, keyfile):
+    """
+    Create and return a listening TLS socket on a given address.
+    """
+    ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+    ssl_context.options |= (
+        ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_COMPRESSION
+    )
+    ssl_context.set_ciphers("ECDHE+AESGCM")
+    ssl_context.load_cert_chain(certfile=certfile, keyfile=keyfile)
+    ssl_context.set_alpn_protocols(["h2"])
+
+    sock = socket.socket()
+    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+    sock = await ssl_context.wrap_socket(sock)
+    sock.bind(address)
+    sock.listen()
+
+    return sock
+
+
+async def h2_server(address, root, certfile, keyfile):
+    """
+    Create an HTTP/2 server at the given address.
+    """
+    sock = await create_listening_ssl_socket(address, certfile, keyfile)
+    print("Now listening on %s:%d" % address)
+
+    async with sock:
+        while True:
+            client, _ = await sock.accept()
+            server = H2Server(client, root)
+            await spawn(server.run())
+
+
+class H2Server:
+    """
+    A basic HTTP/2 file server. This is essentially very similar to
+    SimpleHTTPServer from the standard library, but uses HTTP/2 instead of
+    HTTP/1.1.
+    """
+    def __init__(self, sock, root):
+        config = h2.config.H2Configuration(
+            client_side=False, header_encoding='utf-8'
+        )
+        self.sock = sock
+        self.conn = h2.connection.H2Connection(config=config)
+        self.root = root
+        self.flow_control_events = {}
+
+    async def run(self):
+        """
+        Loop over the connection, managing it appropriately.
+        """
+        self.conn.initiate_connection()
+        await self.sock.sendall(self.conn.data_to_send())
+
+        while True:
+            # 65535 is basically arbitrary here: this amounts to "give me
+            # whatever data you have".
+            data = await self.sock.recv(65535)
+            if not data:
+                break
+
+            events = self.conn.receive_data(data)
+            for event in events:
+                if isinstance(event, h2.events.RequestReceived):
+                    await spawn(
+                        self.request_received(event.headers, event.stream_id)
+                    )
+                elif isinstance(event, h2.events.DataReceived):
+                    self.conn.reset_stream(event.stream_id)
+                elif isinstance(event, h2.events.WindowUpdated):
+                    await self.window_updated(event)
+
+            await self.sock.sendall(self.conn.data_to_send())
+
+    async def request_received(self, headers, stream_id):
+        """
+        Handle a request by attempting to serve a suitable file.
+        """
+        headers = dict(headers)
+        assert headers[':method'] == 'GET'
+
+        path = headers[':path'].lstrip('/')
+        full_path = os.path.join(self.root, path)
+
+        if not os.path.exists(full_path):
+            response_headers = (
+                (':status', '404'),
+                ('content-length', '0'),
+                ('server', 'curio-h2'),
+            )
+            self.conn.send_headers(
+                stream_id, response_headers, end_stream=True
+            )
+            await self.sock.sendall(self.conn.data_to_send())
+        else:
+            await self.send_file(full_path, stream_id)
+
+    async def send_file(self, file_path, stream_id):
+        """
+        Send a file, obeying the rules of HTTP/2 flow control.
+        """
+        filesize = os.stat(file_path).st_size
+        content_type, content_encoding = mimetypes.guess_type(file_path)
+        response_headers = [
+            (':status', '200'),
+            ('content-length', str(filesize)),
+            ('server', 'curio-h2'),
+        ]
+        if content_type:
+            response_headers.append(('content-type', content_type))
+        if content_encoding:
+            response_headers.append(('content-encoding', content_encoding))
+
+        self.conn.send_headers(stream_id, response_headers)
+        await self.sock.sendall(self.conn.data_to_send())
+
+        with open(file_path, 'rb', buffering=0) as f:
+            await self._send_file_data(f, stream_id)
+
+    async def _send_file_data(self, fileobj, stream_id):
+        """
+        Send the data portion of a file. Handles flow control rules.
+        """
+        while True:
+            while self.conn.local_flow_control_window(stream_id) < 1:
+                await self.wait_for_flow_control(stream_id)
+
+            chunk_size = min(
+                self.conn.local_flow_control_window(stream_id),
+                READ_CHUNK_SIZE,
+            )
+
+            data = fileobj.read(chunk_size)
+            keep_reading = (len(data) == chunk_size)
+
+            self.conn.send_data(stream_id, data, not keep_reading)
+            await self.sock.sendall(self.conn.data_to_send())
+
+            if not keep_reading:
+                break
+
+    async def wait_for_flow_control(self, stream_id):
+        """
+        Blocks until the flow control window for a given stream is opened.
+        """
+        evt = Event()
+        self.flow_control_events[stream_id] = evt
+        await evt.wait()
+
+    async def window_updated(self, event):
+        """
+        Unblock streams waiting on flow control, if needed.
+        """
+        stream_id = event.stream_id
+
+        if stream_id and stream_id in self.flow_control_events:
+            evt = self.flow_control_events.pop(stream_id)
+            await evt.set()
+        elif not stream_id:
+            # Need to keep a real list here to use only the events present at
+            # this time.
+            blocked_streams = list(self.flow_control_events.keys())
+            for stream_id in blocked_streams:
+                event = self.flow_control_events.pop(stream_id)
+                await event.set()
+        return
+
+
+if __name__ == '__main__':
+    host = sys.argv[2] if len(sys.argv) > 2 else "localhost"
+    print("Try GETting:")
+    print("    On OSX after 'brew install curl --with-c-ares --with-libidn --with-nghttp2 --with-openssl':")
+    print("/usr/local/opt/curl/bin/curl --tlsv1.2 --http2 -k https://localhost:5000/bundle.js")
+    print("Or open a browser to: https://localhost:5000/")
+    print("   (Accept all the warnings)")
+    run(h2_server((host, 5000), sys.argv[1],
+                  "{}.crt.pem".format(host),
+                  "{}.key".format(host)), with_monitor=True)
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/curio/localhost.crt.pem b/testing/web-platform/tests/tools/third_party/h2/examples/curio/localhost.crt.pem
new file mode 100644
index 0000000000..d6cf7d504d
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/curio/localhost.crt.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhTCCAm2gAwIBAgIJAOrxh0dOYJLdMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNTA5MTkxNDE2
+NDRaFw0xNTEwMTkxNDE2NDRaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l
+LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV
+BAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMqt
+A1iu8EN00FU0eBcBGlLVmNEgV7Jkbukra+kwS8j/U2y50QPGJc/FiIVDfuBqk5dL
+ACTNc6A/FQcXvWmOc5ixmC3QKKasMpuofqKz0V9C6irZdYXZ9rcsW0gHQIr989yd
+R+N1VbIlEVW/T9FJL3B2UD9GVIkUELzm47CSOWZvAxQUlsx8CUNuUCWqyZJoqTFN
+j0LeJDOWGCsug1Pkj0Q1x+jMVL6l6Zf6vMkLNOMsOsWsxUk+0L3tl/OzcTgUOCsw
+UzY59RIi6Rudrp0oaU8NuHr91yiSqPbKFlX10M9KwEEdnIpcxhND3dacrDycj3ux
+eWlqKync2vOFUkhwiaMCAwEAAaNQME4wHQYDVR0OBBYEFA0PN+PGoofZ+QIys2Jy
+1Zz94vBOMB8GA1UdIwQYMBaAFA0PN+PGoofZ+QIys2Jy1Zz94vBOMAwGA1UdEwQF
+MAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEplethBoPpcP3EbR5Rz6snDDIcbtAJu
+Ngd0YZppGT+P0DYnPJva4vRG3bb84ZMSuppz5j67qD6DdWte8UXhK8BzWiHzwmQE
+QmbKyzzTMKQgTNFntpx5cgsSvTtrHpNYoMHzHOmyAOboNeM0DWiRXsYLkWTitLTN
+qbOpstwPubExbT9lPjLclntShT/lCupt+zsbnrR9YiqlYFY/fDzfAybZhrD5GMBY
+XdMPItwAc/sWvH31yztarjkLmld76AGCcO5r8cSR/cX98SicyfjOBbSco8GkjYNY
+582gTPkKGYpStuN7GNT5tZmxvMq935HRa2XZvlAIe8ufp8EHVoYiF3c=
+-----END CERTIFICATE-----
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/curio/localhost.key b/testing/web-platform/tests/tools/third_party/h2/examples/curio/localhost.key
new file mode 100644
index 0000000000..bda69e836c
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/curio/localhost.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAyq0DWK7wQ3TQVTR4FwEaUtWY0SBXsmRu6Str6TBLyP9TbLnR
+A8Ylz8WIhUN+4GqTl0sAJM1zoD8VBxe9aY5zmLGYLdAopqwym6h+orPRX0LqKtl1
+hdn2tyxbSAdAiv3z3J1H43VVsiURVb9P0UkvcHZQP0ZUiRQQvObjsJI5Zm8DFBSW
+zHwJQ25QJarJkmipMU2PQt4kM5YYKy6DU+SPRDXH6MxUvqXpl/q8yQs04yw6xazF
+ST7Qve2X87NxOBQ4KzBTNjn1EiLpG52unShpTw24ev3XKJKo9soWVfXQz0rAQR2c
+ilzGE0Pd1pysPJyPe7F5aWorKdza84VSSHCJowIDAQABAoIBACp+nh4BB/VMz8Wd
+q7Q/EfLeQB1Q57JKpoqTBRwueSVai3ZXe4CMEi9/HkG6xiZtkiZ9njkZLq4hq9oB
+2z//kzMnwV2RsIRJxI6ohGy+wR51HD4BvEdlTPpY/Yabpqe92VyfSYxidKZWaU0O
+QMED1EODOw4ZQ+4928iPrJu//PMB4e7TFao0b9Fk/XLWtu5/tQZz9jsrlTi1zthh
+7n+oaGNhfTeIJJL4jrhTrKW1CLHXATtr9SJlfZ3wbMxQVeyj2wUlP1V0M6kBuhNj
+tbGbMpixD5iCNJ49Cm2PHg+wBOfS3ADGIpi3PcGw5mb8nB3N9eGBRPhLShAlq5Hi
+Lv4tyykCgYEA8u3b3xJ04pxWYN25ou/Sc8xzgDCK4XvDNdHVTuZDjLVA+VTVPzql
+lw7VvJArsx47MSPvsaX/+4hQXYtfnR7yJpx6QagvQ+z4ludnIZYrQwdUmb9pFL1s
+8UNj+3j9QFRPenIiIQ8qxxNIQ9w2HsVQ8scvc9CjYop/YYAPaQyHaL8CgYEA1ZSz
+CR4NcpfgRSILdhb1dLcyw5Qus1VOSAx3DYkhDkMiB8XZwgMdJjwehJo9yaqRCLE8
+Sw5znMnkfoZpu7+skrjK0FqmMpXMH9gIszHvFG8wSw/6+2HIWS19/wOu8dh95LuC
+0zurMk8rFqxgWMWF20afhgYrUz42cvUTo10FVB0CgYEAt7mW6W3PArfUSCxIwmb4
+VmXREKkl0ATHDYQl/Cb//YHzot467TgQll883QB4XF5HzBFurX9rSzO7/BN1e6I0
+52i+ubtWC9xD4fUetXMaQvZfUGxIL8xXgVxDWKQXfLiG54c8Mp6C7s6xf8kjEUCP
+yR1F0SSA/Pzb+8RbY0p7eocCgYA+1rs+SXtHZev0KyoYGnUpW+Uxqd17ofOgOxqj
+/t6c5Z+TjeCdtnDTGQkZlo/rT6XQWuUUaDIXxUbW+xEMzj4mBPyXBLS1WWFvVQ5q
+OpzO9E/PJeqAH6rkof/aEelc+oc/zvOU1o9uA+D3kMvgEm1psIOq2RHSMhGvDPA0
+NmAk+QKBgQCwd1681GagdIYSZUCBecnLtevXmIsJyDW2yR1NNcIe/ukcVQREMDvy
+5DDkhnGDgnV1D5gYcXb34g9vYvbfTnBMl/JXmMAAG1kIS+3pvHyN6f1poVe3yJV1
+yHVuvymnJxKnyaV0L3ntepVvV0vVNIkA3oauoUTLto6txBI+b/ImDA==
+-----END RSA PRIVATE KEY-----
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/eventlet/eventlet-server.py b/testing/web-platform/tests/tools/third_party/h2/examples/eventlet/eventlet-server.py
new file mode 100644
index 0000000000..a46cfb3d15
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/eventlet/eventlet-server.py
@@ -0,0 +1,102 @@
+# -*- coding: utf-8 -*-
+"""
+eventlet-server.py
+~~~~~~~~~~~~~~~~~~
+
+A fully-functional HTTP/2 server written for Eventlet.
+"""
+import collections
+import json
+
+import eventlet
+
+from eventlet.green.OpenSSL import SSL, crypto
+from h2.config import H2Configuration
+from h2.connection import H2Connection
+from h2.events import RequestReceived, DataReceived
+
+
+class ConnectionManager(object):
+    """
+    An object that manages a single HTTP/2 connection.
+    """
+    def __init__(self, sock):
+        config = H2Configuration(client_side=False)
+        self.sock = sock
+        self.conn = H2Connection(config=config)
+
+    def run_forever(self):
+        self.conn.initiate_connection()
+        self.sock.sendall(self.conn.data_to_send())
+
+        while True:
+            data = self.sock.recv(65535)
+            if not data:
+                break
+
+            events = self.conn.receive_data(data)
+
+            for event in events:
+                if isinstance(event, RequestReceived):
+                    self.request_received(event.headers, event.stream_id)
+                elif isinstance(event, DataReceived):
+                    self.conn.reset_stream(event.stream_id)
+
+            self.sock.sendall(self.conn.data_to_send())
+
+    def request_received(self, headers, stream_id):
+        headers = collections.OrderedDict(headers)
+        data = json.dumps({'headers': headers}, indent=4).encode('utf-8')
+
+        response_headers = (
+            (':status', '200'),
+            ('content-type', 'application/json'),
+            ('content-length', str(len(data))),
+            ('server', 'eventlet-h2'),
+        )
+        self.conn.send_headers(stream_id, response_headers)
+        self.conn.send_data(stream_id, data, end_stream=True)
+
+
+def alpn_callback(conn, protos):
+    if b'h2' in protos:
+        return b'h2'
+
+    raise RuntimeError("No acceptable protocol offered!")
+
+
+def npn_advertise_cb(conn):
+    return [b'h2']
+
+
+# Let's set up SSL. This is a lot of work in PyOpenSSL.
+options = (
+    SSL.OP_NO_COMPRESSION |
+    SSL.OP_NO_SSLv2 |
+    SSL.OP_NO_SSLv3 |
+    SSL.OP_NO_TLSv1 |
+    SSL.OP_NO_TLSv1_1
+)
+context = SSL.Context(SSL.SSLv23_METHOD)
+context.set_options(options)
+context.set_verify(SSL.VERIFY_NONE, lambda *args: True)
+context.use_privatekey_file('server.key')
+context.use_certificate_file('server.crt')
+context.set_npn_advertise_callback(npn_advertise_cb)
+context.set_alpn_select_callback(alpn_callback)
+context.set_cipher_list(
+    "ECDHE+AESGCM"
+)
+context.set_tmp_ecdh(crypto.get_elliptic_curve(u'prime256v1'))
+
+server = eventlet.listen(('0.0.0.0', 443))
+server = SSL.Connection(context, server)
+pool = eventlet.GreenPool()
+
+while True:
+    try:
+        new_sock, _ = server.accept()
+        manager = ConnectionManager(new_sock)
+        pool.spawn_n(manager.run_forever)
+    except (SystemExit, KeyboardInterrupt):
+        break
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/eventlet/server.crt b/testing/web-platform/tests/tools/third_party/h2/examples/eventlet/server.crt
new file mode 100644
index 0000000000..bc8a4c08d2
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/eventlet/server.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUjCCAjoCCQCQmNzzpQTCijANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQGEwJH
+QjEPMA0GA1UECBMGTG9uZG9uMQ8wDQYDVQQHEwZMb25kb24xETAPBgNVBAoTCGh5
+cGVyLWgyMREwDwYDVQQLEwhoeXBleS1oMjEUMBIGA1UEAxMLZXhhbXBsZS5jb20w
+HhcNMTUwOTE2MjAyOTA0WhcNMTYwOTE1MjAyOTA0WjBrMQswCQYDVQQGEwJHQjEP
+MA0GA1UECBMGTG9uZG9uMQ8wDQYDVQQHEwZMb25kb24xETAPBgNVBAoTCGh5cGVy
+LWgyMREwDwYDVQQLEwhoeXBleS1oMjEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC74ZeB4Jdb5cnC9KXXLJuzjwTg
+45q5EeShDYQe0TbKgreiUP6clU3BR0fFAVedN1q/LOuQ1HhvrDk1l4TfGF2bpCIq
+K+U9CnzcQknvdpyyVeOLtSsCjOPk4xydHwkQxwJvHVdtJx4CzDDqGbHNHCF/9gpQ
+lsa3JZW+tIZLK0XMEPFQ4XFXgegxTStO7kBBPaVIgG9Ooqc2MG4rjMNUpxa28WF1
+SyqWTICf2N8T/C+fPzbQLKCWrFrKUP7WQlOaqPNQL9bCDhSTPRTwQOc2/MzVZ9gT
+Xr0Z+JMTXwkSMKO52adE1pmKt00jJ1ecZBiJFyjx0X6hH+/59dLbG/7No+PzAgMB
+AAEwDQYJKoZIhvcNAQEFBQADggEBAG3UhOCa0EemL2iY+C+PR6CwEHQ+n7vkBzNz
+gKOG+Q39spyzqU1qJAzBxLTE81bIQbDg0R8kcLWHVH2y4zViRxZ0jHUFKMgjONW+
+Aj4evic/2Y/LxpLxCajECq/jeMHYrmQONszf9pbc0+exrQpgnwd8asfsM3d/FJS2
+5DIWryCKs/61m9vYL8icWx/9cnfPkBoNv1ER+V1L1TH3ARvABh406SBaeqLTm/kG
+MNuKytKWJsQbNlxzWHVgkKzVsBKvYj0uIEJpClIhbe6XNYRDy8T8mKXVWhJuxH4p
+/agmCG3nxO8aCrUK/EVmbWmVIfCH3t7jlwMX1nJ8MsRE7Ydnk8I=
+-----END CERTIFICATE-----
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/eventlet/server.key b/testing/web-platform/tests/tools/third_party/h2/examples/eventlet/server.key
new file mode 100644
index 0000000000..11f9ea094b
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/eventlet/server.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAu+GXgeCXW+XJwvSl1yybs48E4OOauRHkoQ2EHtE2yoK3olD+
+nJVNwUdHxQFXnTdavyzrkNR4b6w5NZeE3xhdm6QiKivlPQp83EJJ73acslXji7Ur
+Aozj5OMcnR8JEMcCbx1XbSceAsww6hmxzRwhf/YKUJbGtyWVvrSGSytFzBDxUOFx
+V4HoMU0rTu5AQT2lSIBvTqKnNjBuK4zDVKcWtvFhdUsqlkyAn9jfE/wvnz820Cyg
+lqxaylD+1kJTmqjzUC/Wwg4Ukz0U8EDnNvzM1WfYE169GfiTE18JEjCjudmnRNaZ
+irdNIydXnGQYiRco8dF+oR/v+fXS2xv+zaPj8wIDAQABAoIBAQCsdq278+0c13d4
+tViSh4k5r1w8D9IUdp9XU2/nVgckqA9nOVAvbkJc3FC+P7gsQgbUHKj0XoVbhU1S
+q461t8kduPH/oiGhAcKR8WurHEdE0OC6ewhLJAeCMRQwCrAorXXHh7icIt9ClCuG
+iSWUcXEy5Cidx3oL3r1xvIbV85fzdDtE9RC1I/kMjAy63S47YGiqh5vYmJkCa8rG
+Dsd1sEMDPr63XJpqJj3uHRcPvySgXTa+ssTmUH8WJlPTjvDB5hnPz+lkk2JKVPNu
+8adzftZ6hSun+tsc4ZJp8XhGu/m/7MjxWh8MeupLHlXcOEsnj4uHQQsOM3zHojr3
+aDCZiC1pAoGBAOAhwe1ujoS2VJ5RXJ9KMs7eBER/02MDgWZjo54Jv/jFxPWGslKk
+QQceuTe+PruRm41nzvk3q4iZXt8pG0bvpgigN2epcVx/O2ouRsUWWBT0JrVlEzha
+TIvWjtZ5tSQExXgHL3VlM9+ka40l+NldLSPn25+prizaqhalWuvTpP23AoGBANaY
+VhEI6yhp0BBUSATEv9lRgkwx3EbcnXNXPQjDMOthsyfq7FxbdOBEK1rwSDyuE6Ij
+zQGcTOfdiur5Ttg0OQilTJIXJAlpoeecOQ9yGma08c5FMXVJJvcZUuWRZWg1ocQj
+/hx0WVE9NwOoKwTBERv8HX7vJOFRZyvgkJwFxoulAoGAe4m/1XoZrga9z2GzNs10
+AdgX7BW00x+MhH4pIiPnn1yK+nYa9jg4647Asnv3IfXZEnEEgRNxReKbi0+iDFBt
+aNW+lDGuHTi37AfD1EBDnpEQgO1MUcRb6rwBkTAWatsCaO00+HUmyX9cFLm4Vz7n
+caILyQ6CxZBlLgRIgDHxADMCgYEAtubsJGTHmZBmSCStpXLUWbOBLNQqfTM398DZ
+QoirP1PsUQ+IGUfSG/u+QCogR6fPEBkXeFHxsoY/Cvsm2lvYaKgK1VFn46Xm2vNq
+JuIH4pZCqp6LAv4weddZslT0a5eaowRSZ4o7PmTAaRuCXvD3VjTSJwhJFMo+90TV
+vEWn7gkCgYEAkk+unX9kYmKoUdLh22/tzQekBa8WqMxXDwzBCECTAs2GlpL/f73i
+zD15TnaNfLP6Q5RNb0N9tb0Gz1wSkwI1+jGAQLnh2K9X9cIVIqJn8Mf/KQa/wUDV
+Tb1j7FoGUEgX7vbsyWuTd8P76kNYyGqCss1XmbttcSolqpbIdlSUcO0=
+-----END RSA PRIVATE KEY-----
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/fragments/client_https_setup_fragment.py b/testing/web-platform/tests/tools/third_party/h2/examples/fragments/client_https_setup_fragment.py
new file mode 100644
index 0000000000..269194d6c7
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/fragments/client_https_setup_fragment.py
@@ -0,0 +1,110 @@
+# -*- coding: utf-8 -*-
+"""
+Client HTTPS Setup
+~~~~~~~~~~~~~~~~~~
+
+This example code fragment demonstrates how to set up a HTTP/2 client that
+negotiates HTTP/2 using NPN and ALPN. For the sake of maximum explanatory value
+this code uses the synchronous, low-level sockets API: however, if you're not
+using sockets directly (e.g. because you're using asyncio), you should focus on
+the set up required for the SSLContext object. For other concurrency libraries
+you may need to use other setup (e.g. for Twisted you'll need to use
+IProtocolNegotiationFactory).
+
+This code requires Python 3.5 or later.
+"""
+import h2.connection
+import socket
+import ssl
+
+
+def establish_tcp_connection():
+    """
+    This function establishes a client-side TCP connection. How it works isn't
+    very important to this example. For the purpose of this example we connect
+    to localhost.
+    """
+    return socket.create_connection(('localhost', 443))
+
+
+def get_http2_ssl_context():
+    """
+    This function creates an SSLContext object that is suitably configured for
+    HTTP/2. If you're working with Python TLS directly, you'll want to do the
+    exact same setup as this function does.
+    """
+    # Get the basic context from the standard library.
+    ctx = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH)
+
+    # RFC 7540 Section 9.2: Implementations of HTTP/2 MUST use TLS version 1.2
+    # or higher. Disable TLS 1.1 and lower.
+    ctx.options |= (
+        ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
+    )
+
+    # RFC 7540 Section 9.2.1: A deployment of HTTP/2 over TLS 1.2 MUST disable
+    # compression.
+    ctx.options |= ssl.OP_NO_COMPRESSION
+
+    # RFC 7540 Section 9.2.2: "deployments of HTTP/2 that use TLS 1.2 MUST
+    # support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256". In practice, the
+    # blocklist defined in this section allows only the AES GCM and ChaCha20
+    # cipher suites with ephemeral key negotiation.
+    ctx.set_ciphers("ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20")
+
+    # We want to negotiate using NPN and ALPN. ALPN is mandatory, but NPN may
+    # be absent, so allow that. This setup allows for negotiation of HTTP/1.1.
+    ctx.set_alpn_protocols(["h2", "http/1.1"])
+
+    try:
+        ctx.set_npn_protocols(["h2", "http/1.1"])
+    except NotImplementedError:
+        pass
+
+    return ctx
+
+
+def negotiate_tls(tcp_conn, context):
+    """
+    Given an established TCP connection and a HTTP/2-appropriate TLS context,
+    this function:
+
+    1. wraps TLS around the TCP connection.
+    2. confirms that HTTP/2 was negotiated and, if it was not, throws an error.
+    """
+    # Note that SNI is mandatory for HTTP/2, so you *must* pass the
+    # server_hostname argument.
+    tls_conn = context.wrap_socket(tcp_conn, server_hostname='localhost')
+
+    # Always prefer the result from ALPN to that from NPN.
+    # You can only check what protocol was negotiated once the handshake is
+    # complete.
+    negotiated_protocol = tls_conn.selected_alpn_protocol()
+    if negotiated_protocol is None:
+        negotiated_protocol = tls_conn.selected_npn_protocol()
+
+    if negotiated_protocol != "h2":
+        raise RuntimeError("Didn't negotiate HTTP/2!")
+
+    return tls_conn
+
+
+def main():
+    # Step 1: Set up your TLS context.
+    context = get_http2_ssl_context()
+
+    # Step 2: Create a TCP connection.
+    connection = establish_tcp_connection()
+
+    # Step 3: Wrap the connection in TLS and validate that we negotiated HTTP/2
+    tls_connection = negotiate_tls(connection, context)
+
+    # Step 4: Create a client-side H2 connection.
+    http2_connection = h2.connection.H2Connection()
+
+    # Step 5: Initiate the connection
+    http2_connection.initiate_connection()
+    tls_connection.sendall(http2_connection.data_to_send())
+
+    # The TCP, TLS, and HTTP/2 handshakes are now complete. You can enter your
+    # main loop now.
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/fragments/client_upgrade_fragment.py b/testing/web-platform/tests/tools/third_party/h2/examples/fragments/client_upgrade_fragment.py
new file mode 100644
index 0000000000..f45c002df7
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/fragments/client_upgrade_fragment.py
@@ -0,0 +1,103 @@
+# -*- coding: utf-8 -*-
+"""
+Client Plaintext Upgrade
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+This example code fragment demonstrates how to set up a HTTP/2 client that uses
+the plaintext HTTP Upgrade mechanism to negotiate HTTP/2 connectivity. For
+maximum explanatory value it uses the synchronous socket API that comes with
+the Python standard library. In product code you will want to use an actual
+HTTP/1.1 client if possible.
+
+This code requires Python 3.5 or later.
+"""
+import h2.connection
+import socket
+
+
+def establish_tcp_connection():
+    """
+    This function establishes a client-side TCP connection. How it works isn't
+    very important to this example. For the purpose of this example we connect
+    to localhost.
+    """
+    return socket.create_connection(('localhost', 80))
+
+
+def send_initial_request(connection, settings):
+    """
+    For the sake of this upgrade demonstration, we're going to issue a GET
+    request against the root of the site. In principle the best request to
+    issue for an upgrade is actually ``OPTIONS *``, but this is remarkably
+    poorly supported and can break in weird ways.
+    """
+    # Craft our initial request per RFC 7540 Section 3.2. This requires two
+    # special header fields: the Upgrade headre, and the HTTP2-Settings header.
+    # The value of the HTTP2-Settings header field comes from h2.
+    request = (
+        b"GET / HTTP/1.1\r\n" +
+        b"Host: localhost\r\n" +
+        b"Upgrade: h2c\r\n" +
+        b"HTTP2-Settings: " + settings + b"\r\n" +
+        b"\r\n"
+    )
+    connection.sendall(request)
+
+
+def get_upgrade_response(connection):
+    """
+    This function reads from the socket until the HTTP/1.1 end-of-headers
+    sequence (CRLFCRLF) is received. It then checks what the status code of the
+    response is.
+
+    This is not a substitute for proper HTTP/1.1 parsing, but it's good enough
+    for example purposes.
+    """
+    data = b''
+    while b'\r\n\r\n' not in data:
+        data += connection.recv(8192)
+
+    headers, rest = data.split(b'\r\n\r\n', 1)
+
+    # An upgrade response begins HTTP/1.1 101 Switching Protocols. Look for the
+    # code. In production code you should also check that the upgrade is to
+    # h2c, but here we know we only offered one upgrade so there's only one
+    # possible upgrade in use.
+    split_headers = headers.split()
+    if split_headers[1] != b'101':
+        raise RuntimeError("Not upgrading!")
+
+    # We don't care about the HTTP/1.1 data anymore, but we do care about
+    # any other data we read from the socket: this is going to be HTTP/2 data
+    # that must be passed to the H2Connection.
+    return rest
+
+
+def main():
+    """
+    The client upgrade flow.
+    """
+    # Step 1: Establish the TCP connecton.
+    connection = establish_tcp_connection()
+
+    # Step 2: Create H2 Connection object, put it in upgrade mode, and get the
+    # value of the HTTP2-Settings header we want to use.
+    h2_connection = h2.connection.H2Connection()
+    settings_header_value = h2_connection.initiate_upgrade_connection()
+
+    # Step 3: Send the initial HTTP/1.1 request with the upgrade fields.
+    send_initial_request(connection, settings_header_value)
+
+    # Step 4: Read the HTTP/1.1 response, look for 101 response.
+    extra_data = get_upgrade_response(connection)
+
+    # Step 5: Immediately send the pending HTTP/2 data.
+    connection.sendall(h2_connection.data_to_send())
+
+    # Step 6: Feed the body data to the connection.
+    events = connection.receive_data(extra_data)
+
+    # Now you can enter your main loop, beginning by processing the first set
+    # of events above. These events may include ResponseReceived, which will
+    # contain the response to the request we made in Step 3.
+    main_loop(events)
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/fragments/server_https_setup_fragment.py b/testing/web-platform/tests/tools/third_party/h2/examples/fragments/server_https_setup_fragment.py
new file mode 100644
index 0000000000..9fc361f2c6
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/fragments/server_https_setup_fragment.py
@@ -0,0 +1,112 @@
+# -*- coding: utf-8 -*-
+"""
+Server HTTPS Setup
+~~~~~~~~~~~~~~~~~~
+
+This example code fragment demonstrates how to set up a HTTP/2 server that
+negotiates HTTP/2 using NPN and ALPN. For the sake of maximum explanatory value
+this code uses the synchronous, low-level sockets API: however, if you're not
+using sockets directly (e.g. because you're using asyncio), you should focus on
+the set up required for the SSLContext object. For other concurrency libraries
+you may need to use other setup (e.g. for Twisted you'll need to use
+IProtocolNegotiationFactory).
+
+This code requires Python 3.5 or later.
+"""
+import h2.config
+import h2.connection
+import socket
+import ssl
+
+
+def establish_tcp_connection():
+    """
+    This function establishes a server-side TCP connection. How it works isn't
+    very important to this example.
+    """
+    bind_socket = socket.socket()
+    bind_socket.bind(('', 443))
+    bind_socket.listen(5)
+    return bind_socket.accept()[0]
+
+
+def get_http2_ssl_context():
+    """
+    This function creates an SSLContext object that is suitably configured for
+    HTTP/2. If you're working with Python TLS directly, you'll want to do the
+    exact same setup as this function does.
+    """
+    # Get the basic context from the standard library.
+    ctx = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
+
+    # RFC 7540 Section 9.2: Implementations of HTTP/2 MUST use TLS version 1.2
+    # or higher. Disable TLS 1.1 and lower.
+    ctx.options |= (
+        ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
+    )
+
+    # RFC 7540 Section 9.2.1: A deployment of HTTP/2 over TLS 1.2 MUST disable
+    # compression.
+    ctx.options |= ssl.OP_NO_COMPRESSION
+
+    # RFC 7540 Section 9.2.2: "deployments of HTTP/2 that use TLS 1.2 MUST
+    # support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256". In practice, the
+    # blocklist defined in this section allows only the AES GCM and ChaCha20
+    # cipher suites with ephemeral key negotiation.
+    ctx.set_ciphers("ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20")
+
+    # We want to negotiate using NPN and ALPN. ALPN is mandatory, but NPN may
+    # be absent, so allow that. This setup allows for negotiation of HTTP/1.1.
+    ctx.set_alpn_protocols(["h2", "http/1.1"])
+
+    try:
+        ctx.set_npn_protocols(["h2", "http/1.1"])
+    except NotImplementedError:
+        pass
+
+    return ctx
+
+
+def negotiate_tls(tcp_conn, context):
+    """
+    Given an established TCP connection and a HTTP/2-appropriate TLS context,
+    this function:
+
+    1. wraps TLS around the TCP connection.
+    2. confirms that HTTP/2 was negotiated and, if it was not, throws an error.
+    """
+    tls_conn = context.wrap_socket(tcp_conn, server_side=True)
+
+    # Always prefer the result from ALPN to that from NPN.
+    # You can only check what protocol was negotiated once the handshake is
+    # complete.
+    negotiated_protocol = tls_conn.selected_alpn_protocol()
+    if negotiated_protocol is None:
+        negotiated_protocol = tls_conn.selected_npn_protocol()
+
+    if negotiated_protocol != "h2":
+        raise RuntimeError("Didn't negotiate HTTP/2!")
+
+    return tls_conn
+
+
+def main():
+    # Step 1: Set up your TLS context.
+    context = get_http2_ssl_context()
+
+    # Step 2: Receive a TCP connection.
+    connection = establish_tcp_connection()
+
+    # Step 3: Wrap the connection in TLS and validate that we negotiated HTTP/2
+    tls_connection = negotiate_tls(connection, context)
+
+    # Step 4: Create a server-side H2 connection.
+    config = h2.config.H2Configuration(client_side=False)
+    http2_connection = h2.connection.H2Connection(config=config)
+
+    # Step 5: Initiate the connection
+    http2_connection.initiate_connection()
+    tls_connection.sendall(http2_connection.data_to_send())
+
+    # The TCP, TLS, and HTTP/2 handshakes are now complete. You can enter your
+    # main loop now.
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/fragments/server_upgrade_fragment.py b/testing/web-platform/tests/tools/third_party/h2/examples/fragments/server_upgrade_fragment.py
new file mode 100644
index 0000000000..7e8b1f0eea
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/fragments/server_upgrade_fragment.py
@@ -0,0 +1,100 @@
+# -*- coding: utf-8 -*-
+"""
+Server Plaintext Upgrade
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+This example code fragment demonstrates how to set up a HTTP/2 server that uses
+the plaintext HTTP Upgrade mechanism to negotiate HTTP/2 connectivity. For
+maximum explanatory value it uses the synchronous socket API that comes with
+the Python standard library. In product code you will want to use an actual
+HTTP/1.1 server library if possible.
+
+This code requires Python 3.5 or later.
+"""
+import h2.config
+import h2.connection
+import re
+import socket
+
+
+def establish_tcp_connection():
+    """
+    This function establishes a server-side TCP connection. How it works isn't
+    very important to this example.
+    """
+    bind_socket = socket.socket()
+    bind_socket.bind(('', 443))
+    bind_socket.listen(5)
+    return bind_socket.accept()[0]
+
+
+def receive_initial_request(connection):
+    """
+    We're going to receive a request. For the sake of this example, we're going
+    to assume that the first request has no body. If it doesn't have the
+    Upgrade: h2c header field and the HTTP2-Settings header field, we'll throw
+    errors.
+
+    In production code, you should use a proper HTTP/1.1 parser and actually
+    serve HTTP/1.1 requests!
+
+    Returns the value of the HTTP2-Settings header field.
+    """
+    data = b''
+    while not data.endswith(b'\r\n\r\n'):
+        data += connection.recv(8192)
+
+    match = re.search(b'Upgrade: h2c\r\n', data)
+    if match is None:
+        raise RuntimeError("HTTP/2 upgrade not requested!")
+
+    # We need to look for the HTTP2-Settings header field. Again, in production
+    # code you shouldn't use regular expressions for this, but it's good enough
+    # for the example.
+    match = re.search(b'HTTP2-Settings: (\\S+)\r\n', data)
+    if match is None:
+        raise RuntimeError("HTTP2-Settings header field not present!")
+
+    return match.group(1)
+
+
+def send_upgrade_response(connection):
+    """
+    This function writes the 101 Switching Protocols response.
+    """
+    response = (
+        b"HTTP/1.1 101 Switching Protocols\r\n"
+        b"Upgrade: h2c\r\n"
+        b"\r\n"
+    )
+    connection.sendall(response)
+
+
+def main():
+    """
+    The server upgrade flow.
+    """
+    # Step 1: Establish the TCP connecton.
+    connection = establish_tcp_connection()
+
+    # Step 2: Read the response. We expect this to request an upgrade.
+    settings_header_value = receive_initial_request(connection)
+
+    # Step 3: Create a H2Connection object in server mode, and pass it the
+    # value of the HTTP2-Settings header field.
+    config = h2.config.H2Configuration(client_side=False)
+    h2_connection = h2.connection.H2Connection(config=config)
+    h2_connection.initiate_upgrade_connection(
+        settings_header=settings_header_value
+    )
+
+    # Step 4: Send the 101 Switching Protocols response.
+    send_upgrade_response(connection)
+
+    # Step 5: Send pending HTTP/2 data.
+    connection.sendall(h2_connection.data_to_send())
+
+    # At this point, you can enter your main loop. The first step has to be to
+    # send the response to the initial HTTP/1.1 request you received on stream
+    # 1.
+    main_loop()
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/tornado/server.crt b/testing/web-platform/tests/tools/third_party/h2/examples/tornado/server.crt
new file mode 100644
index 0000000000..bc8a4c08d2
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/tornado/server.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUjCCAjoCCQCQmNzzpQTCijANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQGEwJH
+QjEPMA0GA1UECBMGTG9uZG9uMQ8wDQYDVQQHEwZMb25kb24xETAPBgNVBAoTCGh5
+cGVyLWgyMREwDwYDVQQLEwhoeXBleS1oMjEUMBIGA1UEAxMLZXhhbXBsZS5jb20w
+HhcNMTUwOTE2MjAyOTA0WhcNMTYwOTE1MjAyOTA0WjBrMQswCQYDVQQGEwJHQjEP
+MA0GA1UECBMGTG9uZG9uMQ8wDQYDVQQHEwZMb25kb24xETAPBgNVBAoTCGh5cGVy
+LWgyMREwDwYDVQQLEwhoeXBleS1oMjEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC74ZeB4Jdb5cnC9KXXLJuzjwTg
+45q5EeShDYQe0TbKgreiUP6clU3BR0fFAVedN1q/LOuQ1HhvrDk1l4TfGF2bpCIq
+K+U9CnzcQknvdpyyVeOLtSsCjOPk4xydHwkQxwJvHVdtJx4CzDDqGbHNHCF/9gpQ
+lsa3JZW+tIZLK0XMEPFQ4XFXgegxTStO7kBBPaVIgG9Ooqc2MG4rjMNUpxa28WF1
+SyqWTICf2N8T/C+fPzbQLKCWrFrKUP7WQlOaqPNQL9bCDhSTPRTwQOc2/MzVZ9gT
+Xr0Z+JMTXwkSMKO52adE1pmKt00jJ1ecZBiJFyjx0X6hH+/59dLbG/7No+PzAgMB
+AAEwDQYJKoZIhvcNAQEFBQADggEBAG3UhOCa0EemL2iY+C+PR6CwEHQ+n7vkBzNz
+gKOG+Q39spyzqU1qJAzBxLTE81bIQbDg0R8kcLWHVH2y4zViRxZ0jHUFKMgjONW+
+Aj4evic/2Y/LxpLxCajECq/jeMHYrmQONszf9pbc0+exrQpgnwd8asfsM3d/FJS2
+5DIWryCKs/61m9vYL8icWx/9cnfPkBoNv1ER+V1L1TH3ARvABh406SBaeqLTm/kG
+MNuKytKWJsQbNlxzWHVgkKzVsBKvYj0uIEJpClIhbe6XNYRDy8T8mKXVWhJuxH4p
+/agmCG3nxO8aCrUK/EVmbWmVIfCH3t7jlwMX1nJ8MsRE7Ydnk8I=
+-----END CERTIFICATE-----
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/tornado/server.key b/testing/web-platform/tests/tools/third_party/h2/examples/tornado/server.key
new file mode 100644
index 0000000000..11f9ea094b
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/tornado/server.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAu+GXgeCXW+XJwvSl1yybs48E4OOauRHkoQ2EHtE2yoK3olD+
+nJVNwUdHxQFXnTdavyzrkNR4b6w5NZeE3xhdm6QiKivlPQp83EJJ73acslXji7Ur
+Aozj5OMcnR8JEMcCbx1XbSceAsww6hmxzRwhf/YKUJbGtyWVvrSGSytFzBDxUOFx
+V4HoMU0rTu5AQT2lSIBvTqKnNjBuK4zDVKcWtvFhdUsqlkyAn9jfE/wvnz820Cyg
+lqxaylD+1kJTmqjzUC/Wwg4Ukz0U8EDnNvzM1WfYE169GfiTE18JEjCjudmnRNaZ
+irdNIydXnGQYiRco8dF+oR/v+fXS2xv+zaPj8wIDAQABAoIBAQCsdq278+0c13d4
+tViSh4k5r1w8D9IUdp9XU2/nVgckqA9nOVAvbkJc3FC+P7gsQgbUHKj0XoVbhU1S
+q461t8kduPH/oiGhAcKR8WurHEdE0OC6ewhLJAeCMRQwCrAorXXHh7icIt9ClCuG
+iSWUcXEy5Cidx3oL3r1xvIbV85fzdDtE9RC1I/kMjAy63S47YGiqh5vYmJkCa8rG
+Dsd1sEMDPr63XJpqJj3uHRcPvySgXTa+ssTmUH8WJlPTjvDB5hnPz+lkk2JKVPNu
+8adzftZ6hSun+tsc4ZJp8XhGu/m/7MjxWh8MeupLHlXcOEsnj4uHQQsOM3zHojr3
+aDCZiC1pAoGBAOAhwe1ujoS2VJ5RXJ9KMs7eBER/02MDgWZjo54Jv/jFxPWGslKk
+QQceuTe+PruRm41nzvk3q4iZXt8pG0bvpgigN2epcVx/O2ouRsUWWBT0JrVlEzha
+TIvWjtZ5tSQExXgHL3VlM9+ka40l+NldLSPn25+prizaqhalWuvTpP23AoGBANaY
+VhEI6yhp0BBUSATEv9lRgkwx3EbcnXNXPQjDMOthsyfq7FxbdOBEK1rwSDyuE6Ij
+zQGcTOfdiur5Ttg0OQilTJIXJAlpoeecOQ9yGma08c5FMXVJJvcZUuWRZWg1ocQj
+/hx0WVE9NwOoKwTBERv8HX7vJOFRZyvgkJwFxoulAoGAe4m/1XoZrga9z2GzNs10
+AdgX7BW00x+MhH4pIiPnn1yK+nYa9jg4647Asnv3IfXZEnEEgRNxReKbi0+iDFBt
+aNW+lDGuHTi37AfD1EBDnpEQgO1MUcRb6rwBkTAWatsCaO00+HUmyX9cFLm4Vz7n
+caILyQ6CxZBlLgRIgDHxADMCgYEAtubsJGTHmZBmSCStpXLUWbOBLNQqfTM398DZ
+QoirP1PsUQ+IGUfSG/u+QCogR6fPEBkXeFHxsoY/Cvsm2lvYaKgK1VFn46Xm2vNq
+JuIH4pZCqp6LAv4weddZslT0a5eaowRSZ4o7PmTAaRuCXvD3VjTSJwhJFMo+90TV
+vEWn7gkCgYEAkk+unX9kYmKoUdLh22/tzQekBa8WqMxXDwzBCECTAs2GlpL/f73i
+zD15TnaNfLP6Q5RNb0N9tb0Gz1wSkwI1+jGAQLnh2K9X9cIVIqJn8Mf/KQa/wUDV
+Tb1j7FoGUEgX7vbsyWuTd8P76kNYyGqCss1XmbttcSolqpbIdlSUcO0=
+-----END RSA PRIVATE KEY-----
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/tornado/tornado-server.py b/testing/web-platform/tests/tools/third_party/h2/examples/tornado/tornado-server.py
new file mode 100755
index 0000000000..e7d08ab191
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/tornado/tornado-server.py
@@ -0,0 +1,92 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+"""
+tornado-server.py
+~~~~~~~~~~~~~~~~~
+
+A fully-functional HTTP/2 server written for Tornado.
+"""
+import collections
+import json
+import ssl
+
+import tornado.gen
+import tornado.ioloop
+import tornado.iostream
+import tornado.tcpserver
+
+from h2.config import H2Configuration
+from h2.connection import H2Connection
+from h2.events import RequestReceived, DataReceived
+
+
+def create_ssl_context(certfile, keyfile):
+    ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+    ssl_context.options |= (
+        ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_COMPRESSION
+    )
+    ssl_context.set_ciphers("ECDHE+AESGCM")
+    ssl_context.load_cert_chain(certfile=certfile, keyfile=keyfile)
+    ssl_context.set_alpn_protocols(["h2"])
+    return ssl_context
+
+
+class H2Server(tornado.tcpserver.TCPServer):
+
+    @tornado.gen.coroutine
+    def handle_stream(self, stream, address):
+        handler = EchoHeadersHandler(stream)
+        yield handler.handle()
+
+
+class EchoHeadersHandler(object):
+
+    def __init__(self, stream):
+        self.stream = stream
+
+        config = H2Configuration(client_side=False)
+        self.conn = H2Connection(config=config)
+
+    @tornado.gen.coroutine
+    def handle(self):
+        self.conn.initiate_connection()
+        yield self.stream.write(self.conn.data_to_send())
+
+        while True:
+            try:
+                data = yield self.stream.read_bytes(65535, partial=True)
+                if not data:
+                    break
+
+                events = self.conn.receive_data(data)
+                for event in events:
+                    if isinstance(event, RequestReceived):
+                        self.request_received(event.headers, event.stream_id)
+                    elif isinstance(event, DataReceived):
+                        self.conn.reset_stream(event.stream_id)
+
+                yield self.stream.write(self.conn.data_to_send())
+
+            except tornado.iostream.StreamClosedError:
+                break
+
+    def request_received(self, headers, stream_id):
+        headers = collections.OrderedDict(headers)
+        data = json.dumps({'headers': headers}, indent=4).encode('utf-8')
+
+        response_headers = (
+            (':status', '200'),
+            ('content-type', 'application/json'),
+            ('content-length', str(len(data))),
+            ('server', 'tornado-h2'),
+        )
+        self.conn.send_headers(stream_id, response_headers)
+        self.conn.send_data(stream_id, data, end_stream=True)
+
+
+if __name__ == '__main__':
+    ssl_context = create_ssl_context('server.crt', 'server.key')
+    server = H2Server(ssl_options=ssl_context)
+    server.listen(8888)
+    io_loop = tornado.ioloop.IOLoop.current()
+    io_loop.start()
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/twisted/head_request.py b/testing/web-platform/tests/tools/third_party/h2/examples/twisted/head_request.py
new file mode 100644
index 0000000000..4a7538024a
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/twisted/head_request.py
@@ -0,0 +1,111 @@
+# -*- coding: utf-8 -*-
+"""
+head_request.py
+~~~~~~~~~~~~~~~
+
+A short example that demonstrates a client that makes HEAD requests to certain
+websites.
+
+This example is intended as a reproduction of nghttp2 issue 396, for the
+purposes of compatibility testing.
+"""
+from __future__ import print_function
+
+from twisted.internet import reactor
+from twisted.internet.endpoints import connectProtocol, SSL4ClientEndpoint
+from twisted.internet.protocol import Protocol
+from twisted.internet.ssl import optionsForClientTLS
+from hyperframe.frame import SettingsFrame
+from h2.connection import H2Connection
+from h2.events import (
+    ResponseReceived, DataReceived, StreamEnded,
+    StreamReset, SettingsAcknowledged,
+)
+
+
+AUTHORITY = u'nghttp2.org'
+PATH = '/httpbin/'
+SIZE = 4096
+
+
+class H2Protocol(Protocol):
+    def __init__(self):
+        self.conn = H2Connection()
+        self.known_proto = None
+        self.request_made = False
+
+    def connectionMade(self):
+        self.conn.initiate_connection()
+
+        # This reproduces the error in #396, by changing the header table size.
+        self.conn.update_settings({SettingsFrame.HEADER_TABLE_SIZE: SIZE})
+
+        self.transport.write(self.conn.data_to_send())
+
+    def dataReceived(self, data):
+        if not self.known_proto:
+            self.known_proto = self.transport.negotiatedProtocol
+            assert self.known_proto == b'h2'
+
+        events = self.conn.receive_data(data)
+
+        for event in events:
+            if isinstance(event, ResponseReceived):
+                self.handleResponse(event.headers, event.stream_id)
+            elif isinstance(event, DataReceived):
+                self.handleData(event.data, event.stream_id)
+            elif isinstance(event, StreamEnded):
+                self.endStream(event.stream_id)
+            elif isinstance(event, SettingsAcknowledged):
+                self.settingsAcked(event)
+            elif isinstance(event, StreamReset):
+                reactor.stop()
+                raise RuntimeError("Stream reset: %d" % event.error_code)
+            else:
+                print(event)
+
+        data = self.conn.data_to_send()
+        if data:
+            self.transport.write(data)
+
+    def settingsAcked(self, event):
+        # Having received the remote settings change, lets send our request.
+        if not self.request_made:
+            self.sendRequest()
+
+    def handleResponse(self, response_headers, stream_id):
+        for name, value in response_headers:
+            print("%s: %s" % (name.decode('utf-8'), value.decode('utf-8')))
+
+        print("")
+
+    def handleData(self, data, stream_id):
+        print(data, end='')
+
+    def endStream(self, stream_id):
+        self.conn.close_connection()
+        self.transport.write(self.conn.data_to_send())
+        self.transport.loseConnection()
+        reactor.stop()
+
+    def sendRequest(self):
+        request_headers = [
+            (':method', 'HEAD'),
+            (':authority', AUTHORITY),
+            (':scheme', 'https'),
+            (':path', PATH),
+            ('user-agent', 'hyper-h2/1.0.0'),
+        ]
+        self.conn.send_headers(1, request_headers, end_stream=True)
+        self.request_made = True
+
+options = optionsForClientTLS(
+    hostname=AUTHORITY,
+    acceptableProtocols=[b'h2'],
+)
+
+connectProtocol(
+    SSL4ClientEndpoint(reactor, AUTHORITY, 443, options),
+    H2Protocol()
+)
+reactor.run()
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/twisted/post_request.py b/testing/web-platform/tests/tools/third_party/h2/examples/twisted/post_request.py
new file mode 100644
index 0000000000..c817bac465
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/twisted/post_request.py
@@ -0,0 +1,249 @@
+# -*- coding: utf-8 -*-
+"""
+post_request.py
+~~~~~~~~~~~~~~~
+
+A short example that demonstrates a client that makes POST requests to certain
+websites.
+
+This example is intended to demonstrate how to handle uploading request bodies.
+In this instance, a file will be uploaded. In order to handle arbitrary files,
+this example also demonstrates how to obey HTTP/2 flow control rules.
+
+Takes one command-line argument: a path to a file in the filesystem to upload.
+If none is present, uploads this file.
+"""
+from __future__ import print_function
+
+import mimetypes
+import os
+import sys
+
+from twisted.internet import reactor, defer
+from twisted.internet.endpoints import connectProtocol, SSL4ClientEndpoint
+from twisted.internet.protocol import Protocol
+from twisted.internet.ssl import optionsForClientTLS
+from h2.connection import H2Connection
+from h2.events import (
+    ResponseReceived, DataReceived, StreamEnded, StreamReset, WindowUpdated,
+    SettingsAcknowledged,
+)
+
+
+AUTHORITY = u'nghttp2.org'
+PATH = '/httpbin/post'
+
+
+class H2Protocol(Protocol):
+    def __init__(self, file_path):
+        self.conn = H2Connection()
+        self.known_proto = None
+        self.request_made = False
+        self.request_complete = False
+        self.file_path = file_path
+        self.flow_control_deferred = None
+        self.fileobj = None
+        self.file_size = None
+
+    def connectionMade(self):
+        """
+        Called by Twisted when the TCP connection is established. We can start
+        sending some data now: we should open with the connection preamble.
+        """
+        self.conn.initiate_connection()
+        self.transport.write(self.conn.data_to_send())
+
+    def dataReceived(self, data):
+        """
+        Called by Twisted when data is received on the connection.
+
+        We need to check a few things here. Firstly, we want to validate that
+        we actually negotiated HTTP/2: if we didn't, we shouldn't proceed!
+
+        Then, we want to pass the data to the protocol stack and check what
+        events occurred.
+        """
+        if not self.known_proto:
+            self.known_proto = self.transport.negotiatedProtocol
+            assert self.known_proto == b'h2'
+
+        events = self.conn.receive_data(data)
+
+        for event in events:
+            if isinstance(event, ResponseReceived):
+                self.handleResponse(event.headers)
+            elif isinstance(event, DataReceived):
+                self.handleData(event.data)
+            elif isinstance(event, StreamEnded):
+                self.endStream()
+            elif isinstance(event, SettingsAcknowledged):
+                self.settingsAcked(event)
+            elif isinstance(event, StreamReset):
+                reactor.stop()
+                raise RuntimeError("Stream reset: %d" % event.error_code)
+            elif isinstance(event, WindowUpdated):
+                self.windowUpdated(event)
+
+        data = self.conn.data_to_send()
+        if data:
+            self.transport.write(data)
+
+    def settingsAcked(self, event):
+        """
+        Called when the remote party ACKs our settings. We send a SETTINGS
+        frame as part of the preamble, so if we want to be very polite we can
+        wait until the ACK for that frame comes before we start sending our
+        request.
+        """
+        if not self.request_made:
+            self.sendRequest()
+
+    def handleResponse(self, response_headers):
+        """
+        Handle the response by printing the response headers.
+        """
+        for name, value in response_headers:
+            print("%s: %s" % (name.decode('utf-8'), value.decode('utf-8')))
+
+        print("")
+
+    def handleData(self, data):
+        """
+        We handle data that's received by just printing it.
+        """
+        print(data, end='')
+
+    def endStream(self):
+        """
+        We call this when the stream is cleanly ended by the remote peer. That
+        means that the response is complete.
+
+        Because this code only makes a single HTTP/2 request, once we receive
+        the complete response we can safely tear the connection down and stop
+        the reactor. We do that as cleanly as possible.
+        """
+        self.request_complete = True
+        self.conn.close_connection()
+        self.transport.write(self.conn.data_to_send())
+        self.transport.loseConnection()
+
+    def windowUpdated(self, event):
+        """
+        We call this when the flow control window for the connection or the
+        stream has been widened. If there's a flow control deferred present
+        (that is, if we're blocked behind the flow control), we fire it.
+        Otherwise, we do nothing.
+        """
+        if self.flow_control_deferred is None:
+            return
+
+        # Make sure we remove the flow control deferred to avoid firing it
+        # more than once.
+        flow_control_deferred = self.flow_control_deferred
+        self.flow_control_deferred = None
+        flow_control_deferred.callback(None)
+
+    def connectionLost(self, reason=None):
+        """
+        Called by Twisted when the connection is gone. Regardless of whether
+        it was clean or not, we want to stop the reactor.
+        """
+        if self.fileobj is not None:
+            self.fileobj.close()
+
+        if reactor.running:
+            reactor.stop()
+
+    def sendRequest(self):
+        """
+        Send the POST request.
+
+        A POST request is made up of one headers frame, and then 0+ data
+        frames. This method begins by sending the headers, and then starts a
+        series of calls to send data.
+        """
+        # First, we need to work out how large the file is.
+        self.file_size = os.stat(self.file_path).st_size
+
+        # Next, we want to guess a content-type and content-encoding.
+        content_type, content_encoding = mimetypes.guess_type(self.file_path)
+
+        # Now we can build a header block.
+        request_headers = [
+            (':method', 'POST'),
+            (':authority', AUTHORITY),
+            (':scheme', 'https'),
+            (':path', PATH),
+            ('user-agent', 'hyper-h2/1.0.0'),
+            ('content-length', str(self.file_size)),
+        ]
+
+        if content_type is not None:
+            request_headers.append(('content-type', content_type))
+
+            if content_encoding is not None:
+                request_headers.append(('content-encoding', content_encoding))
+
+        self.conn.send_headers(1, request_headers)
+        self.request_made = True
+
+        # We can now open the file.
+        self.fileobj = open(self.file_path, 'rb')
+
+        # We now need to send all the relevant data. We do this by checking
+        # what the acceptable amount of data is to send, and sending it. If we
+        # find ourselves blocked behind flow control, we then place a deferred
+        # and wait until that deferred fires.
+        self.sendFileData()
+
+    def sendFileData(self):
+        """
+        Send some file data on the connection.
+        """
+        # Firstly, check what the flow control window is for stream 1.
+        window_size = self.conn.local_flow_control_window(stream_id=1)
+
+        # Next, check what the maximum frame size is.
+        max_frame_size = self.conn.max_outbound_frame_size
+
+        # We will send no more than the window size or the remaining file size
+        # of data in this call, whichever is smaller.
+        bytes_to_send = min(window_size, self.file_size)
+
+        # We now need to send a number of data frames.
+        while bytes_to_send > 0:
+            chunk_size = min(bytes_to_send, max_frame_size)
+            data_chunk = self.fileobj.read(chunk_size)
+            self.conn.send_data(stream_id=1, data=data_chunk)
+
+            bytes_to_send -= chunk_size
+            self.file_size -= chunk_size
+
+        # We've prepared a whole chunk of data to send. If the file is fully
+        # sent, we also want to end the stream: we're done here.
+        if self.file_size == 0:
+            self.conn.end_stream(stream_id=1)
+        else:
+            # We've still got data left to send but the window is closed. Save
+            # a Deferred that will call us when the window gets opened.
+            self.flow_control_deferred = defer.Deferred()
+            self.flow_control_deferred.addCallback(self.sendFileData)
+
+        self.transport.write(self.conn.data_to_send())
+
+
+try:
+    filename = sys.argv[1]
+except IndexError:
+    filename = __file__
+
+options = optionsForClientTLS(
+    hostname=AUTHORITY,
+    acceptableProtocols=[b'h2'],
+)
+
+connectProtocol(
+    SSL4ClientEndpoint(reactor, AUTHORITY, 443, options),
+    H2Protocol(filename)
+)
+reactor.run()
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/twisted/server.crt b/testing/web-platform/tests/tools/third_party/h2/examples/twisted/server.crt
new file mode 100644
index 0000000000..bc8a4c08d2
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/twisted/server.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUjCCAjoCCQCQmNzzpQTCijANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQGEwJH
+QjEPMA0GA1UECBMGTG9uZG9uMQ8wDQYDVQQHEwZMb25kb24xETAPBgNVBAoTCGh5
+cGVyLWgyMREwDwYDVQQLEwhoeXBleS1oMjEUMBIGA1UEAxMLZXhhbXBsZS5jb20w
+HhcNMTUwOTE2MjAyOTA0WhcNMTYwOTE1MjAyOTA0WjBrMQswCQYDVQQGEwJHQjEP
+MA0GA1UECBMGTG9uZG9uMQ8wDQYDVQQHEwZMb25kb24xETAPBgNVBAoTCGh5cGVy
+LWgyMREwDwYDVQQLEwhoeXBleS1oMjEUMBIGA1UEAxMLZXhhbXBsZS5jb20wggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC74ZeB4Jdb5cnC9KXXLJuzjwTg
+45q5EeShDYQe0TbKgreiUP6clU3BR0fFAVedN1q/LOuQ1HhvrDk1l4TfGF2bpCIq
+K+U9CnzcQknvdpyyVeOLtSsCjOPk4xydHwkQxwJvHVdtJx4CzDDqGbHNHCF/9gpQ
+lsa3JZW+tIZLK0XMEPFQ4XFXgegxTStO7kBBPaVIgG9Ooqc2MG4rjMNUpxa28WF1
+SyqWTICf2N8T/C+fPzbQLKCWrFrKUP7WQlOaqPNQL9bCDhSTPRTwQOc2/MzVZ9gT
+Xr0Z+JMTXwkSMKO52adE1pmKt00jJ1ecZBiJFyjx0X6hH+/59dLbG/7No+PzAgMB
+AAEwDQYJKoZIhvcNAQEFBQADggEBAG3UhOCa0EemL2iY+C+PR6CwEHQ+n7vkBzNz
+gKOG+Q39spyzqU1qJAzBxLTE81bIQbDg0R8kcLWHVH2y4zViRxZ0jHUFKMgjONW+
+Aj4evic/2Y/LxpLxCajECq/jeMHYrmQONszf9pbc0+exrQpgnwd8asfsM3d/FJS2
+5DIWryCKs/61m9vYL8icWx/9cnfPkBoNv1ER+V1L1TH3ARvABh406SBaeqLTm/kG
+MNuKytKWJsQbNlxzWHVgkKzVsBKvYj0uIEJpClIhbe6XNYRDy8T8mKXVWhJuxH4p
+/agmCG3nxO8aCrUK/EVmbWmVIfCH3t7jlwMX1nJ8MsRE7Ydnk8I=
+-----END CERTIFICATE-----
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/twisted/server.csr b/testing/web-platform/tests/tools/third_party/h2/examples/twisted/server.csr
new file mode 100644
index 0000000000..cadb53a512
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/twisted/server.csr
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICsDCCAZgCAQAwazELMAkGA1UEBhMCR0IxDzANBgNVBAgTBkxvbmRvbjEPMA0G
+A1UEBxMGTG9uZG9uMREwDwYDVQQKEwhoeXBlci1oMjERMA8GA1UECxMIaHlwZXkt
+aDIxFDASBgNVBAMTC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAu+GXgeCXW+XJwvSl1yybs48E4OOauRHkoQ2EHtE2yoK3olD+nJVN
+wUdHxQFXnTdavyzrkNR4b6w5NZeE3xhdm6QiKivlPQp83EJJ73acslXji7UrAozj
+5OMcnR8JEMcCbx1XbSceAsww6hmxzRwhf/YKUJbGtyWVvrSGSytFzBDxUOFxV4Ho
+MU0rTu5AQT2lSIBvTqKnNjBuK4zDVKcWtvFhdUsqlkyAn9jfE/wvnz820Cyglqxa
+ylD+1kJTmqjzUC/Wwg4Ukz0U8EDnNvzM1WfYE169GfiTE18JEjCjudmnRNaZirdN
+IydXnGQYiRco8dF+oR/v+fXS2xv+zaPj8wIDAQABoAAwDQYJKoZIhvcNAQEFBQAD
+ggEBACZpSoZWxHU5uagpM2Vinh2E7CXiMAlBc6NXhQMD/3fycr9sX4d/+y9Gy3bL
+OfEOHBPlQVGrt05aiTh7m5s3HQfsH8l3RfKpfzCfoqd2ESVwgB092bJwY9fBnkw/
+UzIHvSnlaKc78h+POUoATOb4faQ8P04wzJHzckbCDI8zRzBZTMVGuiWUopq7K5Ce
+VSesbqHHnW9ob/apigKNE0k7et/28NOXNEP90tTsz98yN3TP+Nv9puwvT9JZOOoG
+0PZIQKJIaZ1NZoNQHLN9gXz012XWa99cBE0qNiBUugXlNhXjkIIM8FIhDQOREB18
+0KDxEma+A0quyjnDMwPSoZsMca4=
+-----END CERTIFICATE REQUEST-----
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/twisted/server.key b/testing/web-platform/tests/tools/third_party/h2/examples/twisted/server.key
new file mode 100644
index 0000000000..11f9ea094b
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/twisted/server.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAu+GXgeCXW+XJwvSl1yybs48E4OOauRHkoQ2EHtE2yoK3olD+
+nJVNwUdHxQFXnTdavyzrkNR4b6w5NZeE3xhdm6QiKivlPQp83EJJ73acslXji7Ur
+Aozj5OMcnR8JEMcCbx1XbSceAsww6hmxzRwhf/YKUJbGtyWVvrSGSytFzBDxUOFx
+V4HoMU0rTu5AQT2lSIBvTqKnNjBuK4zDVKcWtvFhdUsqlkyAn9jfE/wvnz820Cyg
+lqxaylD+1kJTmqjzUC/Wwg4Ukz0U8EDnNvzM1WfYE169GfiTE18JEjCjudmnRNaZ
+irdNIydXnGQYiRco8dF+oR/v+fXS2xv+zaPj8wIDAQABAoIBAQCsdq278+0c13d4
+tViSh4k5r1w8D9IUdp9XU2/nVgckqA9nOVAvbkJc3FC+P7gsQgbUHKj0XoVbhU1S
+q461t8kduPH/oiGhAcKR8WurHEdE0OC6ewhLJAeCMRQwCrAorXXHh7icIt9ClCuG
+iSWUcXEy5Cidx3oL3r1xvIbV85fzdDtE9RC1I/kMjAy63S47YGiqh5vYmJkCa8rG
+Dsd1sEMDPr63XJpqJj3uHRcPvySgXTa+ssTmUH8WJlPTjvDB5hnPz+lkk2JKVPNu
+8adzftZ6hSun+tsc4ZJp8XhGu/m/7MjxWh8MeupLHlXcOEsnj4uHQQsOM3zHojr3
+aDCZiC1pAoGBAOAhwe1ujoS2VJ5RXJ9KMs7eBER/02MDgWZjo54Jv/jFxPWGslKk
+QQceuTe+PruRm41nzvk3q4iZXt8pG0bvpgigN2epcVx/O2ouRsUWWBT0JrVlEzha
+TIvWjtZ5tSQExXgHL3VlM9+ka40l+NldLSPn25+prizaqhalWuvTpP23AoGBANaY
+VhEI6yhp0BBUSATEv9lRgkwx3EbcnXNXPQjDMOthsyfq7FxbdOBEK1rwSDyuE6Ij
+zQGcTOfdiur5Ttg0OQilTJIXJAlpoeecOQ9yGma08c5FMXVJJvcZUuWRZWg1ocQj
+/hx0WVE9NwOoKwTBERv8HX7vJOFRZyvgkJwFxoulAoGAe4m/1XoZrga9z2GzNs10
+AdgX7BW00x+MhH4pIiPnn1yK+nYa9jg4647Asnv3IfXZEnEEgRNxReKbi0+iDFBt
+aNW+lDGuHTi37AfD1EBDnpEQgO1MUcRb6rwBkTAWatsCaO00+HUmyX9cFLm4Vz7n
+caILyQ6CxZBlLgRIgDHxADMCgYEAtubsJGTHmZBmSCStpXLUWbOBLNQqfTM398DZ
+QoirP1PsUQ+IGUfSG/u+QCogR6fPEBkXeFHxsoY/Cvsm2lvYaKgK1VFn46Xm2vNq
+JuIH4pZCqp6LAv4weddZslT0a5eaowRSZ4o7PmTAaRuCXvD3VjTSJwhJFMo+90TV
+vEWn7gkCgYEAkk+unX9kYmKoUdLh22/tzQekBa8WqMxXDwzBCECTAs2GlpL/f73i
+zD15TnaNfLP6Q5RNb0N9tb0Gz1wSkwI1+jGAQLnh2K9X9cIVIqJn8Mf/KQa/wUDV
+Tb1j7FoGUEgX7vbsyWuTd8P76kNYyGqCss1XmbttcSolqpbIdlSUcO0=
+-----END RSA PRIVATE KEY-----
diff --git a/testing/web-platform/tests/tools/third_party/h2/examples/twisted/twisted-server.py b/testing/web-platform/tests/tools/third_party/h2/examples/twisted/twisted-server.py
new file mode 100644
index 0000000000..75a271d9b7
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/examples/twisted/twisted-server.py
@@ -0,0 +1,192 @@
+# -*- coding: utf-8 -*-
+"""
+twisted-server.py
+~~~~~~~~~~~~~~~~~
+
+A fully-functional HTTP/2 server written for Twisted.
+"""
+import functools
+import mimetypes
+import os
+import os.path
+import sys
+
+from OpenSSL import crypto
+from twisted.internet.defer import Deferred, inlineCallbacks
+from twisted.internet.protocol import Protocol, Factory
+from twisted.internet import endpoints, reactor, ssl
+from h2.config import H2Configuration
+from h2.connection import H2Connection
+from h2.events import (
+    RequestReceived, DataReceived, WindowUpdated
+)
+from h2.exceptions import ProtocolError
+
+
+def close_file(file, d):
+    file.close()
+
+
+READ_CHUNK_SIZE = 8192
+
+
+class H2Protocol(Protocol):
+    def __init__(self, root):
+        config = H2Configuration(client_side=False)
+        self.conn = H2Connection(config=config)
+        self.known_proto = None
+        self.root = root
+
+        self._flow_control_deferreds = {}
+
+    def connectionMade(self):
+        self.conn.initiate_connection()
+        self.transport.write(self.conn.data_to_send())
+
+    def dataReceived(self, data):
+        if not self.known_proto:
+            self.known_proto = True
+
+        try:
+            events = self.conn.receive_data(data)
+        except ProtocolError:
+            if self.conn.data_to_send:
+                self.transport.write(self.conn.data_to_send())
+            self.transport.loseConnection()
+        else:
+            for event in events:
+                if isinstance(event, RequestReceived):
+                    self.requestReceived(event.headers, event.stream_id)
+                elif isinstance(event, DataReceived):
+                    self.dataFrameReceived(event.stream_id)
+                elif isinstance(event, WindowUpdated):
+                    self.windowUpdated(event)
+
+            if self.conn.data_to_send:
+                self.transport.write(self.conn.data_to_send())
+
+    def requestReceived(self, headers, stream_id):
+        headers = dict(headers)  # Invalid conversion, fix later.
+        assert headers[b':method'] == b'GET'
+
+        path = headers[b':path'].lstrip(b'/')
+        full_path = os.path.join(self.root, path)
+
+        if not os.path.exists(full_path):
+            response_headers = (
+                (':status', '404'),
+                ('content-length', '0'),
+                ('server', 'twisted-h2'),
+            )
+            self.conn.send_headers(
+                stream_id, response_headers, end_stream=True
+            )
+            self.transport.write(self.conn.data_to_send())
+        else:
+            self.sendFile(full_path, stream_id)
+
+        return
+
+    def dataFrameReceived(self, stream_id):
+        self.conn.reset_stream(stream_id)
+        self.transport.write(self.conn.data_to_send())
+
+    def sendFile(self, file_path, stream_id):
+        filesize = os.stat(file_path).st_size
+        content_type, content_encoding = mimetypes.guess_type(
+            file_path.decode('utf-8')
+        )
+        response_headers = [
+            (':status', '200'),
+            ('content-length', str(filesize)),
+            ('server', 'twisted-h2'),
+        ]
+        if content_type:
+            response_headers.append(('content-type', content_type))
+        if content_encoding:
+            response_headers.append(('content-encoding', content_encoding))
+
+        self.conn.send_headers(stream_id, response_headers)
+        self.transport.write(self.conn.data_to_send())
+
+        f = open(file_path, 'rb')
+        d = self._send_file(f, stream_id)
+        d.addErrback(functools.partial(close_file, f))
+
+    def windowUpdated(self, event):
+        """
+        Handle a WindowUpdated event by firing any waiting data sending
+        callbacks.
+        """
+        stream_id = event.stream_id
+
+        if stream_id and stream_id in self._flow_control_deferreds:
+            d = self._flow_control_deferreds.pop(stream_id)
+            d.callback(event.delta)
+        elif not stream_id:
+            for d in self._flow_control_deferreds.values():
+                d.callback(event.delta)
+
+            self._flow_control_deferreds = {}
+
+        return
+
+    @inlineCallbacks
+    def _send_file(self, file, stream_id):
+        """
+        This callback sends more data for a given file on the stream.
+        """
+        keep_reading = True
+        while keep_reading:
+            while not self.conn.remote_flow_control_window(stream_id):
+                yield self.wait_for_flow_control(stream_id)
+
+            chunk_size = min(
+                self.conn.remote_flow_control_window(stream_id), READ_CHUNK_SIZE
+            )
+            data = file.read(chunk_size)
+            keep_reading = len(data) == chunk_size
+            self.conn.send_data(stream_id, data, not keep_reading)
+            self.transport.write(self.conn.data_to_send())
+
+            if not keep_reading:
+                break
+
+        file.close()
+
+    def wait_for_flow_control(self, stream_id):
+        """
+        Returns a Deferred that fires when the flow control window is opened.
+        """
+        d = Deferred()
+        self._flow_control_deferreds[stream_id] = d
+        return d
+
+
+class H2Factory(Factory):
+    def __init__(self, root):
+        self.root = root
+
+    def buildProtocol(self, addr):
+        print(H2Protocol)
+        return H2Protocol(self.root)
+
+
+root = sys.argv[1].encode('utf-8')
+
+with open('server.crt', 'r') as f:
+    cert_data = f.read()
+with open('server.key', 'r') as f:
+    key_data = f.read()
+
+cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_data)
+key = crypto.load_privatekey(crypto.FILETYPE_PEM, key_data)
+options = ssl.CertificateOptions(
+    privateKey=key,
+    certificate=cert,
+    acceptableProtocols=[b'h2'],
+)
+
+endpoint = endpoints.SSL4ServerEndpoint(reactor, 8080, options, backlog=128)
+endpoint.listen(H2Factory(root))
+reactor.run()
diff --git a/testing/web-platform/tests/tools/third_party/h2/h2/__init__.py b/testing/web-platform/tests/tools/third_party/h2/h2/__init__.py
new file mode 100644
index 0000000000..6290710e63
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/h2/__init__.py
@@ -0,0 +1,8 @@
+# -*- coding: utf-8 -*-
+"""
+h2
+~~
+
+A HTTP/2 implementation.
+"""
+__version__ = '3.2.0'
diff --git a/testing/web-platform/tests/tools/third_party/h2/h2/config.py b/testing/web-platform/tests/tools/third_party/h2/h2/config.py
new file mode 100644
index 0000000000..1c437ee24f
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/h2/config.py
@@ -0,0 +1,170 @@
+# -*- coding: utf-8 -*-
+"""
+h2/config
+~~~~~~~~~
+
+Objects for controlling the configuration of the HTTP/2 stack.
+"""
+
+
+class _BooleanConfigOption(object):
+    """
+    Descriptor for handling a boolean config option.  This will block
+    attempts to set boolean config options to non-bools.
+    """
+    def __init__(self, name):
+        self.name = name
+        self.attr_name = '_%s' % self.name
+
+    def __get__(self, instance, owner):
+        return getattr(instance, self.attr_name)
+
+    def __set__(self, instance, value):
+        if not isinstance(value, bool):
+            raise ValueError("%s must be a bool" % self.name)
+        setattr(instance, self.attr_name, value)
+
+
+class DummyLogger(object):
+    """
+    An Logger object that does not actual logging, hence a DummyLogger.
+
+    For the class the log operation is merely a no-op. The intent is to avoid
+    conditionals being sprinkled throughout the hyper-h2 code for calls to
+    logging functions when no logger is passed into the corresponding object.
+    """
+    def __init__(self, *vargs):
+        pass
+
+    def debug(self, *vargs, **kwargs):
+        """
+        No-op logging. Only level needed for now.
+        """
+        pass
+
+    def trace(self, *vargs, **kwargs):
+        """
+        No-op logging. Only level needed for now.
+        """
+        pass
+
+
+class H2Configuration(object):
+    """
+    An object that controls the way a single HTTP/2 connection behaves.
+
+    This object allows the users to customize behaviour. In particular, it
+    allows users to enable or disable optional features, or to otherwise handle
+    various unusual behaviours.
+
+    This object has very little behaviour of its own: it mostly just ensures
+    that configuration is self-consistent.
+
+    :param client_side: Whether this object is to be used on the client side of
+        a connection, or on the server side. Affects the logic used by the
+        state machine, the default settings values, the allowable stream IDs,
+        and several other properties. Defaults to ``True``.
+    :type client_side: ``bool``
+
+    :param header_encoding: Controls whether the headers emitted by this object
+        in events are transparently decoded to ``unicode`` strings, and what
+        encoding is used to do that decoding. This defaults to ``None``,
+        meaning that headers will be returned as bytes. To automatically
+        decode headers (that is, to return them as unicode strings), this can
+        be set to the string name of any encoding, e.g. ``'utf-8'``.
+
+        .. versionchanged:: 3.0.0
+           Changed default value from ``'utf-8'`` to ``None``
+
+    :type header_encoding: ``str``, ``False``, or ``None``
+
+    :param validate_outbound_headers: Controls whether the headers emitted
+        by this object are validated against the rules in RFC 7540.
+        Disabling this setting will cause outbound header validation to
+        be skipped, and allow the object to emit headers that may be illegal
+        according to RFC 7540. Defaults to ``True``.
+    :type validate_outbound_headers: ``bool``
+
+    :param normalize_outbound_headers: Controls whether the headers emitted
+        by this object are normalized before sending.  Disabling this setting
+        will cause outbound header normalization to be skipped, and allow
+        the object to emit headers that may be illegal according to
+        RFC 7540. Defaults to ``True``.
+    :type normalize_outbound_headers: ``bool``
+
+    :param validate_inbound_headers: Controls whether the headers received
+        by this object are validated against the rules in RFC 7540.
+        Disabling this setting will cause inbound header validation to
+        be skipped, and allow the object to receive headers that may be illegal
+        according to RFC 7540. Defaults to ``True``.
+    :type validate_inbound_headers: ``bool``
+
+    :param normalize_inbound_headers: Controls whether the headers received by
+        this object are normalized according to the rules of RFC 7540.
+        Disabling this setting may lead to hyper-h2 emitting header blocks that
+        some RFCs forbid, e.g. with multiple cookie fields.
+
+        .. versionadded:: 3.0.0
+
+    :type normalize_inbound_headers: ``bool``
+
+    :param logger: A logger that conforms to the requirements for this module,
+        those being no I/O and no context switches, which is needed in order
+        to run in asynchronous operation.
+
+        .. versionadded:: 2.6.0
+
+    :type logger: ``logging.Logger``
+    """
+    client_side = _BooleanConfigOption('client_side')
+    validate_outbound_headers = _BooleanConfigOption(
+        'validate_outbound_headers'
+    )
+    normalize_outbound_headers = _BooleanConfigOption(
+        'normalize_outbound_headers'
+    )
+    validate_inbound_headers = _BooleanConfigOption(
+        'validate_inbound_headers'
+    )
+    normalize_inbound_headers = _BooleanConfigOption(
+        'normalize_inbound_headers'
+    )
+
+    def __init__(self,
+                 client_side=True,
+                 header_encoding=None,
+                 validate_outbound_headers=True,
+                 normalize_outbound_headers=True,
+                 validate_inbound_headers=True,
+                 normalize_inbound_headers=True,
+                 logger=None):
+        self.client_side = client_side
+        self.header_encoding = header_encoding
+        self.validate_outbound_headers = validate_outbound_headers
+        self.normalize_outbound_headers = normalize_outbound_headers
+        self.validate_inbound_headers = validate_inbound_headers
+        self.normalize_inbound_headers = normalize_inbound_headers
+        self.logger = logger or DummyLogger(__name__)
+
+    @property
+    def header_encoding(self):
+        """
+        Controls whether the headers emitted by this object in events are
+        transparently decoded to ``unicode`` strings, and what encoding is used
+        to do that decoding. This defaults to ``None``, meaning that headers
+        will be returned as bytes. To automatically decode headers (that is, to
+        return them as unicode strings), this can be set to the string name of
+        any encoding, e.g. ``'utf-8'``.
+        """
+        return self._header_encoding
+
+    @header_encoding.setter
+    def header_encoding(self, value):
+        """
+        Enforces constraints on the value of header encoding.
+        """
+        if not isinstance(value, (bool, str, type(None))):
+            raise ValueError("header_encoding must be bool, string, or None")
+        if value is True:
+            raise ValueError("header_encoding cannot be True")
+        self._header_encoding = value
diff --git a/testing/web-platform/tests/tools/third_party/h2/h2/connection.py b/testing/web-platform/tests/tools/third_party/h2/h2/connection.py
new file mode 100644
index 0000000000..35e6fd6da8
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/h2/connection.py
@@ -0,0 +1,2048 @@
+# -*- coding: utf-8 -*-
+"""
+h2/connection
+~~~~~~~~~~~~~
+
+An implementation of a HTTP/2 connection.
+"""
+import base64
+
+from enum import Enum, IntEnum
+
+from hyperframe.exceptions import InvalidPaddingError
+from hyperframe.frame import (
+    GoAwayFrame, WindowUpdateFrame, HeadersFrame, DataFrame, PingFrame,
+    PushPromiseFrame, SettingsFrame, RstStreamFrame, PriorityFrame,
+    ContinuationFrame, AltSvcFrame, ExtensionFrame
+)
+from hpack.hpack import Encoder, Decoder
+from hpack.exceptions import HPACKError, OversizedHeaderListError
+
+from .config import H2Configuration
+from .errors import ErrorCodes, _error_code_from_int
+from .events import (
+    WindowUpdated, RemoteSettingsChanged, PingReceived, PingAckReceived,
+    SettingsAcknowledged, ConnectionTerminated, PriorityUpdated,
+    AlternativeServiceAvailable, UnknownFrameReceived
+)
+from .exceptions import (
+    ProtocolError, NoSuchStreamError, FlowControlError, FrameTooLargeError,
+    TooManyStreamsError, StreamClosedError, StreamIDTooLowError,
+    NoAvailableStreamIDError, RFC1122Error, DenialOfServiceError
+)
+from .frame_buffer import FrameBuffer
+from .settings import Settings, SettingCodes
+from .stream import H2Stream, StreamClosedBy
+from .utilities import SizeLimitDict, guard_increment_window
+from .windows import WindowManager
+
+
+class ConnectionState(Enum):
+    IDLE = 0
+    CLIENT_OPEN = 1
+    SERVER_OPEN = 2
+    CLOSED = 3
+
+
+class ConnectionInputs(Enum):
+    SEND_HEADERS = 0
+    SEND_PUSH_PROMISE = 1
+    SEND_DATA = 2
+    SEND_GOAWAY = 3
+    SEND_WINDOW_UPDATE = 4
+    SEND_PING = 5
+    SEND_SETTINGS = 6
+    SEND_RST_STREAM = 7
+    SEND_PRIORITY = 8
+    RECV_HEADERS = 9
+    RECV_PUSH_PROMISE = 10
+    RECV_DATA = 11
+    RECV_GOAWAY = 12
+    RECV_WINDOW_UPDATE = 13
+    RECV_PING = 14
+    RECV_SETTINGS = 15
+    RECV_RST_STREAM = 16
+    RECV_PRIORITY = 17
+    SEND_ALTERNATIVE_SERVICE = 18  # Added in 2.3.0
+    RECV_ALTERNATIVE_SERVICE = 19  # Added in 2.3.0
+
+
+class AllowedStreamIDs(IntEnum):
+    EVEN = 0
+    ODD = 1
+
+
+class H2ConnectionStateMachine(object):
+    """
+    A single HTTP/2 connection state machine.
+
+    This state machine, while defined in its own class, is logically part of
+    the H2Connection class also defined in this file. The state machine itself
+    maintains very little state directly, instead focusing entirely on managing
+    state transitions.
+    """
+    # For the purposes of this state machine we treat HEADERS and their
+    # associated CONTINUATION frames as a single jumbo frame. The protocol
+    # allows/requires this by preventing other frames from being interleved in
+    # between HEADERS/CONTINUATION frames.
+    #
+    # The _transitions dictionary contains a mapping of tuples of
+    # (state, input) to tuples of (side_effect_function, end_state). This map
+    # contains all allowed transitions: anything not in this map is invalid
+    # and immediately causes a transition to ``closed``.
+
+    _transitions = {
+        # State: idle
+        (ConnectionState.IDLE, ConnectionInputs.SEND_HEADERS):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.IDLE, ConnectionInputs.RECV_HEADERS):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.IDLE, ConnectionInputs.SEND_SETTINGS):
+            (None, ConnectionState.IDLE),
+        (ConnectionState.IDLE, ConnectionInputs.RECV_SETTINGS):
+            (None, ConnectionState.IDLE),
+        (ConnectionState.IDLE, ConnectionInputs.SEND_WINDOW_UPDATE):
+            (None, ConnectionState.IDLE),
+        (ConnectionState.IDLE, ConnectionInputs.RECV_WINDOW_UPDATE):
+            (None, ConnectionState.IDLE),
+        (ConnectionState.IDLE, ConnectionInputs.SEND_PING):
+            (None, ConnectionState.IDLE),
+        (ConnectionState.IDLE, ConnectionInputs.RECV_PING):
+            (None, ConnectionState.IDLE),
+        (ConnectionState.IDLE, ConnectionInputs.SEND_GOAWAY):
+            (None, ConnectionState.CLOSED),
+        (ConnectionState.IDLE, ConnectionInputs.RECV_GOAWAY):
+            (None, ConnectionState.CLOSED),
+        (ConnectionState.IDLE, ConnectionInputs.SEND_PRIORITY):
+            (None, ConnectionState.IDLE),
+        (ConnectionState.IDLE, ConnectionInputs.RECV_PRIORITY):
+            (None, ConnectionState.IDLE),
+        (ConnectionState.IDLE, ConnectionInputs.SEND_ALTERNATIVE_SERVICE):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.IDLE, ConnectionInputs.RECV_ALTERNATIVE_SERVICE):
+            (None, ConnectionState.CLIENT_OPEN),
+
+        # State: open, client side.
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_HEADERS):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_DATA):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_GOAWAY):
+            (None, ConnectionState.CLOSED),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_WINDOW_UPDATE):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_PING):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_SETTINGS):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_PRIORITY):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_HEADERS):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_PUSH_PROMISE):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_DATA):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_GOAWAY):
+            (None, ConnectionState.CLOSED),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_WINDOW_UPDATE):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_PING):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_SETTINGS):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.SEND_RST_STREAM):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_RST_STREAM):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN, ConnectionInputs.RECV_PRIORITY):
+            (None, ConnectionState.CLIENT_OPEN),
+        (ConnectionState.CLIENT_OPEN,
+            ConnectionInputs.RECV_ALTERNATIVE_SERVICE):
+                (None, ConnectionState.CLIENT_OPEN),
+
+        # State: open, server side.
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_HEADERS):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_PUSH_PROMISE):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_DATA):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_GOAWAY):
+            (None, ConnectionState.CLOSED),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_WINDOW_UPDATE):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_PING):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_SETTINGS):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_PRIORITY):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_HEADERS):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_DATA):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_GOAWAY):
+            (None, ConnectionState.CLOSED),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_WINDOW_UPDATE):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_PING):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_SETTINGS):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_PRIORITY):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.SEND_RST_STREAM):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN, ConnectionInputs.RECV_RST_STREAM):
+            (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN,
+            ConnectionInputs.SEND_ALTERNATIVE_SERVICE):
+                (None, ConnectionState.SERVER_OPEN),
+        (ConnectionState.SERVER_OPEN,
+            ConnectionInputs.RECV_ALTERNATIVE_SERVICE):
+                (None, ConnectionState.SERVER_OPEN),
+
+        # State: closed
+        (ConnectionState.CLOSED, ConnectionInputs.SEND_GOAWAY):
+            (None, ConnectionState.CLOSED),
+        (ConnectionState.CLOSED, ConnectionInputs.RECV_GOAWAY):
+            (None, ConnectionState.CLOSED),
+    }
+
+    def __init__(self):
+        self.state = ConnectionState.IDLE
+
+    def process_input(self, input_):
+        """
+        Process a specific input in the state machine.
+        """
+        if not isinstance(input_, ConnectionInputs):
+            raise ValueError("Input must be an instance of ConnectionInputs")
+
+        try:
+            func, target_state = self._transitions[(self.state, input_)]
+        except KeyError:
+            old_state = self.state
+            self.state = ConnectionState.CLOSED
+            raise ProtocolError(
+                "Invalid input %s in state %s" % (input_, old_state)
+            )
+        else:
+            self.state = target_state
+            if func is not None:  # pragma: no cover
+                return func()
+
+            return []
+
+
+class H2Connection(object):
+    """
+    A low-level HTTP/2 connection object. This handles building and receiving
+    frames and maintains both connection and per-stream state for all streams
+    on this connection.
+
+    This wraps a HTTP/2 Connection state machine implementation, ensuring that
+    frames can only be sent/received when the connection is in a valid state.
+    It also builds stream state machines on demand to ensure that the
+    constraints of those state machines are met as well. Attempts to create
+    frames that cannot be sent will raise a ``ProtocolError``.
+
+    .. versionchanged:: 2.3.0
+       Added the ``header_encoding`` keyword argument.
+
+    .. versionchanged:: 2.5.0
+       Added the ``config`` keyword argument. Deprecated the ``client_side``
+       and ``header_encoding`` parameters.
+
+    .. versionchanged:: 3.0.0
+       Removed deprecated parameters and properties.
+
+    :param config: The configuration for the HTTP/2 connection.
+
+        .. versionadded:: 2.5.0
+
+    :type config: :class:`H2Configuration <h2.config.H2Configuration>`
+    """
+    # The initial maximum outbound frame size. This can be changed by receiving
+    # a settings frame.
+    DEFAULT_MAX_OUTBOUND_FRAME_SIZE = 65535
+
+    # The initial maximum inbound frame size. This is somewhat arbitrarily
+    # chosen.
+    DEFAULT_MAX_INBOUND_FRAME_SIZE = 2**24
+
+    # The highest acceptable stream ID.
+    HIGHEST_ALLOWED_STREAM_ID = 2**31 - 1
+
+    # The largest acceptable window increment.
+    MAX_WINDOW_INCREMENT = 2**31 - 1
+
+    # The initial default value of SETTINGS_MAX_HEADER_LIST_SIZE.
+    DEFAULT_MAX_HEADER_LIST_SIZE = 2**16
+
+    # Keep in memory limited amount of results for streams closes
+    MAX_CLOSED_STREAMS = 2**16
+
+    def __init__(self, config=None):
+        self.state_machine = H2ConnectionStateMachine()
+        self.streams = {}
+        self.highest_inbound_stream_id = 0
+        self.highest_outbound_stream_id = 0
+        self.encoder = Encoder()
+        self.decoder = Decoder()
+
+        # This won't always actually do anything: for versions of HPACK older
+        # than 2.3.0 it does nothing. However, we have to try!
+        self.decoder.max_header_list_size = self.DEFAULT_MAX_HEADER_LIST_SIZE
+
+        #: The configuration for this HTTP/2 connection object.
+        #:
+        #: .. versionadded:: 2.5.0
+        self.config = config
+        if self.config is None:
+            self.config = H2Configuration(
+                client_side=True,
+            )
+
+        # Objects that store settings, including defaults.
+        #
+        # We set the MAX_CONCURRENT_STREAMS value to 100 because its default is
+        # unbounded, and that's a dangerous default because it allows
+        # essentially unbounded resources to be allocated regardless of how
+        # they will be used. 100 should be suitable for the average
+        # application. This default obviously does not apply to the remote
+        # peer's settings: the remote peer controls them!
+        #
+        # We also set MAX_HEADER_LIST_SIZE to a reasonable value. This is to
+        # advertise our defence against CVE-2016-6581. However, not all
+        # versions of HPACK will let us do it. That's ok: we should at least
+        # suggest that we're not vulnerable.
+        self.local_settings = Settings(
+            client=self.config.client_side,
+            initial_values={
+                SettingCodes.MAX_CONCURRENT_STREAMS: 100,
+                SettingCodes.MAX_HEADER_LIST_SIZE:
+                    self.DEFAULT_MAX_HEADER_LIST_SIZE,
+            }
+        )
+        self.remote_settings = Settings(client=not self.config.client_side)
+
+        # The current value of the connection flow control windows on the
+        # connection.
+        self.outbound_flow_control_window = (
+            self.remote_settings.initial_window_size
+        )
+
+        #: The maximum size of a frame that can be emitted by this peer, in
+        #: bytes.
+        self.max_outbound_frame_size = self.remote_settings.max_frame_size
+
+        #: The maximum size of a frame that can be received by this peer, in
+        #: bytes.
+        self.max_inbound_frame_size = self.local_settings.max_frame_size
+
+        # Buffer for incoming data.
+        self.incoming_buffer = FrameBuffer(server=not self.config.client_side)
+
+        # A private variable to store a sequence of received header frames
+        # until completion.
+        self._header_frames = []
+
+        # Data that needs to be sent.
+        self._data_to_send = bytearray()
+
+        # Keeps track of how streams are closed.
+        # Used to ensure that we don't blow up in the face of frames that were
+        # in flight when a RST_STREAM was sent.
+        # Also used to determine whether we should consider a frame received
+        # while a stream is closed as either a stream error or a connection
+        # error.
+        self._closed_streams = SizeLimitDict(
+            size_limit=self.MAX_CLOSED_STREAMS
+        )
+
+        # The flow control window manager for the connection.
+        self._inbound_flow_control_window_manager = WindowManager(
+            max_window_size=self.local_settings.initial_window_size
+        )
+
+        # When in doubt use dict-dispatch.
+        self._frame_dispatch_table = {
+            HeadersFrame: self._receive_headers_frame,
+            PushPromiseFrame: self._receive_push_promise_frame,
+            SettingsFrame: self._receive_settings_frame,
+            DataFrame: self._receive_data_frame,
+            WindowUpdateFrame: self._receive_window_update_frame,
+            PingFrame: self._receive_ping_frame,
+            RstStreamFrame: self._receive_rst_stream_frame,
+            PriorityFrame: self._receive_priority_frame,
+            GoAwayFrame: self._receive_goaway_frame,
+            ContinuationFrame: self._receive_naked_continuation,
+            AltSvcFrame: self._receive_alt_svc_frame,
+            ExtensionFrame: self._receive_unknown_frame
+        }
+
+    def _prepare_for_sending(self, frames):
+        if not frames:
+            return
+        self._data_to_send += b''.join(f.serialize() for f in frames)
+        assert all(f.body_len <= self.max_outbound_frame_size for f in frames)
+
+    def _open_streams(self, remainder):
+        """
+        A common method of counting number of open streams. Returns the number
+        of streams that are open *and* that have (stream ID % 2) == remainder.
+        While it iterates, also deletes any closed streams.
+        """
+        count = 0
+        to_delete = []
+
+        for stream_id, stream in self.streams.items():
+            if stream.open and (stream_id % 2 == remainder):
+                count += 1
+            elif stream.closed:
+                to_delete.append(stream_id)
+
+        for stream_id in to_delete:
+            stream = self.streams.pop(stream_id)
+            self._closed_streams[stream_id] = stream.closed_by
+
+        return count
+
+    @property
+    def open_outbound_streams(self):
+        """
+        The current number of open outbound streams.
+        """
+        outbound_numbers = int(self.config.client_side)
+        return self._open_streams(outbound_numbers)
+
+    @property
+    def open_inbound_streams(self):
+        """
+        The current number of open inbound streams.
+        """
+        inbound_numbers = int(not self.config.client_side)
+        return self._open_streams(inbound_numbers)
+
+    @property
+    def inbound_flow_control_window(self):
+        """
+        The size of the inbound flow control window for the connection. This is
+        rarely publicly useful: instead, use :meth:`remote_flow_control_window
+        <h2.connection.H2Connection.remote_flow_control_window>`. This
+        shortcut is largely present to provide a shortcut to this data.
+        """
+        return self._inbound_flow_control_window_manager.current_window_size
+
+    def _begin_new_stream(self, stream_id, allowed_ids):
+        """
+        Initiate a new stream.
+
+        .. versionchanged:: 2.0.0
+           Removed this function from the public API.
+
+        :param stream_id: The ID of the stream to open.
+        :param allowed_ids: What kind of stream ID is allowed.
+        """
+        self.config.logger.debug(
+            "Attempting to initiate stream ID %d", stream_id
+        )
+        outbound = self._stream_id_is_outbound(stream_id)
+        highest_stream_id = (
+            self.highest_outbound_stream_id if outbound else
+            self.highest_inbound_stream_id
+        )
+
+        if stream_id <= highest_stream_id:
+            raise StreamIDTooLowError(stream_id, highest_stream_id)
+
+        if (stream_id % 2) != int(allowed_ids):
+            raise ProtocolError(
+                "Invalid stream ID for peer."
+            )
+
+        s = H2Stream(
+            stream_id,
+            config=self.config,
+            inbound_window_size=self.local_settings.initial_window_size,
+            outbound_window_size=self.remote_settings.initial_window_size
+        )
+        self.config.logger.debug("Stream ID %d created", stream_id)
+        s.max_inbound_frame_size = self.max_inbound_frame_size
+        s.max_outbound_frame_size = self.max_outbound_frame_size
+
+        self.streams[stream_id] = s
+        self.config.logger.debug("Current streams: %s", self.streams.keys())
+
+        if outbound:
+            self.highest_outbound_stream_id = stream_id
+        else:
+            self.highest_inbound_stream_id = stream_id
+
+        return s
+
+    def initiate_connection(self):
+        """
+        Provides any data that needs to be sent at the start of the connection.
+        Must be called for both clients and servers.
+        """
+        self.config.logger.debug("Initializing connection")
+        self.state_machine.process_input(ConnectionInputs.SEND_SETTINGS)
+        if self.config.client_side:
+            preamble = b'PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n'
+        else:
+            preamble = b''
+
+        f = SettingsFrame(0)
+        for setting, value in self.local_settings.items():
+            f.settings[setting] = value
+        self.config.logger.debug(
+            "Send Settings frame: %s", self.local_settings
+        )
+
+        self._data_to_send += preamble + f.serialize()
+
+    def initiate_upgrade_connection(self, settings_header=None):
+        """
+        Call to initialise the connection object for use with an upgraded
+        HTTP/2 connection (i.e. a connection negotiated using the
+        ``Upgrade: h2c`` HTTP header).
+
+        This method differs from :meth:`initiate_connection
+        <h2.connection.H2Connection.initiate_connection>` in several ways.
+        Firstly, it handles the additional SETTINGS frame that is sent in the
+        ``HTTP2-Settings`` header field. When called on a client connection,
+        this method will return a bytestring that the caller can put in the
+        ``HTTP2-Settings`` field they send on their initial request. When
+        called on a server connection, the user **must** provide the value they
+        received from the client in the ``HTTP2-Settings`` header field to the
+        ``settings_header`` argument, which will be used appropriately.
+
+        Additionally, this method sets up stream 1 in a half-closed state
+        appropriate for this side of the connection, to reflect the fact that
+        the request is already complete.
+
+        Finally, this method also prepares the appropriate preamble to be sent
+        after the upgrade.
+
+        .. versionadded:: 2.3.0
+
+        :param settings_header: (optional, server-only): The value of the
+             ``HTTP2-Settings`` header field received from the client.
+        :type settings_header: ``bytes``
+
+        :returns: For clients, a bytestring to put in the ``HTTP2-Settings``.
+            For servers, returns nothing.
+        :rtype: ``bytes`` or ``None``
+        """
+        self.config.logger.debug(
+            "Upgrade connection. Current settings: %s", self.local_settings
+        )
+
+        frame_data = None
+        # Begin by getting the preamble in place.
+        self.initiate_connection()
+
+        if self.config.client_side:
+            f = SettingsFrame(0)
+            for setting, value in self.local_settings.items():
+                f.settings[setting] = value
+
+            frame_data = f.serialize_body()
+            frame_data = base64.urlsafe_b64encode(frame_data)
+        elif settings_header:
+            # We have a settings header from the client. This needs to be
+            # applied, but we want to throw away the ACK. We do this by
+            # inserting the data into a Settings frame and then passing it to
+            # the state machine, but ignoring the return value.
+            settings_header = base64.urlsafe_b64decode(settings_header)
+            f = SettingsFrame(0)
+            f.parse_body(settings_header)
+            self._receive_settings_frame(f)
+
+        # Set up appropriate state. Stream 1 in a half-closed state:
+        # half-closed(local) for clients, half-closed(remote) for servers.
+        # Additionally, we need to set up the Connection state machine.
+        connection_input = (
+            ConnectionInputs.SEND_HEADERS if self.config.client_side
+            else ConnectionInputs.RECV_HEADERS
+        )
+        self.config.logger.debug("Process input %s", connection_input)
+        self.state_machine.process_input(connection_input)
+
+        # Set up stream 1.
+        self._begin_new_stream(stream_id=1, allowed_ids=AllowedStreamIDs.ODD)
+        self.streams[1].upgrade(self.config.client_side)
+        return frame_data
+
+    def _get_or_create_stream(self, stream_id, allowed_ids):
+        """
+        Gets a stream by its stream ID. Will create one if one does not already
+        exist. Use allowed_ids to circumvent the usual stream ID rules for
+        clients and servers.
+
+        .. versionchanged:: 2.0.0
+           Removed this function from the public API.
+        """
+        try:
+            return self.streams[stream_id]
+        except KeyError:
+            return self._begin_new_stream(stream_id, allowed_ids)
+
+    def _get_stream_by_id(self, stream_id):
+        """
+        Gets a stream by its stream ID. Raises NoSuchStreamError if the stream
+        ID does not correspond to a known stream and is higher than the current
+        maximum: raises if it is lower than the current maximum.
+
+        .. versionchanged:: 2.0.0
+           Removed this function from the public API.
+        """
+        try:
+            return self.streams[stream_id]
+        except KeyError:
+            outbound = self._stream_id_is_outbound(stream_id)
+            highest_stream_id = (
+                self.highest_outbound_stream_id if outbound else
+                self.highest_inbound_stream_id
+            )
+
+            if stream_id > highest_stream_id:
+                raise NoSuchStreamError(stream_id)
+            else:
+                raise StreamClosedError(stream_id)
+
+    def get_next_available_stream_id(self):
+        """
+        Returns an integer suitable for use as the stream ID for the next
+        stream created by this endpoint. For server endpoints, this stream ID
+        will be even. For client endpoints, this stream ID will be odd. If no
+        stream IDs are available, raises :class:`NoAvailableStreamIDError
+        <h2.exceptions.NoAvailableStreamIDError>`.
+
+        .. warning:: The return value from this function does not change until
+                     the stream ID has actually been used by sending or pushing
+                     headers on that stream. For that reason, it should be
+                     called as close as possible to the actual use of the
+                     stream ID.
+
+        .. versionadded:: 2.0.0
+
+        :raises: :class:`NoAvailableStreamIDError
+            <h2.exceptions.NoAvailableStreamIDError>`
+        :returns: The next free stream ID this peer can use to initiate a
+            stream.
+        :rtype: ``int``
+        """
+        # No streams have been opened yet, so return the lowest allowed stream
+        # ID.
+        if not self.highest_outbound_stream_id:
+            next_stream_id = 1 if self.config.client_side else 2
+        else:
+            next_stream_id = self.highest_outbound_stream_id + 2
+        self.config.logger.debug(
+            "Next available stream ID %d", next_stream_id
+        )
+        if next_stream_id > self.HIGHEST_ALLOWED_STREAM_ID:
+            raise NoAvailableStreamIDError("Exhausted allowed stream IDs")
+
+        return next_stream_id
+
+    def send_headers(self, stream_id, headers, end_stream=False,
+                     priority_weight=None, priority_depends_on=None,
+                     priority_exclusive=None):
+        """
+        Send headers on a given stream.
+
+        This function can be used to send request or response headers: the kind
+        that are sent depends on whether this connection has been opened as a
+        client or server connection, and whether the stream was opened by the
+        remote peer or not.
+
+        If this is a client connection, calling ``send_headers`` will send the
+        headers as a request. It will also implicitly open the stream being
+        used. If this is a client connection and ``send_headers`` has *already*
+        been called, this will send trailers instead.
+
+        If this is a server connection, calling ``send_headers`` will send the
+        headers as a response. It is a protocol error for a server to open a
+        stream by sending headers. If this is a server connection and
+        ``send_headers`` has *already* been called, this will send trailers
+        instead.
+
+        When acting as a server, you may call ``send_headers`` any number of
+        times allowed by the following rules, in this order:
+
+        - zero or more times with ``(':status', '1XX')`` (where ``1XX`` is a
+          placeholder for any 100-level status code).
+        - once with any other status header.
+        - zero or one time for trailers.
+
+        That is, you are allowed to send as many informational responses as you
+        like, followed by one complete response and zero or one HTTP trailer
+        blocks.
+
+        Clients may send one or two header blocks: one request block, and
+        optionally one trailer block.
+
+        If it is important to send HPACK "never indexed" header fields (as
+        defined in `RFC 7451 Section 7.1.3
+        <https://tools.ietf.org/html/rfc7541#section-7.1.3>`_), the user may
+        instead provide headers using the HPACK library's :class:`HeaderTuple
+        <hpack:hpack.HeaderTuple>` and :class:`NeverIndexedHeaderTuple
+        <hpack:hpack.NeverIndexedHeaderTuple>` objects.
+
+        This method also allows users to prioritize the stream immediately,
+        by sending priority information on the HEADERS frame directly. To do
+        this, any one of ``priority_weight``, ``priority_depends_on``, or
+        ``priority_exclusive`` must be set to a value that is not ``None``. For
+        more information on the priority fields, see :meth:`prioritize
+        <h2.connection.H2Connection.prioritize>`.
+
+        .. warning:: In HTTP/2, it is mandatory that all the HTTP/2 special
+            headers (that is, ones whose header keys begin with ``:``) appear
+            at the start of the header block, before any normal headers.
+
+        .. versionchanged:: 2.3.0
+           Added support for using :class:`HeaderTuple
+           <hpack:hpack.HeaderTuple>` objects to store headers.
+
+        .. versionchanged:: 2.4.0
+           Added the ability to provide priority keyword arguments:
+           ``priority_weight``, ``priority_depends_on``, and
+           ``priority_exclusive``.
+
+        :param stream_id: The stream ID to send the headers on. If this stream
+            does not currently exist, it will be created.
+        :type stream_id: ``int``
+
+        :param headers: The request/response headers to send.
+        :type headers: An iterable of two tuples of bytestrings or
+            :class:`HeaderTuple <hpack:hpack.HeaderTuple>` objects.
+
+        :param end_stream: Whether this headers frame should end the stream
+            immediately (that is, whether no more data will be sent after this
+            frame). Defaults to ``False``.
+        :type end_stream: ``bool``
+
+        :param priority_weight: Sets the priority weight of the stream. See
+            :meth:`prioritize <h2.connection.H2Connection.prioritize>` for more
+            about how this field works. Defaults to ``None``, which means that
+            no priority information will be sent.
+        :type priority_weight: ``int`` or ``None``
+
+        :param priority_depends_on: Sets which stream this one depends on for
+            priority purposes. See :meth:`prioritize
+            <h2.connection.H2Connection.prioritize>` for more about how this
+            field works. Defaults to ``None``, which means that no priority
+            information will be sent.
+        :type priority_depends_on: ``int`` or ``None``
+
+        :param priority_exclusive: Sets whether this stream exclusively depends
+            on the stream given in ``priority_depends_on`` for priority
+            purposes. See :meth:`prioritize
+            <h2.connection.H2Connection.prioritize>` for more about how this
+            field workds. Defaults to ``None``, which means that no priority
+            information will be sent.
+        :type priority_depends_on: ``bool`` or ``None``
+
+        :returns: Nothing
+        """
+        self.config.logger.debug(
+            "Send headers on stream ID %d", stream_id
+        )
+
+        # Check we can open the stream.
+        if stream_id not in self.streams:
+            max_open_streams = self.remote_settings.max_concurrent_streams
+            if (self.open_outbound_streams + 1) > max_open_streams:
+                raise TooManyStreamsError(
+                    "Max outbound streams is %d, %d open" %
+                    (max_open_streams, self.open_outbound_streams)
+                )
+
+        self.state_machine.process_input(ConnectionInputs.SEND_HEADERS)
+        stream = self._get_or_create_stream(
+            stream_id, AllowedStreamIDs(self.config.client_side)
+        )
+        frames = stream.send_headers(
+            headers, self.encoder, end_stream
+        )
+
+        # We may need to send priority information.
+        priority_present = (
+            (priority_weight is not None) or
+            (priority_depends_on is not None) or
+            (priority_exclusive is not None)
+        )
+
+        if priority_present:
+            if not self.config.client_side:
+                raise RFC1122Error("Servers SHOULD NOT prioritize streams.")
+
+            headers_frame = frames[0]
+            headers_frame.flags.add('PRIORITY')
+            frames[0] = _add_frame_priority(
+                headers_frame,
+                priority_weight,
+                priority_depends_on,
+                priority_exclusive
+            )
+
+        self._prepare_for_sending(frames)
+
+    def send_data(self, stream_id, data, end_stream=False, pad_length=None):
+        """
+        Send data on a given stream.
+
+        This method does no breaking up of data: if the data is larger than the
+        value returned by :meth:`local_flow_control_window
+        <h2.connection.H2Connection.local_flow_control_window>` for this stream
+        then a :class:`FlowControlError <h2.exceptions.FlowControlError>` will
+        be raised. If the data is larger than :data:`max_outbound_frame_size
+        <h2.connection.H2Connection.max_outbound_frame_size>` then a
+        :class:`FrameTooLargeError <h2.exceptions.FrameTooLargeError>` will be
+        raised.
+
+        Hyper-h2 does this to avoid buffering the data internally. If the user
+        has more data to send than hyper-h2 will allow, consider breaking it up
+        and buffering it externally.
+
+        :param stream_id: The ID of the stream on which to send the data.
+        :type stream_id: ``int``
+        :param data: The data to send on the stream.
+        :type data: ``bytes``
+        :param end_stream: (optional) Whether this is the last data to be sent
+            on the stream. Defaults to ``False``.
+        :type end_stream: ``bool``
+        :param pad_length: (optional) Length of the padding to apply to the
+            data frame. Defaults to ``None`` for no use of padding. Note that
+            a value of ``0`` results in padding of length ``0``
+            (with the "padding" flag set on the frame).
+
+            .. versionadded:: 2.6.0
+
+        :type pad_length: ``int``
+        :returns: Nothing
+        """
+        self.config.logger.debug(
+            "Send data on stream ID %d with len %d", stream_id, len(data)
+        )
+        frame_size = len(data)
+        if pad_length is not None:
+            if not isinstance(pad_length, int):
+                raise TypeError("pad_length must be an int")
+            if pad_length < 0 or pad_length > 255:
+                raise ValueError("pad_length must be within range: [0, 255]")
+            # Account for padding bytes plus the 1-byte padding length field.
+            frame_size += pad_length + 1
+        self.config.logger.debug(
+            "Frame size on stream ID %d is %d", stream_id, frame_size
+        )
+
+        if frame_size > self.local_flow_control_window(stream_id):
+            raise FlowControlError(
+                "Cannot send %d bytes, flow control window is %d." %
+                (frame_size, self.local_flow_control_window(stream_id))
+            )
+        elif frame_size > self.max_outbound_frame_size:
+            raise FrameTooLargeError(
+                "Cannot send frame size %d, max frame size is %d" %
+                (frame_size, self.max_outbound_frame_size)
+            )
+
+        self.state_machine.process_input(ConnectionInputs.SEND_DATA)
+        frames = self.streams[stream_id].send_data(
+            data, end_stream, pad_length=pad_length
+        )
+
+        self._prepare_for_sending(frames)
+
+        self.outbound_flow_control_window -= frame_size
+        self.config.logger.debug(
+            "Outbound flow control window size is %d",
+            self.outbound_flow_control_window
+        )
+        assert self.outbound_flow_control_window >= 0
+
+    def end_stream(self, stream_id):
+        """
+        Cleanly end a given stream.
+
+        This method ends a stream by sending an empty DATA frame on that stream
+        with the ``END_STREAM`` flag set.
+
+        :param stream_id: The ID of the stream to end.
+        :type stream_id: ``int``
+        :returns: Nothing
+        """
+        self.config.logger.debug("End stream ID %d", stream_id)
+        self.state_machine.process_input(ConnectionInputs.SEND_DATA)
+        frames = self.streams[stream_id].end_stream()
+        self._prepare_for_sending(frames)
+
+    def increment_flow_control_window(self, increment, stream_id=None):
+        """
+        Increment a flow control window, optionally for a single stream. Allows
+        the remote peer to send more data.
+
+        .. versionchanged:: 2.0.0
+           Rejects attempts to increment the flow control window by out of
+           range values with a ``ValueError``.
+
+        :param increment: The amount to increment the flow control window by.
+        :type increment: ``int``
+        :param stream_id: (optional) The ID of the stream that should have its
+            flow control window opened. If not present or ``None``, the
+            connection flow control window will be opened instead.
+        :type stream_id: ``int`` or ``None``
+        :returns: Nothing
+        :raises: ``ValueError``
+        """
+        if not (1 <= increment <= self.MAX_WINDOW_INCREMENT):
+            raise ValueError(
+                "Flow control increment must be between 1 and %d" %
+                self.MAX_WINDOW_INCREMENT
+            )
+
+        self.state_machine.process_input(ConnectionInputs.SEND_WINDOW_UPDATE)
+
+        if stream_id is not None:
+            stream = self.streams[stream_id]
+            frames = stream.increase_flow_control_window(
+                increment
+            )
+
+            self.config.logger.debug(
+                "Increase stream ID %d flow control window by %d",
+                stream_id, increment
+            )
+        else:
+            self._inbound_flow_control_window_manager.window_opened(increment)
+            f = WindowUpdateFrame(0)
+            f.window_increment = increment
+            frames = [f]
+
+            self.config.logger.debug(
+                "Increase connection flow control window by %d", increment
+            )
+
+        self._prepare_for_sending(frames)
+
+    def push_stream(self, stream_id, promised_stream_id, request_headers):
+        """
+        Push a response to the client by sending a PUSH_PROMISE frame.
+
+        If it is important to send HPACK "never indexed" header fields (as
+        defined in `RFC 7451 Section 7.1.3
+        <https://tools.ietf.org/html/rfc7541#section-7.1.3>`_), the user may
+        instead provide headers using the HPACK library's :class:`HeaderTuple
+        <hpack:hpack.HeaderTuple>` and :class:`NeverIndexedHeaderTuple
+        <hpack:hpack.NeverIndexedHeaderTuple>` objects.
+
+        :param stream_id: The ID of the stream that this push is a response to.
+        :type stream_id: ``int``
+        :param promised_stream_id: The ID of the stream that the pushed
+            response will be sent on.
+        :type promised_stream_id: ``int``
+        :param request_headers: The headers of the request that the pushed
+            response will be responding to.
+        :type request_headers: An iterable of two tuples of bytestrings or
+            :class:`HeaderTuple <hpack:hpack.HeaderTuple>` objects.
+        :returns: Nothing
+        """
+        self.config.logger.debug(
+            "Send Push Promise frame on stream ID %d", stream_id
+        )
+
+        if not self.remote_settings.enable_push:
+            raise ProtocolError("Remote peer has disabled stream push")
+
+        self.state_machine.process_input(ConnectionInputs.SEND_PUSH_PROMISE)
+        stream = self._get_stream_by_id(stream_id)
+
+        # We need to prevent users pushing streams in response to streams that
+        # they themselves have already pushed: see #163 and RFC 7540 § 6.6. The
+        # easiest way to do that is to assert that the stream_id is not even:
+        # this shortcut works because only servers can push and the state
+        # machine will enforce this.
+        if (stream_id % 2) == 0:
+            raise ProtocolError("Cannot recursively push streams.")
+
+        new_stream = self._begin_new_stream(
+            promised_stream_id, AllowedStreamIDs.EVEN
+        )
+        self.streams[promised_stream_id] = new_stream
+
+        frames = stream.push_stream_in_band(
+            promised_stream_id, request_headers, self.encoder
+        )
+        new_frames = new_stream.locally_pushed()
+        self._prepare_for_sending(frames + new_frames)
+
+    def ping(self, opaque_data):
+        """
+        Send a PING frame.
+
+        :param opaque_data: A bytestring of length 8 that will be sent in the
+                            PING frame.
+        :returns: Nothing
+        """
+        self.config.logger.debug("Send Ping frame")
+
+        if not isinstance(opaque_data, bytes) or len(opaque_data) != 8:
+            raise ValueError("Invalid value for ping data: %r" % opaque_data)
+
+        self.state_machine.process_input(ConnectionInputs.SEND_PING)
+        f = PingFrame(0)
+        f.opaque_data = opaque_data
+        self._prepare_for_sending([f])
+
+    def reset_stream(self, stream_id, error_code=0):
+        """
+        Reset a stream.
+
+        This method forcibly closes a stream by sending a RST_STREAM frame for
+        a given stream. This is not a graceful closure. To gracefully end a
+        stream, try the :meth:`end_stream
+        <h2.connection.H2Connection.end_stream>` method.
+
+        :param stream_id: The ID of the stream to reset.
+        :type stream_id: ``int``
+        :param error_code: (optional) The error code to use to reset the
+            stream. Defaults to :data:`ErrorCodes.NO_ERROR
+            <h2.errors.ErrorCodes.NO_ERROR>`.
+        :type error_code: ``int``
+        :returns: Nothing
+        """
+        self.config.logger.debug("Reset stream ID %d", stream_id)
+        self.state_machine.process_input(ConnectionInputs.SEND_RST_STREAM)
+        stream = self._get_stream_by_id(stream_id)
+        frames = stream.reset_stream(error_code)
+        self._prepare_for_sending(frames)
+
+    def close_connection(self, error_code=0, additional_data=None,
+                         last_stream_id=None):
+
+        """
+        Close a connection, emitting a GOAWAY frame.
+
+        .. versionchanged:: 2.4.0
+           Added ``additional_data`` and ``last_stream_id`` arguments.
+
+        :param error_code: (optional) The error code to send in the GOAWAY
+            frame.
+        :param additional_data: (optional) Additional debug data indicating
+            a reason for closing the connection. Must be a bytestring.
+        :param last_stream_id: (optional) The last stream which was processed
+            by the sender. Defaults to ``highest_inbound_stream_id``.
+        :returns: Nothing
+        """
+        self.config.logger.debug("Close connection")
+        self.state_machine.process_input(ConnectionInputs.SEND_GOAWAY)
+
+        # Additional_data must be bytes
+        if additional_data is not None:
+            assert isinstance(additional_data, bytes)
+
+        if last_stream_id is None:
+            last_stream_id = self.highest_inbound_stream_id
+
+        f = GoAwayFrame(
+            stream_id=0,
+            last_stream_id=last_stream_id,
+            error_code=error_code,
+            additional_data=(additional_data or b'')
+        )
+        self._prepare_for_sending([f])
+
+    def update_settings(self, new_settings):
+        """
+        Update the local settings. This will prepare and emit the appropriate
+        SETTINGS frame.
+
+        :param new_settings: A dictionary of {setting: new value}
+        """
+        self.config.logger.debug(
+            "Update connection settings to %s", new_settings
+        )
+        self.state_machine.process_input(ConnectionInputs.SEND_SETTINGS)
+        self.local_settings.update(new_settings)
+        s = SettingsFrame(0)
+        s.settings = new_settings
+        self._prepare_for_sending([s])
+
+    def advertise_alternative_service(self,
+                                      field_value,
+                                      origin=None,
+                                      stream_id=None):
+        """
+        Notify a client about an available Alternative Service.
+
+        An Alternative Service is defined in `RFC 7838
+        <https://tools.ietf.org/html/rfc7838>`_. An Alternative Service
+        notification informs a client that a given origin is also available
+        elsewhere.
+
+        Alternative Services can be advertised in two ways. Firstly, they can
+        be advertised explicitly: that is, a server can say "origin X is also
+        available at Y". To advertise like this, set the ``origin`` argument
+        and not the ``stream_id`` argument. Alternatively, they can be
+        advertised implicitly: that is, a server can say "the origin you're
+        contacting on stream X is also available at Y". To advertise like this,
+        set the ``stream_id`` argument and not the ``origin`` argument.
+
+        The explicit method of advertising can be done as long as the
+        connection is active. The implicit method can only be done after the
+        client has sent the request headers and before the server has sent the
+        response headers: outside of those points, Hyper-h2 will forbid sending
+        the Alternative Service advertisement by raising a ProtocolError.
+
+        The ``field_value`` parameter is specified in RFC 7838. Hyper-h2 does
+        not validate or introspect this argument: the user is required to
+        ensure that it's well-formed. ``field_value`` corresponds to RFC 7838's
+        "Alternative Service Field Value".
+
+        .. note:: It is strongly preferred to use the explicit method of
+                  advertising Alternative Services. The implicit method of
+                  advertising Alternative Services has a number of subtleties
+                  and can lead to inconsistencies between the server and
+                  client. Hyper-h2 allows both mechanisms, but caution is
+                  strongly advised.
+
+        .. versionadded:: 2.3.0
+
+        :param field_value: The RFC 7838 Alternative Service Field Value. This
+            argument is not introspected by Hyper-h2: the user is responsible
+            for ensuring that it is well-formed.
+        :type field_value: ``bytes``
+
+        :param origin: The origin/authority to which the Alternative Service
+            being advertised applies. Must not be provided at the same time as
+            ``stream_id``.
+        :type origin: ``bytes`` or ``None``
+
+        :param stream_id: The ID of the stream which was sent to the authority
+            for which this Alternative Service advertisement applies. Must not
+            be provided at the same time as ``origin``.
+        :type stream_id: ``int`` or ``None``
+
+        :returns: Nothing.
+        """
+        if not isinstance(field_value, bytes):
+            raise ValueError("Field must be bytestring.")
+
+        if origin is not None and stream_id is not None:
+            raise ValueError("Must not provide both origin and stream_id")
+
+        self.state_machine.process_input(
+            ConnectionInputs.SEND_ALTERNATIVE_SERVICE
+        )
+
+        if origin is not None:
+            # This ALTSVC is sent on stream zero.
+            f = AltSvcFrame(stream_id=0)
+            f.origin = origin
+            f.field = field_value
+            frames = [f]
+        else:
+            stream = self._get_stream_by_id(stream_id)
+            frames = stream.advertise_alternative_service(field_value)
+
+        self._prepare_for_sending(frames)
+
+    def prioritize(self, stream_id, weight=None, depends_on=None,
+                   exclusive=None):
+        """
+        Notify a server about the priority of a stream.
+
+        Stream priorities are a form of guidance to a remote server: they
+        inform the server about how important a given response is, so that the
+        server may allocate its resources (e.g. bandwidth, CPU time, etc.)
+        accordingly. This exists to allow clients to ensure that the most
+        important data arrives earlier, while less important data does not
+        starve out the more important data.
+
+        Stream priorities are explained in depth in `RFC 7540 Section 5.3
+        <https://tools.ietf.org/html/rfc7540#section-5.3>`_.
+
+        This method updates the priority information of a single stream. It may
+        be called well before a stream is actively in use, or well after a
+        stream is closed.
+
+        .. warning:: RFC 7540 allows for servers to change the priority of
+                     streams. However, hyper-h2 **does not** allow server
+                     stacks to do this. This is because most clients do not
+                     adequately know how to respond when provided conflicting
+                     priority information, and relatively little utility is
+                     provided by making that functionality available.
+
+        .. note:: hyper-h2 **does not** maintain any information about the
+                  RFC 7540 priority tree. That means that hyper-h2 does not
+                  prevent incautious users from creating invalid priority
+                  trees, particularly by creating priority loops. While some
+                  basic error checking is provided by hyper-h2, users are
+                  strongly recommended to understand their prioritisation
+                  strategies before using the priority tools here.
+
+        .. note:: Priority information is strictly advisory. Servers are
+                  allowed to disregard it entirely. Avoid relying on the idea
+                  that your priority signaling will definitely be obeyed.
+
+        .. versionadded:: 2.4.0
+
+        :param stream_id: The ID of the stream to prioritize.
+        :type stream_id: ``int``
+
+        :param weight: The weight to give the stream. Defaults to ``16``, the
+             default weight of any stream. May be any value between ``1`` and
+             ``256`` inclusive. The relative weight of a stream indicates what
+             proportion of available resources will be allocated to that
+             stream.
+        :type weight: ``int``
+
+        :param depends_on: The ID of the stream on which this stream depends.
+             This stream will only be progressed if it is impossible to
+             progress the parent stream (the one on which this one depends).
+             Passing the value ``0`` means that this stream does not depend on
+             any other. Defaults to ``0``.
+        :type depends_on: ``int``
+
+        :param exclusive: Whether this stream is an exclusive dependency of its
+            "parent" stream (i.e. the stream given by ``depends_on``). If a
+            stream is an exclusive dependency of another, that means that all
+            previously-set children of the parent are moved to become children
+            of the new exclusively-dependent stream. Defaults to ``False``.
+        :type exclusive: ``bool``
+        """
+        if not self.config.client_side:
+            raise RFC1122Error("Servers SHOULD NOT prioritize streams.")
+
+        self.state_machine.process_input(
+            ConnectionInputs.SEND_PRIORITY
+        )
+
+        frame = PriorityFrame(stream_id)
+        frame = _add_frame_priority(frame, weight, depends_on, exclusive)
+
+        self._prepare_for_sending([frame])
+
+    def local_flow_control_window(self, stream_id):
+        """
+        Returns the maximum amount of data that can be sent on stream
+        ``stream_id``.
+
+        This value will never be larger than the total data that can be sent on
+        the connection: even if the given stream allows more data, the
+        connection window provides a logical maximum to the amount of data that
+        can be sent.
+
+        The maximum data that can be sent in a single data frame on a stream
+        is either this value, or the maximum frame size, whichever is
+        *smaller*.
+
+        :param stream_id: The ID of the stream whose flow control window is
+            being queried.
+        :type stream_id: ``int``
+        :returns: The amount of data in bytes that can be sent on the stream
+            before the flow control window is exhausted.
+        :rtype: ``int``
+        """
+        stream = self._get_stream_by_id(stream_id)
+        return min(
+            self.outbound_flow_control_window,
+            stream.outbound_flow_control_window
+        )
+
+    def remote_flow_control_window(self, stream_id):
+        """
+        Returns the maximum amount of data the remote peer can send on stream
+        ``stream_id``.
+
+        This value will never be larger than the total data that can be sent on
+        the connection: even if the given stream allows more data, the
+        connection window provides a logical maximum to the amount of data that
+        can be sent.
+
+        The maximum data that can be sent in a single data frame on a stream
+        is either this value, or the maximum frame size, whichever is
+        *smaller*.
+
+        :param stream_id: The ID of the stream whose flow control window is
+            being queried.
+        :type stream_id: ``int``
+        :returns: The amount of data in bytes that can be received on the
+            stream before the flow control window is exhausted.
+        :rtype: ``int``
+        """
+        stream = self._get_stream_by_id(stream_id)
+        return min(
+            self.inbound_flow_control_window,
+            stream.inbound_flow_control_window
+        )
+
+    def acknowledge_received_data(self, acknowledged_size, stream_id):
+        """
+        Inform the :class:`H2Connection <h2.connection.H2Connection>` that a
+        certain number of flow-controlled bytes have been processed, and that
+        the space should be handed back to the remote peer at an opportune
+        time.
+
+        .. versionadded:: 2.5.0
+
+        :param acknowledged_size: The total *flow-controlled size* of the data
+            that has been processed. Note that this must include the amount of
+            padding that was sent with that data.
+        :type acknowledged_size: ``int``
+        :param stream_id: The ID of the stream on which this data was received.
+        :type stream_id: ``int``
+        :returns: Nothing
+        :rtype: ``None``
+        """
+        self.config.logger.debug(
+            "Ack received data on stream ID %d with size %d",
+            stream_id, acknowledged_size
+        )
+        if stream_id <= 0:
+            raise ValueError(
+                "Stream ID %d is not valid for acknowledge_received_data" %
+                stream_id
+            )
+        if acknowledged_size < 0:
+            raise ValueError("Cannot acknowledge negative data")
+
+        frames = []
+
+        conn_manager = self._inbound_flow_control_window_manager
+        conn_increment = conn_manager.process_bytes(acknowledged_size)
+        if conn_increment:
+            f = WindowUpdateFrame(0)
+            f.window_increment = conn_increment
+            frames.append(f)
+
+        try:
+            stream = self._get_stream_by_id(stream_id)
+        except StreamClosedError:
+            # The stream is already gone. We're not worried about incrementing
+            # the window in this case.
+            pass
+        else:
+            # No point incrementing the windows of closed streams.
+            if stream.open:
+                frames.extend(
+                    stream.acknowledge_received_data(acknowledged_size)
+                )
+
+        self._prepare_for_sending(frames)
+
+    def data_to_send(self, amount=None):
+        """
+        Returns some data for sending out of the internal data buffer.
+
+        This method is analogous to ``read`` on a file-like object, but it
+        doesn't block. Instead, it returns as much data as the user asks for,
+        or less if that much data is not available. It does not perform any
+        I/O, and so uses a different name.
+
+        :param amount: (optional) The maximum amount of data to return. If not
+            set, or set to ``None``, will return as much data as possible.
+        :type amount: ``int``
+        :returns: A bytestring containing the data to send on the wire.
+        :rtype: ``bytes``
+        """
+        if amount is None:
+            data = bytes(self._data_to_send)
+            self._data_to_send = bytearray()
+            return data
+        else:
+            data = bytes(self._data_to_send[:amount])
+            self._data_to_send = self._data_to_send[amount:]
+            return data
+
+    def clear_outbound_data_buffer(self):
+        """
+        Clears the outbound data buffer, such that if this call was immediately
+        followed by a call to
+        :meth:`data_to_send <h2.connection.H2Connection.data_to_send>`, that
+        call would return no data.
+
+        This method should not normally be used, but is made available to avoid
+        exposing implementation details.
+        """
+        self._data_to_send = bytearray()
+
+    def _acknowledge_settings(self):
+        """
+        Acknowledge settings that have been received.
+
+        .. versionchanged:: 2.0.0
+           Removed from public API, removed useless ``event`` parameter, made
+           automatic.
+
+        :returns: Nothing
+        """
+        self.state_machine.process_input(ConnectionInputs.SEND_SETTINGS)
+
+        changes = self.remote_settings.acknowledge()
+
+        if SettingCodes.INITIAL_WINDOW_SIZE in changes:
+            setting = changes[SettingCodes.INITIAL_WINDOW_SIZE]
+            self._flow_control_change_from_settings(
+                setting.original_value,
+                setting.new_value,
+            )
+
+        # HEADER_TABLE_SIZE changes by the remote part affect our encoder: cf.
+        # RFC 7540 Section 6.5.2.
+        if SettingCodes.HEADER_TABLE_SIZE in changes:
+            setting = changes[SettingCodes.HEADER_TABLE_SIZE]
+            self.encoder.header_table_size = setting.new_value
+
+        if SettingCodes.MAX_FRAME_SIZE in changes:
+            setting = changes[SettingCodes.MAX_FRAME_SIZE]
+            self.max_outbound_frame_size = setting.new_value
+            for stream in self.streams.values():
+                stream.max_outbound_frame_size = setting.new_value
+
+        f = SettingsFrame(0)
+        f.flags.add('ACK')
+        return [f]
+
+    def _flow_control_change_from_settings(self, old_value, new_value):
+        """
+        Update flow control windows in response to a change in the value of
+        SETTINGS_INITIAL_WINDOW_SIZE.
+
+        When this setting is changed, it automatically updates all flow control
+        windows by the delta in the settings values. Note that it does not
+        increment the *connection* flow control window, per section 6.9.2 of
+        RFC 7540.
+        """
+        delta = new_value - old_value
+
+        for stream in self.streams.values():
+            stream.outbound_flow_control_window = guard_increment_window(
+                stream.outbound_flow_control_window,
+                delta
+            )
+
+    def _inbound_flow_control_change_from_settings(self, old_value, new_value):
+        """
+        Update remote flow control windows in response to a change in the value
+        of SETTINGS_INITIAL_WINDOW_SIZE.
+
+        When this setting is changed, it automatically updates all remote flow
+        control windows by the delta in the settings values.
+        """
+        delta = new_value - old_value
+
+        for stream in self.streams.values():
+            stream._inbound_flow_control_change_from_settings(delta)
+
+    def receive_data(self, data):
+        """
+        Pass some received HTTP/2 data to the connection for handling.
+
+        :param data: The data received from the remote peer on the network.
+        :type data: ``bytes``
+        :returns: A list of events that the remote peer triggered by sending
+            this data.
+        """
+        self.config.logger.trace(
+            "Process received data on connection. Received data: %r", data
+        )
+
+        events = []
+        self.incoming_buffer.add_data(data)
+        self.incoming_buffer.max_frame_size = self.max_inbound_frame_size
+
+        try:
+            for frame in self.incoming_buffer:
+                events.extend(self._receive_frame(frame))
+        except InvalidPaddingError:
+            self._terminate_connection(ErrorCodes.PROTOCOL_ERROR)
+            raise ProtocolError("Received frame with invalid padding.")
+        except ProtocolError as e:
+            # For whatever reason, receiving the frame caused a protocol error.
+            # We should prepare to emit a GoAway frame before throwing the
+            # exception up further. No need for an event: the exception will
+            # do fine.
+            self._terminate_connection(e.error_code)
+            raise
+
+        return events
+
+    def _receive_frame(self, frame):
+        """
+        Handle a frame received on the connection.
+
+        .. versionchanged:: 2.0.0
+           Removed from the public API.
+        """
+        try:
+            # I don't love using __class__ here, maybe reconsider it.
+            frames, events = self._frame_dispatch_table[frame.__class__](frame)
+        except StreamClosedError as e:
+            # If the stream was closed by RST_STREAM, we just send a RST_STREAM
+            # to the remote peer. Otherwise, this is a connection error, and so
+            # we will re-raise to trigger one.
+            if self._stream_is_closed_by_reset(e.stream_id):
+                f = RstStreamFrame(e.stream_id)
+                f.error_code = e.error_code
+                self._prepare_for_sending([f])
+                events = e._events
+            else:
+                raise
+        except StreamIDTooLowError as e:
+            # The stream ID seems invalid. This may happen when the closed
+            # stream has been cleaned up, or when the remote peer has opened a
+            # new stream with a higher stream ID than this one, forcing it
+            # closed implicitly.
+            #
+            # Check how the stream was closed: depending on the mechanism, it
+            # is either a stream error or a connection error.
+            if self._stream_is_closed_by_reset(e.stream_id):
+                # Closed by RST_STREAM is a stream error.
+                f = RstStreamFrame(e.stream_id)
+                f.error_code = ErrorCodes.STREAM_CLOSED
+                self._prepare_for_sending([f])
+                events = []
+            elif self._stream_is_closed_by_end(e.stream_id):
+                # Closed by END_STREAM is a connection error.
+                raise StreamClosedError(e.stream_id)
+            else:
+                # Closed implicitly, also a connection error, but of type
+                # PROTOCOL_ERROR.
+                raise
+        else:
+            self._prepare_for_sending(frames)
+
+        return events
+
+    def _terminate_connection(self, error_code):
+        """
+        Terminate the connection early. Used in error handling blocks to send
+        GOAWAY frames.
+        """
+        f = GoAwayFrame(0)
+        f.last_stream_id = self.highest_inbound_stream_id
+        f.error_code = error_code
+        self.state_machine.process_input(ConnectionInputs.SEND_GOAWAY)
+        self._prepare_for_sending([f])
+
+    def _receive_headers_frame(self, frame):
+        """
+        Receive a headers frame on the connection.
+        """
+        # If necessary, check we can open the stream. Also validate that the
+        # stream ID is valid.
+        if frame.stream_id not in self.streams:
+            max_open_streams = self.local_settings.max_concurrent_streams
+            if (self.open_inbound_streams + 1) > max_open_streams:
+                raise TooManyStreamsError(
+                    "Max outbound streams is %d, %d open" %
+                    (max_open_streams, self.open_outbound_streams)
+                )
+
+        # Let's decode the headers. We handle headers as bytes internally up
+        # until we hang them off the event, at which point we may optionally
+        # convert them to unicode.
+        headers = _decode_headers(self.decoder, frame.data)
+
+        events = self.state_machine.process_input(
+            ConnectionInputs.RECV_HEADERS
+        )
+        stream = self._get_or_create_stream(
+            frame.stream_id, AllowedStreamIDs(not self.config.client_side)
+        )
+        frames, stream_events = stream.receive_headers(
+            headers,
+            'END_STREAM' in frame.flags,
+            self.config.header_encoding
+        )
+
+        if 'PRIORITY' in frame.flags:
+            p_frames, p_events = self._receive_priority_frame(frame)
+            stream_events[0].priority_updated = p_events[0]
+            stream_events.extend(p_events)
+            assert not p_frames
+
+        return frames, events + stream_events
+
+    def _receive_push_promise_frame(self, frame):
+        """
+        Receive a push-promise frame on the connection.
+        """
+        if not self.local_settings.enable_push:
+            raise ProtocolError("Received pushed stream")
+
+        pushed_headers = _decode_headers(self.decoder, frame.data)
+
+        events = self.state_machine.process_input(
+            ConnectionInputs.RECV_PUSH_PROMISE
+        )
+
+        try:
+            stream = self._get_stream_by_id(frame.stream_id)
+        except NoSuchStreamError:
+            # We need to check if the parent stream was reset by us. If it was
+            # then we presume that the PUSH_PROMISE was in flight when we reset
+            # the parent stream. Rather than accept the new stream, just reset
+            # it.
+            #
+            # If this was closed naturally, however, we should call this a
+            # PROTOCOL_ERROR: pushing a stream on a naturally closed stream is
+            # a real problem because it creates a brand new stream that the
+            # remote peer now believes exists.
+            if (self._stream_closed_by(frame.stream_id) ==
+                    StreamClosedBy.SEND_RST_STREAM):
+                f = RstStreamFrame(frame.promised_stream_id)
+                f.error_code = ErrorCodes.REFUSED_STREAM
+                return [f], events
+
+            raise ProtocolError("Attempted to push on closed stream.")
+
+        # We need to prevent peers pushing streams in response to streams that
+        # they themselves have already pushed: see #163 and RFC 7540 § 6.6. The
+        # easiest way to do that is to assert that the stream_id is not even:
+        # this shortcut works because only servers can push and the state
+        # machine will enforce this.
+        if (frame.stream_id % 2) == 0:
+            raise ProtocolError("Cannot recursively push streams.")
+
+        try:
+            frames, stream_events = stream.receive_push_promise_in_band(
+                frame.promised_stream_id,
+                pushed_headers,
+                self.config.header_encoding,
+            )
+        except StreamClosedError:
+            # The parent stream was reset by us, so we presume that
+            # PUSH_PROMISE was in flight when we reset the parent stream.
+            # So we just reset the new stream.
+            f = RstStreamFrame(frame.promised_stream_id)
+            f.error_code = ErrorCodes.REFUSED_STREAM
+            return [f], events
+
+        new_stream = self._begin_new_stream(
+            frame.promised_stream_id, AllowedStreamIDs.EVEN
+        )
+        self.streams[frame.promised_stream_id] = new_stream
+        new_stream.remotely_pushed(pushed_headers)
+
+        return frames, events + stream_events
+
+    def _handle_data_on_closed_stream(self, events, exc, frame):
+        # This stream is already closed - and yet we received a DATA frame.
+        # The received DATA frame counts towards the connection flow window.
+        # We need to manually to acknowledge the DATA frame to update the flow
+        # window of the connection. Otherwise the whole connection stalls due
+        # the inbound flow window being 0.
+        frames = []
+        conn_manager = self._inbound_flow_control_window_manager
+        conn_increment = conn_manager.process_bytes(
+            frame.flow_controlled_length
+        )
+        if conn_increment:
+            f = WindowUpdateFrame(0)
+            f.window_increment = conn_increment
+            frames.append(f)
+            self.config.logger.debug(
+                "Received DATA frame on closed stream %d - "
+                "auto-emitted a WINDOW_UPDATE by %d",
+                frame.stream_id, conn_increment
+            )
+        f = RstStreamFrame(exc.stream_id)
+        f.error_code = exc.error_code
+        frames.append(f)
+        self.config.logger.debug(
+            "Stream %d already CLOSED or cleaned up - "
+            "auto-emitted a RST_FRAME" % frame.stream_id
+        )
+        return frames, events + exc._events
+
+    def _receive_data_frame(self, frame):
+        """
+        Receive a data frame on the connection.
+        """
+        flow_controlled_length = frame.flow_controlled_length
+
+        events = self.state_machine.process_input(
+            ConnectionInputs.RECV_DATA
+        )
+        self._inbound_flow_control_window_manager.window_consumed(
+            flow_controlled_length
+        )
+
+        try:
+            stream = self._get_stream_by_id(frame.stream_id)
+            frames, stream_events = stream.receive_data(
+                frame.data,
+                'END_STREAM' in frame.flags,
+                flow_controlled_length
+            )
+        except StreamClosedError as e:
+            # This stream is either marked as CLOSED or already gone from our
+            # internal state.
+            return self._handle_data_on_closed_stream(events, e, frame)
+
+        return frames, events + stream_events
+
+    def _receive_settings_frame(self, frame):
+        """
+        Receive a SETTINGS frame on the connection.
+        """
+        events = self.state_machine.process_input(
+            ConnectionInputs.RECV_SETTINGS
+        )
+
+        # This is an ack of the local settings.
+        if 'ACK' in frame.flags:
+            changed_settings = self._local_settings_acked()
+            ack_event = SettingsAcknowledged()
+            ack_event.changed_settings = changed_settings
+            events.append(ack_event)
+            return [], events
+
+        # Add the new settings.
+        self.remote_settings.update(frame.settings)
+        events.append(
+            RemoteSettingsChanged.from_settings(
+                self.remote_settings, frame.settings
+            )
+        )
+        frames = self._acknowledge_settings()
+
+        return frames, events
+
+    def _receive_window_update_frame(self, frame):
+        """
+        Receive a WINDOW_UPDATE frame on the connection.
+        """
+        # Validate the frame.
+        if not (1 <= frame.window_increment <= self.MAX_WINDOW_INCREMENT):
+            raise ProtocolError(
+                "Flow control increment must be between 1 and %d, received %d"
+                % (self.MAX_WINDOW_INCREMENT, frame.window_increment)
+            )
+
+        events = self.state_machine.process_input(
+            ConnectionInputs.RECV_WINDOW_UPDATE
+        )
+
+        if frame.stream_id:
+            stream = self._get_stream_by_id(frame.stream_id)
+            frames, stream_events = stream.receive_window_update(
+                frame.window_increment
+            )
+        else:
+            # Increment our local flow control window.
+            self.outbound_flow_control_window = guard_increment_window(
+                self.outbound_flow_control_window,
+                frame.window_increment
+            )
+
+            # FIXME: Should we split this into one event per active stream?
+            window_updated_event = WindowUpdated()
+            window_updated_event.stream_id = 0
+            window_updated_event.delta = frame.window_increment
+            stream_events = [window_updated_event]
+            frames = []
+
+        return frames, events + stream_events
+
+    def _receive_ping_frame(self, frame):
+        """
+        Receive a PING frame on the connection.
+        """
+        events = self.state_machine.process_input(
+            ConnectionInputs.RECV_PING
+        )
+        flags = []
+
+        if 'ACK' in frame.flags:
+            evt = PingAckReceived()
+        else:
+            evt = PingReceived()
+
+            # automatically ACK the PING with the same 'opaque data'
+            f = PingFrame(0)
+            f.flags = {'ACK'}
+            f.opaque_data = frame.opaque_data
+            flags.append(f)
+
+        evt.ping_data = frame.opaque_data
+        events.append(evt)
+
+        return flags, events
+
+    def _receive_rst_stream_frame(self, frame):
+        """
+        Receive a RST_STREAM frame on the connection.
+        """
+        events = self.state_machine.process_input(
+            ConnectionInputs.RECV_RST_STREAM
+        )
+        try:
+            stream = self._get_stream_by_id(frame.stream_id)
+        except NoSuchStreamError:
+            # The stream is missing. That's ok, we just do nothing here.
+            stream_frames = []
+            stream_events = []
+        else:
+            stream_frames, stream_events = stream.stream_reset(frame)
+
+        return stream_frames, events + stream_events
+
+    def _receive_priority_frame(self, frame):
+        """
+        Receive a PRIORITY frame on the connection.
+        """
+        events = self.state_machine.process_input(
+            ConnectionInputs.RECV_PRIORITY
+        )
+
+        event = PriorityUpdated()
+        event.stream_id = frame.stream_id
+        event.depends_on = frame.depends_on
+        event.exclusive = frame.exclusive
+
+        # Weight is an integer between 1 and 256, but the byte only allows
+        # 0 to 255: add one.
+        event.weight = frame.stream_weight + 1
+
+        # A stream may not depend on itself.
+        if event.depends_on == frame.stream_id:
+            raise ProtocolError(
+                "Stream %d may not depend on itself" % frame.stream_id
+            )
+        events.append(event)
+
+        return [], events
+
+    def _receive_goaway_frame(self, frame):
+        """
+        Receive a GOAWAY frame on the connection.
+        """
+        events = self.state_machine.process_input(
+            ConnectionInputs.RECV_GOAWAY
+        )
+
+        # Clear the outbound data buffer: we cannot send further data now.
+        self.clear_outbound_data_buffer()
+
+        # Fire an appropriate ConnectionTerminated event.
+        new_event = ConnectionTerminated()
+        new_event.error_code = _error_code_from_int(frame.error_code)
+        new_event.last_stream_id = frame.last_stream_id
+        new_event.additional_data = (frame.additional_data
+                                     if frame.additional_data else None)
+        events.append(new_event)
+
+        return [], events
+
+    def _receive_naked_continuation(self, frame):
+        """
+        A naked CONTINUATION frame has been received. This is always an error,
+        but the type of error it is depends on the state of the stream and must
+        transition the state of the stream, so we need to pass it to the
+        appropriate stream.
+        """
+        stream = self._get_stream_by_id(frame.stream_id)
+        stream.receive_continuation()
+        assert False, "Should not be reachable"
+
+    def _receive_alt_svc_frame(self, frame):
+        """
+        An ALTSVC frame has been received. This frame, specified in RFC 7838,
+        is used to advertise alternative places where the same service can be
+        reached.
+
+        This frame can optionally be received either on a stream or on stream
+        0, and its semantics are different in each case.
+        """
+        events = self.state_machine.process_input(
+            ConnectionInputs.RECV_ALTERNATIVE_SERVICE
+        )
+        frames = []
+
+        if frame.stream_id:
+            # Given that it makes no sense to receive ALTSVC on a stream
+            # before that stream has been opened with a HEADERS frame, the
+            # ALTSVC frame cannot create a stream. If the stream is not
+            # present, we simply ignore the frame.
+            try:
+                stream = self._get_stream_by_id(frame.stream_id)
+            except (NoSuchStreamError, StreamClosedError):
+                pass
+            else:
+                stream_frames, stream_events = stream.receive_alt_svc(frame)
+                frames.extend(stream_frames)
+                events.extend(stream_events)
+        else:
+            # This frame is sent on stream 0. The origin field on the frame
+            # must be present, though if it isn't it's not a ProtocolError
+            # (annoyingly), we just need to ignore it.
+            if not frame.origin:
+                return frames, events
+
+            # If we're a server, we want to ignore this (RFC 7838 says so).
+            if not self.config.client_side:
+                return frames, events
+
+            event = AlternativeServiceAvailable()
+            event.origin = frame.origin
+            event.field_value = frame.field
+            events.append(event)
+
+        return frames, events
+
+    def _receive_unknown_frame(self, frame):
+        """
+        We have received a frame that we do not understand. This is almost
+        certainly an extension frame, though it's impossible to be entirely
+        sure.
+
+        RFC 7540 § 5.5 says that we MUST ignore unknown frame types: so we
+        do. We do notify the user that we received one, however.
+        """
+        # All we do here is log.
+        self.config.logger.debug(
+            "Received unknown extension frame (ID %d)", frame.stream_id
+        )
+        event = UnknownFrameReceived()
+        event.frame = frame
+        return [], [event]
+
+    def _local_settings_acked(self):
+        """
+        Handle the local settings being ACKed, update internal state.
+        """
+        changes = self.local_settings.acknowledge()
+
+        if SettingCodes.INITIAL_WINDOW_SIZE in changes:
+            setting = changes[SettingCodes.INITIAL_WINDOW_SIZE]
+            self._inbound_flow_control_change_from_settings(
+                setting.original_value,
+                setting.new_value,
+            )
+
+        if SettingCodes.MAX_HEADER_LIST_SIZE in changes:
+            setting = changes[SettingCodes.MAX_HEADER_LIST_SIZE]
+            self.decoder.max_header_list_size = setting.new_value
+
+        if SettingCodes.MAX_FRAME_SIZE in changes:
+            setting = changes[SettingCodes.MAX_FRAME_SIZE]
+            self.max_inbound_frame_size = setting.new_value
+
+        if SettingCodes.HEADER_TABLE_SIZE in changes:
+            setting = changes[SettingCodes.HEADER_TABLE_SIZE]
+            # This is safe across all hpack versions: some versions just won't
+            # respect it.
+            self.decoder.max_allowed_table_size = setting.new_value
+
+        return changes
+
+    def _stream_id_is_outbound(self, stream_id):
+        """
+        Returns ``True`` if the stream ID corresponds to an outbound stream
+        (one initiated by this peer), returns ``False`` otherwise.
+        """
+        return (stream_id % 2 == int(self.config.client_side))
+
+    def _stream_closed_by(self, stream_id):
+        """
+        Returns how the stream was closed.
+
+        The return value will be either a member of
+        ``h2.stream.StreamClosedBy`` or ``None``. If ``None``, the stream was
+        closed implicitly by the peer opening a stream with a higher stream ID
+        before opening this one.
+        """
+        if stream_id in self.streams:
+            return self.streams[stream_id].closed_by
+        if stream_id in self._closed_streams:
+            return self._closed_streams[stream_id]
+        return None
+
+    def _stream_is_closed_by_reset(self, stream_id):
+        """
+        Returns ``True`` if the stream was closed by sending or receiving a
+        RST_STREAM frame. Returns ``False`` otherwise.
+        """
+        return self._stream_closed_by(stream_id) in (
+            StreamClosedBy.RECV_RST_STREAM, StreamClosedBy.SEND_RST_STREAM
+        )
+
+    def _stream_is_closed_by_end(self, stream_id):
+        """
+        Returns ``True`` if the stream was closed by sending or receiving an
+        END_STREAM flag in a HEADERS or DATA frame. Returns ``False``
+        otherwise.
+        """
+        return self._stream_closed_by(stream_id) in (
+            StreamClosedBy.RECV_END_STREAM, StreamClosedBy.SEND_END_STREAM
+        )
+
+
+def _add_frame_priority(frame, weight=None, depends_on=None, exclusive=None):
+    """
+    Adds priority data to a given frame. Does not change any flags set on that
+    frame: if the caller is adding priority information to a HEADERS frame they
+    must set that themselves.
+
+    This method also deliberately sets defaults for anything missing.
+
+    This method validates the input values.
+    """
+    # A stream may not depend on itself.
+    if depends_on == frame.stream_id:
+        raise ProtocolError(
+            "Stream %d may not depend on itself" % frame.stream_id
+        )
+
+    # Weight must be between 1 and 256.
+    if weight is not None:
+        if weight > 256 or weight < 1:
+            raise ProtocolError(
+                "Weight must be between 1 and 256, not %d" % weight
+            )
+        else:
+            # Weight is an integer between 1 and 256, but the byte only allows
+            # 0 to 255: subtract one.
+            weight -= 1
+
+    # Set defaults for anything not provided.
+    weight = weight if weight is not None else 15
+    depends_on = depends_on if depends_on is not None else 0
+    exclusive = exclusive if exclusive is not None else False
+
+    frame.stream_weight = weight
+    frame.depends_on = depends_on
+    frame.exclusive = exclusive
+
+    return frame
+
+
+def _decode_headers(decoder, encoded_header_block):
+    """
+    Decode a HPACK-encoded header block, translating HPACK exceptions into
+    sensible hyper-h2 errors.
+
+    This only ever returns bytestring headers: hyper-h2 may emit them as
+    unicode later, but internally it processes them as bytestrings only.
+    """
+    try:
+        return decoder.decode(encoded_header_block, raw=True)
+    except OversizedHeaderListError as e:
+        # This is a symptom of a HPACK bomb attack: the user has
+        # disregarded our requirements on how large a header block we'll
+        # accept.
+        raise DenialOfServiceError("Oversized header block: %s" % e)
+    except (HPACKError, IndexError, TypeError, UnicodeDecodeError) as e:
+        # We should only need HPACKError here, but versions of HPACK older
+        # than 2.1.0 throw all three others as well. For maximum
+        # compatibility, catch all of them.
+        raise ProtocolError("Error decoding header block: %s" % e)
diff --git a/testing/web-platform/tests/tools/third_party/h2/h2/errors.py b/testing/web-platform/tests/tools/third_party/h2/h2/errors.py
new file mode 100644
index 0000000000..baef2001cd
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/h2/errors.py
@@ -0,0 +1,75 @@
+# -*- coding: utf-8 -*-
+"""
+h2/errors
+~~~~~~~~~~~~~~~~~~~
+
+Global error code registry containing the established HTTP/2 error codes.
+
+The current registry is available at:
+https://tools.ietf.org/html/rfc7540#section-11.4
+"""
+import enum
+
+
+class ErrorCodes(enum.IntEnum):
+    """
+    All known HTTP/2 error codes.
+
+    .. versionadded:: 2.5.0
+    """
+    #: Graceful shutdown.
+    NO_ERROR = 0x0
+
+    #: Protocol error detected.
+    PROTOCOL_ERROR = 0x1
+
+    #: Implementation fault.
+    INTERNAL_ERROR = 0x2
+
+    #: Flow-control limits exceeded.
+    FLOW_CONTROL_ERROR = 0x3
+
+    #: Settings not acknowledged.
+    SETTINGS_TIMEOUT = 0x4
+
+    #: Frame received for closed stream.
+    STREAM_CLOSED = 0x5
+
+    #: Frame size incorrect.
+    FRAME_SIZE_ERROR = 0x6
+
+    #: Stream not processed.
+    REFUSED_STREAM = 0x7
+
+    #: Stream cancelled.
+    CANCEL = 0x8
+
+    #: Compression state not updated.
+    COMPRESSION_ERROR = 0x9
+
+    #: TCP connection error for CONNECT method.
+    CONNECT_ERROR = 0xa
+
+    #: Processing capacity exceeded.
+    ENHANCE_YOUR_CALM = 0xb
+
+    #: Negotiated TLS parameters not acceptable.
+    INADEQUATE_SECURITY = 0xc
+
+    #: Use HTTP/1.1 for the request.
+    HTTP_1_1_REQUIRED = 0xd
+
+
+def _error_code_from_int(code):
+    """
+    Given an integer error code, returns either one of :class:`ErrorCodes
+    <h2.errors.ErrorCodes>` or, if not present in the known set of codes,
+    returns the integer directly.
+    """
+    try:
+        return ErrorCodes(code)
+    except ValueError:
+        return code
+
+
+__all__ = ['ErrorCodes']
diff --git a/testing/web-platform/tests/tools/third_party/h2/h2/events.py b/testing/web-platform/tests/tools/third_party/h2/h2/events.py
new file mode 100644
index 0000000000..a06c9903d5
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/h2/events.py
@@ -0,0 +1,648 @@
+# -*- coding: utf-8 -*-
+"""
+h2/events
+~~~~~~~~~
+
+Defines Event types for HTTP/2.
+
+Events are returned by the H2 state machine to allow implementations to keep
+track of events triggered by receiving data. Each time data is provided to the
+H2 state machine it processes the data and returns a list of Event objects.
+"""
+import binascii
+
+from .settings import ChangedSetting, _setting_code_from_int
+
+
+class Event(object):
+    """
+    Base class for h2 events.
+    """
+    pass
+
+
+class RequestReceived(Event):
+    """
+    The RequestReceived event is fired whenever request headers are received.
+    This event carries the HTTP headers for the given request and the stream ID
+    of the new stream.
+
+    .. versionchanged:: 2.3.0
+       Changed the type of ``headers`` to :class:`HeaderTuple
+       <hpack:hpack.HeaderTuple>`. This has no effect on current users.
+
+    .. versionchanged:: 2.4.0
+       Added ``stream_ended`` and ``priority_updated`` properties.
+    """
+    def __init__(self):
+        #: The Stream ID for the stream this request was made on.
+        self.stream_id = None
+
+        #: The request headers.
+        self.headers = None
+
+        #: If this request also ended the stream, the associated
+        #: :class:`StreamEnded <h2.events.StreamEnded>` event will be available
+        #: here.
+        #:
+        #: .. versionadded:: 2.4.0
+        self.stream_ended = None
+
+        #: If this request also had associated priority information, the
+        #: associated :class:`PriorityUpdated <h2.events.PriorityUpdated>`
+        #: event will be available here.
+        #:
+        #: .. versionadded:: 2.4.0
+        self.priority_updated = None
+
+    def __repr__(self):
+        return "<RequestReceived stream_id:%s, headers:%s>" % (
+            self.stream_id, self.headers
+        )
+
+
+class ResponseReceived(Event):
+    """
+    The ResponseReceived event is fired whenever response headers are received.
+    This event carries the HTTP headers for the given response and the stream
+    ID of the new stream.
+
+    .. versionchanged:: 2.3.0
+       Changed the type of ``headers`` to :class:`HeaderTuple
+       <hpack:hpack.HeaderTuple>`. This has no effect on current users.
+
+   .. versionchanged:: 2.4.0
+      Added ``stream_ended`` and ``priority_updated`` properties.
+    """
+    def __init__(self):
+        #: The Stream ID for the stream this response was made on.
+        self.stream_id = None
+
+        #: The response headers.
+        self.headers = None
+
+        #: If this response also ended the stream, the associated
+        #: :class:`StreamEnded <h2.events.StreamEnded>` event will be available
+        #: here.
+        #:
+        #: .. versionadded:: 2.4.0
+        self.stream_ended = None
+
+        #: If this response also had associated priority information, the
+        #: associated :class:`PriorityUpdated <h2.events.PriorityUpdated>`
+        #: event will be available here.
+        #:
+        #: .. versionadded:: 2.4.0
+        self.priority_updated = None
+
+    def __repr__(self):
+        return "<ResponseReceived stream_id:%s, headers:%s>" % (
+            self.stream_id, self.headers
+        )
+
+
+class TrailersReceived(Event):
+    """
+    The TrailersReceived event is fired whenever trailers are received on a
+    stream. Trailers are a set of headers sent after the body of the
+    request/response, and are used to provide information that wasn't known
+    ahead of time (e.g. content-length). This event carries the HTTP header
+    fields that form the trailers and the stream ID of the stream on which they
+    were received.
+
+    .. versionchanged:: 2.3.0
+       Changed the type of ``headers`` to :class:`HeaderTuple
+       <hpack:hpack.HeaderTuple>`. This has no effect on current users.
+
+    .. versionchanged:: 2.4.0
+       Added ``stream_ended`` and ``priority_updated`` properties.
+    """
+    def __init__(self):
+        #: The Stream ID for the stream on which these trailers were received.
+        self.stream_id = None
+
+        #: The trailers themselves.
+        self.headers = None
+
+        #: Trailers always end streams. This property has the associated
+        #: :class:`StreamEnded <h2.events.StreamEnded>` in it.
+        #:
+        #: .. versionadded:: 2.4.0
+        self.stream_ended = None
+
+        #: If the trailers also set associated priority information, the
+        #: associated :class:`PriorityUpdated <h2.events.PriorityUpdated>`
+        #: event will be available here.
+        #:
+        #: .. versionadded:: 2.4.0
+        self.priority_updated = None
+
+    def __repr__(self):
+        return "<TrailersReceived stream_id:%s, headers:%s>" % (
+            self.stream_id, self.headers
+        )
+
+
+class _HeadersSent(Event):
+    """
+    The _HeadersSent event is fired whenever headers are sent.
+
+    This is an internal event, used to determine validation steps on
+    outgoing header blocks.
+    """
+    pass
+
+
+class _ResponseSent(_HeadersSent):
+    """
+    The _ResponseSent event is fired whenever response headers are sent
+    on a stream.
+
+    This is an internal event, used to determine validation steps on
+    outgoing header blocks.
+    """
+    pass
+
+
+class _RequestSent(_HeadersSent):
+    """
+    The _RequestSent event is fired whenever request headers are sent
+    on a stream.
+
+    This is an internal event, used to determine validation steps on
+    outgoing header blocks.
+    """
+    pass
+
+
+class _TrailersSent(_HeadersSent):
+    """
+    The _TrailersSent event is fired whenever trailers are sent on a
+    stream. Trailers are a set of headers sent after the body of the
+    request/response, and are used to provide information that wasn't known
+    ahead of time (e.g. content-length).
+
+    This is an internal event, used to determine validation steps on
+    outgoing header blocks.
+    """
+    pass
+
+
+class _PushedRequestSent(_HeadersSent):
+    """
+    The _PushedRequestSent event is fired whenever pushed request headers are
+    sent.
+
+    This is an internal event, used to determine validation steps on outgoing
+    header blocks.
+    """
+    pass
+
+
+class InformationalResponseReceived(Event):
+    """
+    The InformationalResponseReceived event is fired when an informational
+    response (that is, one whose status code is a 1XX code) is received from
+    the remote peer.
+
+    The remote peer may send any number of these, from zero upwards. These
+    responses are most commonly sent in response to requests that have the
+    ``expect: 100-continue`` header field present. Most users can safely
+    ignore this event unless you are intending to use the
+    ``expect: 100-continue`` flow, or are for any reason expecting a different
+    1XX status code.
+
+    .. versionadded:: 2.2.0
+
+    .. versionchanged:: 2.3.0
+       Changed the type of ``headers`` to :class:`HeaderTuple
+       <hpack:hpack.HeaderTuple>`. This has no effect on current users.
+
+    .. versionchanged:: 2.4.0
+       Added ``priority_updated`` property.
+    """
+    def __init__(self):
+        #: The Stream ID for the stream this informational response was made
+        #: on.
+        self.stream_id = None
+
+        #: The headers for this informational response.
+        self.headers = None
+
+        #: If this response also had associated priority information, the
+        #: associated :class:`PriorityUpdated <h2.events.PriorityUpdated>`
+        #: event will be available here.
+        #:
+        #: .. versionadded:: 2.4.0
+        self.priority_updated = None
+
+    def __repr__(self):
+        return "<InformationalResponseReceived stream_id:%s, headers:%s>" % (
+            self.stream_id, self.headers
+        )
+
+
+class DataReceived(Event):
+    """
+    The DataReceived event is fired whenever data is received on a stream from
+    the remote peer. The event carries the data itself, and the stream ID on
+    which the data was received.
+
+    .. versionchanged:: 2.4.0
+       Added ``stream_ended`` property.
+    """
+    def __init__(self):
+        #: The Stream ID for the stream this data was received on.
+        self.stream_id = None
+
+        #: The data itself.
+        self.data = None
+
+        #: The amount of data received that counts against the flow control
+        #: window. Note that padding counts against the flow control window, so
+        #: when adjusting flow control you should always use this field rather
+        #: than ``len(data)``.
+        self.flow_controlled_length = None
+
+        #: If this data chunk also completed the stream, the associated
+        #: :class:`StreamEnded <h2.events.StreamEnded>` event will be available
+        #: here.
+        #:
+        #: .. versionadded:: 2.4.0
+        self.stream_ended = None
+
+    def __repr__(self):
+        return (
+            "<DataReceived stream_id:%s, "
+            "flow_controlled_length:%s, "
+            "data:%s>" % (
+                self.stream_id,
+                self.flow_controlled_length,
+                _bytes_representation(self.data[:20]),
+            )
+        )
+
+
+class WindowUpdated(Event):
+    """
+    The WindowUpdated event is fired whenever a flow control window changes
+    size. HTTP/2 defines flow control windows for connections and streams: this
+    event fires for both connections and streams. The event carries the ID of
+    the stream to which it applies (set to zero if the window update applies to
+    the connection), and the delta in the window size.
+    """
+    def __init__(self):
+        #: The Stream ID of the stream whose flow control window was changed.
+        #: May be ``0`` if the connection window was changed.
+        self.stream_id = None
+
+        #: The window delta.
+        self.delta = None
+
+    def __repr__(self):
+        return "<WindowUpdated stream_id:%s, delta:%s>" % (
+            self.stream_id, self.delta
+        )
+
+
+class RemoteSettingsChanged(Event):
+    """
+    The RemoteSettingsChanged event is fired whenever the remote peer changes
+    its settings. It contains a complete inventory of changed settings,
+    including their previous values.
+
+    In HTTP/2, settings changes need to be acknowledged. hyper-h2 automatically
+    acknowledges settings changes for efficiency. However, it is possible that
+    the caller may not be happy with the changed setting.
+
+    When this event is received, the caller should confirm that the new
+    settings are acceptable. If they are not acceptable, the user should close
+    the connection with the error code :data:`PROTOCOL_ERROR
+    <h2.errors.ErrorCodes.PROTOCOL_ERROR>`.
+
+    .. versionchanged:: 2.0.0
+       Prior to this version the user needed to acknowledge settings changes.
+       This is no longer the case: hyper-h2 now automatically acknowledges
+       them.
+    """
+    def __init__(self):
+        #: A dictionary of setting byte to
+        #: :class:`ChangedSetting <h2.settings.ChangedSetting>`, representing
+        #: the changed settings.
+        self.changed_settings = {}
+
+    @classmethod
+    def from_settings(cls, old_settings, new_settings):
+        """
+        Build a RemoteSettingsChanged event from a set of changed settings.
+
+        :param old_settings: A complete collection of old settings, in the form
+                             of a dictionary of ``{setting: value}``.
+        :param new_settings: All the changed settings and their new values, in
+                             the form of a dictionary of ``{setting: value}``.
+        """
+        e = cls()
+        for setting, new_value in new_settings.items():
+            setting = _setting_code_from_int(setting)
+            original_value = old_settings.get(setting)
+            change = ChangedSetting(setting, original_value, new_value)
+            e.changed_settings[setting] = change
+
+        return e
+
+    def __repr__(self):
+        return "<RemoteSettingsChanged changed_settings:{%s}>" % (
+            ", ".join(repr(cs) for cs in self.changed_settings.values()),
+        )
+
+
+class PingReceived(Event):
+    """
+    The PingReceived event is fired whenever a PING is received. It contains
+    the 'opaque data' of the PING frame. A ping acknowledgment with the same
+    'opaque data' is automatically emitted after receiving a ping.
+
+    .. versionadded:: 3.1.0
+    """
+    def __init__(self):
+        #: The data included on the ping.
+        self.ping_data = None
+
+    def __repr__(self):
+        return "<PingReceived ping_data:%s>" % (
+            _bytes_representation(self.ping_data),
+        )
+
+
+class PingAcknowledged(Event):
+    """
+    Same as PingAckReceived.
+
+    .. deprecated:: 3.1.0
+    """
+    def __init__(self):
+        #: The data included on the ping.
+        self.ping_data = None
+
+    def __repr__(self):
+        return "<PingAckReceived ping_data:%s>" % (
+            _bytes_representation(self.ping_data),
+        )
+
+
+class PingAckReceived(PingAcknowledged):
+    """
+    The PingAckReceived event is fired whenever a PING acknowledgment is
+    received. It contains the 'opaque data' of the PING+ACK frame, allowing the
+    user to correlate PINGs and calculate RTT.
+
+    .. versionadded:: 3.1.0
+    """
+    pass
+
+
+class StreamEnded(Event):
+    """
+    The StreamEnded event is fired whenever a stream is ended by a remote
+    party. The stream may not be fully closed if it has not been closed
+    locally, but no further data or headers should be expected on that stream.
+    """
+    def __init__(self):
+        #: The Stream ID of the stream that was closed.
+        self.stream_id = None
+
+    def __repr__(self):
+        return "<StreamEnded stream_id:%s>" % self.stream_id
+
+
+class StreamReset(Event):
+    """
+    The StreamReset event is fired in two situations. The first is when the
+    remote party forcefully resets the stream. The second is when the remote
+    party has made a protocol error which only affects a single stream. In this
+    case, Hyper-h2 will terminate the stream early and return this event.
+
+    .. versionchanged:: 2.0.0
+       This event is now fired when Hyper-h2 automatically resets a stream.
+    """
+    def __init__(self):
+        #: The Stream ID of the stream that was reset.
+        self.stream_id = None
+
+        #: The error code given. Either one of :class:`ErrorCodes
+        #: <h2.errors.ErrorCodes>` or ``int``
+        self.error_code = None
+
+        #: Whether the remote peer sent a RST_STREAM or we did.
+        self.remote_reset = True
+
+    def __repr__(self):
+        return "<StreamReset stream_id:%s, error_code:%s, remote_reset:%s>" % (
+            self.stream_id, self.error_code, self.remote_reset
+        )
+
+
+class PushedStreamReceived(Event):
+    """
+    The PushedStreamReceived event is fired whenever a pushed stream has been
+    received from a remote peer. The event carries on it the new stream ID, the
+    ID of the parent stream, and the request headers pushed by the remote peer.
+    """
+    def __init__(self):
+        #: The Stream ID of the stream created by the push.
+        self.pushed_stream_id = None
+
+        #: The Stream ID of the stream that the push is related to.
+        self.parent_stream_id = None
+
+        #: The request headers, sent by the remote party in the push.
+        self.headers = None
+
+    def __repr__(self):
+        return (
+            "<PushedStreamReceived pushed_stream_id:%s, parent_stream_id:%s, "
+            "headers:%s>" % (
+                self.pushed_stream_id,
+                self.parent_stream_id,
+                self.headers,
+            )
+        )
+
+
+class SettingsAcknowledged(Event):
+    """
+    The SettingsAcknowledged event is fired whenever a settings ACK is received
+    from the remote peer. The event carries on it the settings that were
+    acknowedged, in the same format as
+    :class:`h2.events.RemoteSettingsChanged`.
+    """
+    def __init__(self):
+        #: A dictionary of setting byte to
+        #: :class:`ChangedSetting <h2.settings.ChangedSetting>`, representing
+        #: the changed settings.
+        self.changed_settings = {}
+
+    def __repr__(self):
+        return "<SettingsAcknowledged changed_settings:{%s}>" % (
+            ", ".join(repr(cs) for cs in self.changed_settings.values()),
+        )
+
+
+class PriorityUpdated(Event):
+    """
+    The PriorityUpdated event is fired whenever a stream sends updated priority
+    information. This can occur when the stream is opened, or at any time
+    during the stream lifetime.
+
+    This event is purely advisory, and does not need to be acted on.
+
+    .. versionadded:: 2.0.0
+    """
+    def __init__(self):
+        #: The ID of the stream whose priority information is being updated.
+        self.stream_id = None
+
+        #: The new stream weight. May be the same as the original stream
+        #: weight. An integer between 1 and 256.
+        self.weight = None
+
+        #: The stream ID this stream now depends on. May be ``0``.
+        self.depends_on = None
+
+        #: Whether the stream *exclusively* depends on the parent stream. If it
+        #: does, this stream should inherit the current children of its new
+        #: parent.
+        self.exclusive = None
+
+    def __repr__(self):
+        return (
+            "<PriorityUpdated stream_id:%s, weight:%s, depends_on:%s, "
+            "exclusive:%s>" % (
+                self.stream_id,
+                self.weight,
+                self.depends_on,
+                self.exclusive
+            )
+        )
+
+
+class ConnectionTerminated(Event):
+    """
+    The ConnectionTerminated event is fired when a connection is torn down by
+    the remote peer using a GOAWAY frame. Once received, no further action may
+    be taken on the connection: a new connection must be established.
+    """
+    def __init__(self):
+        #: The error code cited when tearing down the connection. Should be
+        #: one of :class:`ErrorCodes <h2.errors.ErrorCodes>`, but may not be if
+        #: unknown HTTP/2 extensions are being used.
+        self.error_code = None
+
+        #: The stream ID of the last stream the remote peer saw. This can
+        #: provide an indication of what data, if any, never reached the remote
+        #: peer and so can safely be resent.
+        self.last_stream_id = None
+
+        #: Additional debug data that can be appended to GOAWAY frame.
+        self.additional_data = None
+
+    def __repr__(self):
+        return (
+            "<ConnectionTerminated error_code:%s, last_stream_id:%s, "
+            "additional_data:%s>" % (
+                self.error_code,
+                self.last_stream_id,
+                _bytes_representation(
+                    self.additional_data[:20]
+                    if self.additional_data else None)
+            )
+        )
+
+
+class AlternativeServiceAvailable(Event):
+    """
+    The AlternativeServiceAvailable event is fired when the remote peer
+    advertises an `RFC 7838 <https://tools.ietf.org/html/rfc7838>`_ Alternative
+    Service using an ALTSVC frame.
+
+    This event always carries the origin to which the ALTSVC information
+    applies. That origin is either supplied by the server directly, or inferred
+    by hyper-h2 from the ``:authority`` pseudo-header field that was sent by
+    the user when initiating a given stream.
+
+    This event also carries what RFC 7838 calls the "Alternative Service Field
+    Value", which is formatted like a HTTP header field and contains the
+    relevant alternative service information. Hyper-h2 does not parse or in any
+    way modify that information: the user is required to do that.
+
+    This event can only be fired on the client end of a connection.
+
+    .. versionadded:: 2.3.0
+    """
+    def __init__(self):
+        #: The origin to which the alternative service field value applies.
+        #: This field is either supplied by the server directly, or inferred by
+        #: hyper-h2 from the ``:authority`` pseudo-header field that was sent
+        #: by the user when initiating the stream on which the frame was
+        #: received.
+        self.origin = None
+
+        #: The ALTSVC field value. This contains information about the HTTP
+        #: alternative service being advertised by the server. Hyper-h2 does
+        #: not parse this field: it is left exactly as sent by the server. The
+        #: structure of the data in this field is given by `RFC 7838 Section 3
+        #: <https://tools.ietf.org/html/rfc7838#section-3>`_.
+        self.field_value = None
+
+    def __repr__(self):
+        return (
+            "<AlternativeServiceAvailable origin:%s, field_value:%s>" % (
+                self.origin.decode('utf-8', 'ignore'),
+                self.field_value.decode('utf-8', 'ignore'),
+            )
+        )
+
+
+class UnknownFrameReceived(Event):
+    """
+    The UnknownFrameReceived event is fired when the remote peer sends a frame
+    that hyper-h2 does not understand. This occurs primarily when the remote
+    peer is employing HTTP/2 extensions that hyper-h2 doesn't know anything
+    about.
+
+    RFC 7540 requires that HTTP/2 implementations ignore these frames. hyper-h2
+    does so. However, this event is fired to allow implementations to perform
+    special processing on those frames if needed (e.g. if the implementation
+    is capable of handling the frame itself).
+
+    .. versionadded:: 2.7.0
+    """
+    def __init__(self):
+        #: The hyperframe Frame object that encapsulates the received frame.
+        self.frame = None
+
+    def __repr__(self):
+        return "<UnknownFrameReceived>"
+
+
+def _bytes_representation(data):
+    """
+    Converts a bytestring into something that is safe to print on all Python
+    platforms.
+
+    This function is relatively expensive, so it should not be called on the
+    mainline of the code. It's safe to use in things like object repr methods
+    though.
+    """
+    if data is None:
+        return None
+
+    hex = binascii.hexlify(data)
+
+    # This is moderately clever: on all Python versions hexlify returns a byte
+    # string. On Python 3 we want an actual string, so we just check whether
+    # that's what we have.
+    if not isinstance(hex, str):  # pragma: no cover
+        hex = hex.decode('ascii')
+
+    return hex
diff --git a/testing/web-platform/tests/tools/third_party/h2/h2/exceptions.py b/testing/web-platform/tests/tools/third_party/h2/h2/exceptions.py
new file mode 100644
index 0000000000..388f9e9a38
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/h2/exceptions.py
@@ -0,0 +1,186 @@
+# -*- coding: utf-8 -*-
+"""
+h2/exceptions
+~~~~~~~~~~~~~
+
+Exceptions for the HTTP/2 module.
+"""
+import h2.errors
+
+
+class H2Error(Exception):
+    """
+    The base class for all exceptions for the HTTP/2 module.
+    """
+
+
+class ProtocolError(H2Error):
+    """
+    An action was attempted in violation of the HTTP/2 protocol.
+    """
+    #: The error code corresponds to this kind of Protocol Error.
+    error_code = h2.errors.ErrorCodes.PROTOCOL_ERROR
+
+
+class FrameTooLargeError(ProtocolError):
+    """
+    The frame that we tried to send or that we received was too large.
+    """
+    #: This error code that corresponds to this kind of Protocol Error.
+    error_code = h2.errors.ErrorCodes.FRAME_SIZE_ERROR
+
+
+class FrameDataMissingError(ProtocolError):
+    """
+    The frame that we received is missing some data.
+
+    .. versionadded:: 2.0.0
+    """
+    #: The error code that corresponds to this kind of Protocol Error
+    error_code = h2.errors.ErrorCodes.FRAME_SIZE_ERROR
+
+
+class TooManyStreamsError(ProtocolError):
+    """
+    An attempt was made to open a stream that would lead to too many concurrent
+    streams.
+    """
+    pass
+
+
+class FlowControlError(ProtocolError):
+    """
+    An attempted action violates flow control constraints.
+    """
+    #: The error code that corresponds to this kind of
+    #: :class:`ProtocolError <h2.exceptions.ProtocolError>`
+    error_code = h2.errors.ErrorCodes.FLOW_CONTROL_ERROR
+
+
+class StreamIDTooLowError(ProtocolError):
+    """
+    An attempt was made to open a stream that had an ID that is lower than the
+    highest ID we have seen on this connection.
+    """
+    def __init__(self, stream_id, max_stream_id):
+        #: The ID of the stream that we attempted to open.
+        self.stream_id = stream_id
+
+        #: The current highest-seen stream ID.
+        self.max_stream_id = max_stream_id
+
+    def __str__(self):
+        return "StreamIDTooLowError: %d is lower than %d" % (
+            self.stream_id, self.max_stream_id
+        )
+
+
+class NoAvailableStreamIDError(ProtocolError):
+    """
+    There are no available stream IDs left to the connection. All stream IDs
+    have been exhausted.
+
+    .. versionadded:: 2.0.0
+    """
+    pass
+
+
+class NoSuchStreamError(ProtocolError):
+    """
+    A stream-specific action referenced a stream that does not exist.
+
+    .. versionchanged:: 2.0.0
+       Became a subclass of :class:`ProtocolError
+       <h2.exceptions.ProtocolError>`
+    """
+    def __init__(self, stream_id):
+        #: The stream ID that corresponds to the non-existent stream.
+        self.stream_id = stream_id
+
+
+class StreamClosedError(NoSuchStreamError):
+    """
+    A more specific form of
+    :class:`NoSuchStreamError <h2.exceptions.NoSuchStreamError>`. Indicates
+    that the stream has since been closed, and that all state relating to that
+    stream has been removed.
+    """
+    def __init__(self, stream_id):
+        #: The stream ID that corresponds to the nonexistent stream.
+        self.stream_id = stream_id
+
+        #: The relevant HTTP/2 error code.
+        self.error_code = h2.errors.ErrorCodes.STREAM_CLOSED
+
+        # Any events that internal code may need to fire. Not relevant to
+        # external users that may receive a StreamClosedError.
+        self._events = []
+
+
+class InvalidSettingsValueError(ProtocolError, ValueError):
+    """
+    An attempt was made to set an invalid Settings value.
+
+    .. versionadded:: 2.0.0
+    """
+    def __init__(self, msg, error_code):
+        super(InvalidSettingsValueError, self).__init__(msg)
+        self.error_code = error_code
+
+
+class InvalidBodyLengthError(ProtocolError):
+    """
+    The remote peer sent more or less data that the Content-Length header
+    indicated.
+
+    .. versionadded:: 2.0.0
+    """
+    def __init__(self, expected, actual):
+        self.expected_length = expected
+        self.actual_length = actual
+
+    def __str__(self):
+        return "InvalidBodyLengthError: Expected %d bytes, received %d" % (
+            self.expected_length, self.actual_length
+        )
+
+
+class UnsupportedFrameError(ProtocolError, KeyError):
+    """
+    The remote peer sent a frame that is unsupported in this context.
+
+    .. versionadded:: 2.1.0
+    """
+    # TODO: Remove the KeyError in 3.0.0
+    pass
+
+
+class RFC1122Error(H2Error):
+    """
+    Emitted when users attempt to do something that is literally allowed by the
+    relevant RFC, but is sufficiently ill-defined that it's unwise to allow
+    users to actually do it.
+
+    While there is some disagreement about whether or not we should be liberal
+    in what accept, it is a truth universally acknowledged that we should be
+    conservative in what emit.
+
+    .. versionadded:: 2.4.0
+    """
+    # shazow says I'm going to regret naming the exception this way. If that
+    # turns out to be true, TELL HIM NOTHING.
+    pass
+
+
+class DenialOfServiceError(ProtocolError):
+    """
+    Emitted when the remote peer exhibits a behaviour that is likely to be an
+    attempt to perform a Denial of Service attack on the implementation. This
+    is a form of ProtocolError that carries a different error code, and allows
+    more easy detection of this kind of behaviour.
+
+    .. versionadded:: 2.5.0
+    """
+    #: The error code that corresponds to this kind of
+    #: :class:`ProtocolError <h2.exceptions.ProtocolError>`
+    error_code = h2.errors.ErrorCodes.ENHANCE_YOUR_CALM
diff --git a/testing/web-platform/tests/tools/third_party/h2/h2/frame_buffer.py b/testing/web-platform/tests/tools/third_party/h2/h2/frame_buffer.py
new file mode 100644
index 0000000000..e79f6ec2de
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/h2/frame_buffer.py
@@ -0,0 +1,175 @@
+# -*- coding: utf-8 -*-
+"""
+h2/frame_buffer
+~~~~~~~~~~~~~~~
+
+A data structure that provides a way to iterate over a byte buffer in terms of
+frames.
+"""
+from hyperframe.exceptions import InvalidFrameError
+from hyperframe.frame import (
+    Frame, HeadersFrame, ContinuationFrame, PushPromiseFrame
+)
+
+from .exceptions import (
+    ProtocolError, FrameTooLargeError, FrameDataMissingError
+)
+
+# To avoid a DOS attack based on sending loads of continuation frames, we limit
+# the maximum number we're perpared to receive. In this case, we'll set the
+# limit to 64, which means the largest encoded header block we can receive by
+# default is 262144 bytes long, and the largest possible *at all* is 1073741760
+# bytes long.
+#
+# This value seems reasonable for now, but in future we may want to evaluate
+# making it configurable.
+CONTINUATION_BACKLOG = 64
+
+
+class FrameBuffer(object):
+    """
+    This is a data structure that expects to act as a buffer for HTTP/2 data
+    that allows iteraton in terms of H2 frames.
+    """
+    def __init__(self, server=False):
+        self.data = b''
+        self.max_frame_size = 0
+        self._preamble = b'PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n' if server else b''
+        self._preamble_len = len(self._preamble)
+        self._headers_buffer = []
+
+    def add_data(self, data):
+        """
+        Add more data to the frame buffer.
+
+        :param data: A bytestring containing the byte buffer.
+        """
+        if self._preamble_len:
+            data_len = len(data)
+            of_which_preamble = min(self._preamble_len, data_len)
+
+            if self._preamble[:of_which_preamble] != data[:of_which_preamble]:
+                raise ProtocolError("Invalid HTTP/2 preamble.")
+
+            data = data[of_which_preamble:]
+            self._preamble_len -= of_which_preamble
+            self._preamble = self._preamble[of_which_preamble:]
+
+        self.data += data
+
+    def _parse_frame_header(self, data):
+        """
+        Parses the frame header from the data. Either returns a tuple of
+        (frame, length), or throws an exception. The returned frame may be None
+        if the frame is of unknown type.
+        """
+        try:
+            frame, length = Frame.parse_frame_header(data[:9])
+        except ValueError as e:
+            # The frame header is invalid. This is a ProtocolError
+            raise ProtocolError("Invalid frame header received: %s" % str(e))
+
+        return frame, length
+
+    def _validate_frame_length(self, length):
+        """
+        Confirm that the frame is an appropriate length.
+        """
+        if length > self.max_frame_size:
+            raise FrameTooLargeError(
+                "Received overlong frame: length %d, max %d" %
+                (length, self.max_frame_size)
+            )
+
+    def _update_header_buffer(self, f):
+        """
+        Updates the internal header buffer. Returns a frame that should replace
+        the current one. May throw exceptions if this frame is invalid.
+        """
+        # Check if we're in the middle of a headers block. If we are, this
+        # frame *must* be a CONTINUATION frame with the same stream ID as the
+        # leading HEADERS or PUSH_PROMISE frame. Anything else is a
+        # ProtocolError. If the frame *is* valid, append it to the header
+        # buffer.
+        if self._headers_buffer:
+            stream_id = self._headers_buffer[0].stream_id
+            valid_frame = (
+                f is not None and
+                isinstance(f, ContinuationFrame) and
+                f.stream_id == stream_id
+            )
+            if not valid_frame:
+                raise ProtocolError("Invalid frame during header block.")
+
+            # Append the frame to the buffer.
+            self._headers_buffer.append(f)
+            if len(self._headers_buffer) > CONTINUATION_BACKLOG:
+                raise ProtocolError("Too many continuation frames received.")
+
+            # If this is the end of the header block, then we want to build a
+            # mutant HEADERS frame that's massive. Use the original one we got,
+            # then set END_HEADERS and set its data appopriately. If it's not
+            # the end of the block, lose the current frame: we can't yield it.
+            if 'END_HEADERS' in f.flags:
+                f = self._headers_buffer[0]
+                f.flags.add('END_HEADERS')
+                f.data = b''.join(x.data for x in self._headers_buffer)
+                self._headers_buffer = []
+            else:
+                f = None
+        elif (isinstance(f, (HeadersFrame, PushPromiseFrame)) and
+                'END_HEADERS' not in f.flags):
+            # This is the start of a headers block! Save the frame off and then
+            # act like we didn't receive one.
+            self._headers_buffer.append(f)
+            f = None
+
+        return f
+
+    # The methods below support the iterator protocol.
+    def __iter__(self):
+        return self
+
+    def next(self):  # Python 2
+        # First, check that we have enough data to successfully parse the
+        # next frame header. If not, bail. Otherwise, parse it.
+        if len(self.data) < 9:
+            raise StopIteration()
+
+        try:
+            f, length = self._parse_frame_header(self.data)
+        except InvalidFrameError:  # pragma: no cover
+            raise ProtocolError("Received frame with invalid frame header.")
+
+        # Next, check that we have enough length to parse the frame body. If
+        # not, bail, leaving the frame header data in the buffer for next time.
+        if len(self.data) < length + 9:
+            raise StopIteration()
+
+        # Confirm the frame has an appropriate length.
+        self._validate_frame_length(length)
+
+        # Don't try to parse the body if we didn't get a frame we know about:
+        # there's nothing we can do with it anyway.
+        if f is not None:
+            try:
+                f.parse_body(memoryview(self.data[9:9+length]))
+            except InvalidFrameError:
+                raise FrameDataMissingError("Frame data missing or invalid")
+
+        # At this point, as we know we'll use or discard the entire frame, we
+        # can update the data.
+        self.data = self.data[9+length:]
+
+        # Pass the frame through the header buffer.
+        f = self._update_header_buffer(f)
+
+        # If we got a frame we didn't understand or shouldn't yield, rather
+        # than return None it'd be better if we just tried to get the next
+        # frame in the sequence instead. Recurse back into ourselves to do
+        # that. This is safe because the amount of work we have to do here is
+        # strictly bounded by the length of the buffer.
+        return f if f is not None else self.next()
+
+    def __next__(self):  # Python 3
+        return self.next()
diff --git a/testing/web-platform/tests/tools/third_party/h2/h2/settings.py b/testing/web-platform/tests/tools/third_party/h2/h2/settings.py
new file mode 100644
index 0000000000..bf87c94f4e
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/h2/settings.py
@@ -0,0 +1,339 @@
+# -*- coding: utf-8 -*-
+"""
+h2/settings
+~~~~~~~~~~~
+
+This module contains a HTTP/2 settings object. This object provides a simple
+API for manipulating HTTP/2 settings, keeping track of both the current active
+state of the settings and the unacknowledged future values of the settings.
+"""
+import collections
+import enum
+
+from hyperframe.frame import SettingsFrame
+
+from h2.errors import ErrorCodes
+from h2.exceptions import InvalidSettingsValueError
+
+try:
+    from collections.abc import MutableMapping
+except ImportError:  # pragma: no cover
+    # Python 2.7 compatibility
+    from collections import MutableMapping
+
+
+class SettingCodes(enum.IntEnum):
+    """
+    All known HTTP/2 setting codes.
+
+    .. versionadded:: 2.6.0
+    """
+
+    #: Allows the sender to inform the remote endpoint of the maximum size of
+    #: the header compression table used to decode header blocks, in octets.
+    HEADER_TABLE_SIZE = SettingsFrame.HEADER_TABLE_SIZE
+
+    #: This setting can be used to disable server push. To disable server push
+    #: on a client, set this to 0.
+    ENABLE_PUSH = SettingsFrame.ENABLE_PUSH
+
+    #: Indicates the maximum number of concurrent streams that the sender will
+    #: allow.
+    MAX_CONCURRENT_STREAMS = SettingsFrame.MAX_CONCURRENT_STREAMS
+
+    #: Indicates the sender's initial window size (in octets) for stream-level
+    #: flow control.
+    INITIAL_WINDOW_SIZE = SettingsFrame.INITIAL_WINDOW_SIZE
+
+    #: Indicates the size of the largest frame payload that the sender is
+    #: willing to receive, in octets.
+    MAX_FRAME_SIZE = SettingsFrame.MAX_FRAME_SIZE
+
+    #: This advisory setting informs a peer of the maximum size of header list
+    #: that the sender is prepared to accept, in octets.  The value is based on
+    #: the uncompressed size of header fields, including the length of the name
+    #: and value in octets plus an overhead of 32 octets for each header field.
+    MAX_HEADER_LIST_SIZE = SettingsFrame.MAX_HEADER_LIST_SIZE
+
+    #: This setting can be used to enable the connect protocol. To enable on a
+    #: client set this to 1.
+    ENABLE_CONNECT_PROTOCOL = SettingsFrame.ENABLE_CONNECT_PROTOCOL
+
+
+def _setting_code_from_int(code):
+    """
+    Given an integer setting code, returns either one of :class:`SettingCodes
+    <h2.settings.SettingCodes>` or, if not present in the known set of codes,
+    returns the integer directly.
+    """
+    try:
+        return SettingCodes(code)
+    except ValueError:
+        return code
+
+
+class ChangedSetting:
+
+    def __init__(self, setting, original_value, new_value):
+        #: The setting code given. Either one of :class:`SettingCodes
+        #: <h2.settings.SettingCodes>` or ``int``
+        #:
+        #: .. versionchanged:: 2.6.0
+        self.setting = setting
+
+        #: The original value before being changed.
+        self.original_value = original_value
+
+        #: The new value after being changed.
+        self.new_value = new_value
+
+    def __repr__(self):
+        return (
+            "ChangedSetting(setting=%s, original_value=%s, "
+            "new_value=%s)"
+        ) % (
+            self.setting,
+            self.original_value,
+            self.new_value
+        )
+
+
+class Settings(MutableMapping):
+    """
+    An object that encapsulates HTTP/2 settings state.
+
+    HTTP/2 Settings are a complex beast. Each party, remote and local, has its
+    own settings and a view of the other party's settings. When a settings
+    frame is emitted by a peer it cannot assume that the new settings values
+    are in place until the remote peer acknowledges the setting. In principle,
+    multiple settings changes can be "in flight" at the same time, all with
+    different values.
+
+    This object encapsulates this mess. It provides a dict-like interface to
+    settings, which return the *current* values of the settings in question.
+    Additionally, it keeps track of the stack of proposed values: each time an
+    acknowledgement is sent/received, it updates the current values with the
+    stack of proposed values. On top of all that, it validates the values to
+    make sure they're allowed, and raises :class:`InvalidSettingsValueError
+    <h2.exceptions.InvalidSettingsValueError>` if they are not.
+
+    Finally, this object understands what the default values of the HTTP/2
+    settings are, and sets those defaults appropriately.
+
+    .. versionchanged:: 2.2.0
+       Added the ``initial_values`` parameter.
+
+    .. versionchanged:: 2.5.0
+       Added the ``max_header_list_size`` property.
+
+    :param client: (optional) Whether these settings should be defaulted for a
+        client implementation or a server implementation. Defaults to ``True``.
+    :type client: ``bool``
+    :param initial_values: (optional) Any initial values the user would like
+        set, rather than RFC 7540's defaults.
+    :type initial_vales: ``MutableMapping``
+    """
+    def __init__(self, client=True, initial_values=None):
+        # Backing object for the settings. This is a dictionary of
+        # (setting: [list of values]), where the first value in the list is the
+        # current value of the setting. Strictly this doesn't use lists but
+        # instead uses collections.deque to avoid repeated memory allocations.
+        #
+        # This contains the default values for HTTP/2.
+        self._settings = {
+            SettingCodes.HEADER_TABLE_SIZE: collections.deque([4096]),
+            SettingCodes.ENABLE_PUSH: collections.deque([int(client)]),
+            SettingCodes.INITIAL_WINDOW_SIZE: collections.deque([65535]),
+            SettingCodes.MAX_FRAME_SIZE: collections.deque([16384]),
+            SettingCodes.ENABLE_CONNECT_PROTOCOL: collections.deque([0]),
+        }
+        if initial_values is not None:
+            for key, value in initial_values.items():
+                invalid = _validate_setting(key, value)
+                if invalid:
+                    raise InvalidSettingsValueError(
+                        "Setting %d has invalid value %d" % (key, value),
+                        error_code=invalid
+                    )
+                self._settings[key] = collections.deque([value])
+
+    def acknowledge(self):
+        """
+        The settings have been acknowledged, either by the user (remote
+        settings) or by the remote peer (local settings).
+
+        :returns: A dict of {setting: ChangedSetting} that were applied.
+        """
+        changed_settings = {}
+
+        # If there is more than one setting in the list, we have a setting
+        # value outstanding. Update them.
+        for k, v in self._settings.items():
+            if len(v) > 1:
+                old_setting = v.popleft()
+                new_setting = v[0]
+                changed_settings[k] = ChangedSetting(
+                    k, old_setting, new_setting
+                )
+
+        return changed_settings
+
+    # Provide easy-access to well known settings.
+    @property
+    def header_table_size(self):
+        """
+        The current value of the :data:`HEADER_TABLE_SIZE
+        <h2.settings.SettingCodes.HEADER_TABLE_SIZE>` setting.
+        """
+        return self[SettingCodes.HEADER_TABLE_SIZE]
+
+    @header_table_size.setter
+    def header_table_size(self, value):
+        self[SettingCodes.HEADER_TABLE_SIZE] = value
+
+    @property
+    def enable_push(self):
+        """
+        The current value of the :data:`ENABLE_PUSH
+        <h2.settings.SettingCodes.ENABLE_PUSH>` setting.
+        """
+        return self[SettingCodes.ENABLE_PUSH]
+
+    @enable_push.setter
+    def enable_push(self, value):
+        self[SettingCodes.ENABLE_PUSH] = value
+
+    @property
+    def initial_window_size(self):
+        """
+        The current value of the :data:`INITIAL_WINDOW_SIZE
+        <h2.settings.SettingCodes.INITIAL_WINDOW_SIZE>` setting.
+        """
+        return self[SettingCodes.INITIAL_WINDOW_SIZE]
+
+    @initial_window_size.setter
+    def initial_window_size(self, value):
+        self[SettingCodes.INITIAL_WINDOW_SIZE] = value
+
+    @property
+    def max_frame_size(self):
+        """
+        The current value of the :data:`MAX_FRAME_SIZE
+        <h2.settings.SettingCodes.MAX_FRAME_SIZE>` setting.
+        """
+        return self[SettingCodes.MAX_FRAME_SIZE]
+
+    @max_frame_size.setter
+    def max_frame_size(self, value):
+        self[SettingCodes.MAX_FRAME_SIZE] = value
+
+    @property
+    def max_concurrent_streams(self):
+        """
+        The current value of the :data:`MAX_CONCURRENT_STREAMS
+        <h2.settings.SettingCodes.MAX_CONCURRENT_STREAMS>` setting.
+        """
+        return self.get(SettingCodes.MAX_CONCURRENT_STREAMS, 2**32+1)
+
+    @max_concurrent_streams.setter
+    def max_concurrent_streams(self, value):
+        self[SettingCodes.MAX_CONCURRENT_STREAMS] = value
+
+    @property
+    def max_header_list_size(self):
+        """
+        The current value of the :data:`MAX_HEADER_LIST_SIZE
+        <h2.settings.SettingCodes.MAX_HEADER_LIST_SIZE>` setting. If not set,
+        returns ``None``, which means unlimited.
+
+        .. versionadded:: 2.5.0
+        """
+        return self.get(SettingCodes.MAX_HEADER_LIST_SIZE, None)
+
+    @max_header_list_size.setter
+    def max_header_list_size(self, value):
+        self[SettingCodes.MAX_HEADER_LIST_SIZE] = value
+
+    @property
+    def enable_connect_protocol(self):
+        """
+        The current value of the :data:`ENABLE_CONNECT_PROTOCOL
+        <h2.settings.SettingCodes.ENABLE_CONNECT_PROTOCOL>` setting.
+        """
+        return self[SettingCodes.ENABLE_CONNECT_PROTOCOL]
+
+    @enable_connect_protocol.setter
+    def enable_connect_protocol(self, value):
+        self[SettingCodes.ENABLE_CONNECT_PROTOCOL] = value
+
+    # Implement the MutableMapping API.
+    def __getitem__(self, key):
+        val = self._settings[key][0]
+
+        # Things that were created when a setting was received should stay
+        # KeyError'd.
+        if val is None:
+            raise KeyError
+
+        return val
+
+    def __setitem__(self, key, value):
+        invalid = _validate_setting(key, value)
+        if invalid:
+            raise InvalidSettingsValueError(
+                "Setting %d has invalid value %d" % (key, value),
+                error_code=invalid
+            )
+
+        try:
+            items = self._settings[key]
+        except KeyError:
+            items = collections.deque([None])
+            self._settings[key] = items
+
+        items.append(value)
+
+    def __delitem__(self, key):
+        del self._settings[key]
+
+    def __iter__(self):
+        return self._settings.__iter__()
+
+    def __len__(self):
+        return len(self._settings)
+
+    def __eq__(self, other):
+        if isinstance(other, Settings):
+            return self._settings == other._settings
+        else:
+            return NotImplemented
+
+    def __ne__(self, other):
+        if isinstance(other, Settings):
+            return not self == other
+        else:
+            return NotImplemented
+
+
+def _validate_setting(setting, value):  # noqa: C901
+    """
+    Confirms that a specific setting has a well-formed value. If the setting is
+    invalid, returns an error code. Otherwise, returns 0 (NO_ERROR).
+    """
+    if setting == SettingCodes.ENABLE_PUSH:
+        if value not in (0, 1):
+            return ErrorCodes.PROTOCOL_ERROR
+    elif setting == SettingCodes.INITIAL_WINDOW_SIZE:
+        if not 0 <= value <= 2147483647:  # 2^31 - 1
+            return ErrorCodes.FLOW_CONTROL_ERROR
+    elif setting == SettingCodes.MAX_FRAME_SIZE:
+        if not 16384 <= value <= 16777215:  # 2^14 and 2^24 - 1
+            return ErrorCodes.PROTOCOL_ERROR
+    elif setting == SettingCodes.MAX_HEADER_LIST_SIZE:
+        if value < 0:
+            return ErrorCodes.PROTOCOL_ERROR
+    elif setting == SettingCodes.ENABLE_CONNECT_PROTOCOL:
+        if value not in (0, 1):
+            return ErrorCodes.PROTOCOL_ERROR
+
+    return 0
diff --git a/testing/web-platform/tests/tools/third_party/h2/h2/stream.py b/testing/web-platform/tests/tools/third_party/h2/h2/stream.py
new file mode 100644
index 0000000000..1cb91786d4
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/h2/stream.py
@@ -0,0 +1,1369 @@
+# -*- coding: utf-8 -*-
+"""
+h2/stream
+~~~~~~~~~
+
+An implementation of a HTTP/2 stream.
+"""
+from enum import Enum, IntEnum
+from hpack import HeaderTuple
+from hyperframe.frame import (
+    HeadersFrame, ContinuationFrame, DataFrame, WindowUpdateFrame,
+    RstStreamFrame, PushPromiseFrame, AltSvcFrame
+)
+
+from .errors import ErrorCodes, _error_code_from_int
+from .events import (
+    RequestReceived, ResponseReceived, DataReceived, WindowUpdated,
+    StreamEnded, PushedStreamReceived, StreamReset, TrailersReceived,
+    InformationalResponseReceived, AlternativeServiceAvailable,
+    _ResponseSent, _RequestSent, _TrailersSent, _PushedRequestSent
+)
+from .exceptions import (
+    ProtocolError, StreamClosedError, InvalidBodyLengthError, FlowControlError
+)
+from .utilities import (
+    guard_increment_window, is_informational_response, authority_from_headers,
+    validate_headers, validate_outbound_headers, normalize_outbound_headers,
+    HeaderValidationFlags, extract_method_header, normalize_inbound_headers
+)
+from .windows import WindowManager
+
+
+class StreamState(IntEnum):
+    IDLE = 0
+    RESERVED_REMOTE = 1
+    RESERVED_LOCAL = 2
+    OPEN = 3
+    HALF_CLOSED_REMOTE = 4
+    HALF_CLOSED_LOCAL = 5
+    CLOSED = 6
+
+
+class StreamInputs(Enum):
+    SEND_HEADERS = 0
+    SEND_PUSH_PROMISE = 1
+    SEND_RST_STREAM = 2
+    SEND_DATA = 3
+    SEND_WINDOW_UPDATE = 4
+    SEND_END_STREAM = 5
+    RECV_HEADERS = 6
+    RECV_PUSH_PROMISE = 7
+    RECV_RST_STREAM = 8
+    RECV_DATA = 9
+    RECV_WINDOW_UPDATE = 10
+    RECV_END_STREAM = 11
+    RECV_CONTINUATION = 12  # Added in 2.0.0
+    SEND_INFORMATIONAL_HEADERS = 13  # Added in 2.2.0
+    RECV_INFORMATIONAL_HEADERS = 14  # Added in 2.2.0
+    SEND_ALTERNATIVE_SERVICE = 15  # Added in 2.3.0
+    RECV_ALTERNATIVE_SERVICE = 16  # Added in 2.3.0
+    UPGRADE_CLIENT = 17  # Added 2.3.0
+    UPGRADE_SERVER = 18  # Added 2.3.0
+
+
+class StreamClosedBy(Enum):
+    SEND_END_STREAM = 0
+    RECV_END_STREAM = 1
+    SEND_RST_STREAM = 2
+    RECV_RST_STREAM = 3
+
+
+# This array is initialized once, and is indexed by the stream states above.
+# It indicates whether a stream in the given state is open. The reason we do
+# this is that we potentially check whether a stream in a given state is open
+# quite frequently: given that we check so often, we should do so in the
+# fastest and most performant way possible.
+STREAM_OPEN = [False for _ in range(0, len(StreamState))]
+STREAM_OPEN[StreamState.OPEN] = True
+STREAM_OPEN[StreamState.HALF_CLOSED_LOCAL] = True
+STREAM_OPEN[StreamState.HALF_CLOSED_REMOTE] = True
+
+
+class H2StreamStateMachine(object):
+    """
+    A single HTTP/2 stream state machine.
+
+    This stream object implements basically the state machine described in
+    RFC 7540 section 5.1.
+
+    :param stream_id: The stream ID of this stream. This is stored primarily
+        for logging purposes.
+    """
+    def __init__(self, stream_id):
+        self.state = StreamState.IDLE
+        self.stream_id = stream_id
+
+        #: Whether this peer is the client side of this stream.
+        self.client = None
+
+        # Whether trailers have been sent/received on this stream or not.
+        self.headers_sent = None
+        self.trailers_sent = None
+        self.headers_received = None
+        self.trailers_received = None
+
+        # How the stream was closed. One of StreamClosedBy.
+        self.stream_closed_by = None
+
+    def process_input(self, input_):
+        """
+        Process a specific input in the state machine.
+        """
+        if not isinstance(input_, StreamInputs):
+            raise ValueError("Input must be an instance of StreamInputs")
+
+        try:
+            func, target_state = _transitions[(self.state, input_)]
+        except KeyError:
+            old_state = self.state
+            self.state = StreamState.CLOSED
+            raise ProtocolError(
+                "Invalid input %s in state %s" % (input_, old_state)
+            )
+        else:
+            previous_state = self.state
+            self.state = target_state
+            if func is not None:
+                try:
+                    return func(self, previous_state)
+                except ProtocolError:
+                    self.state = StreamState.CLOSED
+                    raise
+                except AssertionError as e:  # pragma: no cover
+                    self.state = StreamState.CLOSED
+                    raise ProtocolError(e)
+
+            return []
+
+    def request_sent(self, previous_state):
+        """
+        Fires when a request is sent.
+        """
+        self.client = True
+        self.headers_sent = True
+        event = _RequestSent()
+
+        return [event]
+
+    def response_sent(self, previous_state):
+        """
+        Fires when something that should be a response is sent. This 'response'
+        may actually be trailers.
+        """
+        if not self.headers_sent:
+            if self.client is True or self.client is None:
+                raise ProtocolError("Client cannot send responses.")
+            self.headers_sent = True
+            event = _ResponseSent()
+        else:
+            assert not self.trailers_sent
+            self.trailers_sent = True
+            event = _TrailersSent()
+
+        return [event]
+
+    def request_received(self, previous_state):
+        """
+        Fires when a request is received.
+        """
+        assert not self.headers_received
+        assert not self.trailers_received
+
+        self.client = False
+        self.headers_received = True
+        event = RequestReceived()
+
+        event.stream_id = self.stream_id
+        return [event]
+
+    def response_received(self, previous_state):
+        """
+        Fires when a response is received. Also disambiguates between responses
+        and trailers.
+        """
+        if not self.headers_received:
+            assert self.client is True
+            self.headers_received = True
+            event = ResponseReceived()
+        else:
+            assert not self.trailers_received
+            self.trailers_received = True
+            event = TrailersReceived()
+
+        event.stream_id = self.stream_id
+        return [event]
+
+    def data_received(self, previous_state):
+        """
+        Fires when data is received.
+        """
+        event = DataReceived()
+        event.stream_id = self.stream_id
+        return [event]
+
+    def window_updated(self, previous_state):
+        """
+        Fires when a window update frame is received.
+        """
+        event = WindowUpdated()
+        event.stream_id = self.stream_id
+        return [event]
+
+    def stream_half_closed(self, previous_state):
+        """
+        Fires when an END_STREAM flag is received in the OPEN state,
+        transitioning this stream to a HALF_CLOSED_REMOTE state.
+        """
+        event = StreamEnded()
+        event.stream_id = self.stream_id
+        return [event]
+
+    def stream_ended(self, previous_state):
+        """
+        Fires when a stream is cleanly ended.
+        """
+        self.stream_closed_by = StreamClosedBy.RECV_END_STREAM
+        event = StreamEnded()
+        event.stream_id = self.stream_id
+        return [event]
+
+    def stream_reset(self, previous_state):
+        """
+        Fired when a stream is forcefully reset.
+        """
+        self.stream_closed_by = StreamClosedBy.RECV_RST_STREAM
+        event = StreamReset()
+        event.stream_id = self.stream_id
+        return [event]
+
+    def send_new_pushed_stream(self, previous_state):
+        """
+        Fires on the newly pushed stream, when pushed by the local peer.
+
+        No event here, but definitionally this peer must be a server.
+        """
+        assert self.client is None
+        self.client = False
+        self.headers_received = True
+        return []
+
+    def recv_new_pushed_stream(self, previous_state):
+        """
+        Fires on the newly pushed stream, when pushed by the remote peer.
+
+        No event here, but definitionally this peer must be a client.
+        """
+        assert self.client is None
+        self.client = True
+        self.headers_sent = True
+        return []
+
+    def send_push_promise(self, previous_state):
+        """
+        Fires on the already-existing stream when a PUSH_PROMISE frame is sent.
+        We may only send PUSH_PROMISE frames if we're a server.
+        """
+        if self.client is True:
+            raise ProtocolError("Cannot push streams from client peers.")
+
+        event = _PushedRequestSent()
+        return [event]
+
+    def recv_push_promise(self, previous_state):
+        """
+        Fires on the already-existing stream when a PUSH_PROMISE frame is
+        received. We may only receive PUSH_PROMISE frames if we're a client.
+
+        Fires a PushedStreamReceived event.
+        """
+        if not self.client:
+            if self.client is None:  # pragma: no cover
+                msg = "Idle streams cannot receive pushes"
+            else:  # pragma: no cover
+                msg = "Cannot receive pushed streams as a server"
+            raise ProtocolError(msg)
+
+        event = PushedStreamReceived()
+        event.parent_stream_id = self.stream_id
+        return [event]
+
+    def send_end_stream(self, previous_state):
+        """
+        Called when an attempt is made to send END_STREAM in the
+        HALF_CLOSED_REMOTE state.
+        """
+        self.stream_closed_by = StreamClosedBy.SEND_END_STREAM
+
+    def send_reset_stream(self, previous_state):
+        """
+        Called when an attempt is made to send RST_STREAM in a non-closed
+        stream state.
+        """
+        self.stream_closed_by = StreamClosedBy.SEND_RST_STREAM
+
+    def reset_stream_on_error(self, previous_state):
+        """
+        Called when we need to forcefully emit another RST_STREAM frame on
+        behalf of the state machine.
+
+        If this is the first time we've done this, we should also hang an event
+        off the StreamClosedError so that the user can be informed. We know
+        it's the first time we've done this if the stream is currently in a
+        state other than CLOSED.
+        """
+        self.stream_closed_by = StreamClosedBy.SEND_RST_STREAM
+
+        error = StreamClosedError(self.stream_id)
+
+        event = StreamReset()
+        event.stream_id = self.stream_id
+        event.error_code = ErrorCodes.STREAM_CLOSED
+        event.remote_reset = False
+        error._events = [event]
+        raise error
+
+    def recv_on_closed_stream(self, previous_state):
+        """
+        Called when an unexpected frame is received on an already-closed
+        stream.
+
+        An endpoint that receives an unexpected frame should treat it as
+        a stream error or connection error with type STREAM_CLOSED, depending
+        on the specific frame. The error handling is done at a higher level:
+        this just raises the appropriate error.
+        """
+        raise StreamClosedError(self.stream_id)
+
+    def send_on_closed_stream(self, previous_state):
+        """
+        Called when an attempt is made to send data on an already-closed
+        stream.
+
+        This essentially overrides the standard logic by throwing a
+        more-specific error: StreamClosedError. This is a ProtocolError, so it
+        matches the standard API of the state machine, but provides more detail
+        to the user.
+        """
+        raise StreamClosedError(self.stream_id)
+
+    def recv_push_on_closed_stream(self, previous_state):
+        """
+        Called when a PUSH_PROMISE frame is received on a full stop
+        stream.
+
+        If the stream was closed by us sending a RST_STREAM frame, then we
+        presume that the PUSH_PROMISE was in flight when we reset the parent
+        stream. Rathen than accept the new stream, we just reset it.
+        Otherwise, we should call this a PROTOCOL_ERROR: pushing a stream on a
+        naturally closed stream is a real problem because it creates a brand
+        new stream that the remote peer now believes exists.
+        """
+        assert self.stream_closed_by is not None
+
+        if self.stream_closed_by == StreamClosedBy.SEND_RST_STREAM:
+            raise StreamClosedError(self.stream_id)
+        else:
+            raise ProtocolError("Attempted to push on closed stream.")
+
+    def send_push_on_closed_stream(self, previous_state):
+        """
+        Called when an attempt is made to push on an already-closed stream.
+
+        This essentially overrides the standard logic by providing a more
+        useful error message. It's necessary because simply indicating that the
+        stream is closed is not enough: there is now a new stream that is not
+        allowed to be there. The only recourse is to tear the whole connection
+        down.
+        """
+        raise ProtocolError("Attempted to push on closed stream.")
+
+    def send_informational_response(self, previous_state):
+        """
+        Called when an informational header block is sent (that is, a block
+        where the :status header has a 1XX value).
+
+        Only enforces that these are sent *before* final headers are sent.
+        """
+        if self.headers_sent:
+            raise ProtocolError("Information response after final response")
+
+        event = _ResponseSent()
+        return [event]
+
+    def recv_informational_response(self, previous_state):
+        """
+        Called when an informational header block is received (that is, a block
+        where the :status header has a 1XX value).
+        """
+        if self.headers_received:
+            raise ProtocolError("Informational response after final response")
+
+        event = InformationalResponseReceived()
+        event.stream_id = self.stream_id
+        return [event]
+
+    def recv_alt_svc(self, previous_state):
+        """
+        Called when receiving an ALTSVC frame.
+
+        RFC 7838 allows us to receive ALTSVC frames at any stream state, which
+        is really absurdly overzealous. For that reason, we want to limit the
+        states in which we can actually receive it. It's really only sensible
+        to receive it after we've sent our own headers and before the server
+        has sent its header block: the server can't guarantee that we have any
+        state around after it completes its header block, and the server
+        doesn't know what origin we're talking about before we've sent ours.
+
+        For that reason, this function applies a few extra checks on both state
+        and some of the little state variables we keep around. If those suggest
+        an unreasonable situation for the ALTSVC frame to have been sent in,
+        we quietly ignore it (as RFC 7838 suggests).
+
+        This function is also *not* always called by the state machine. In some
+        states (IDLE, RESERVED_LOCAL, CLOSED) we don't bother to call it,
+        because we know the frame cannot be valid in that state (IDLE because
+        the server cannot know what origin the stream applies to, CLOSED
+        because the server cannot assume we still have state around,
+        RESERVED_LOCAL because by definition if we're in the RESERVED_LOCAL
+        state then *we* are the server).
+        """
+        # Servers can't receive ALTSVC frames, but RFC 7838 tells us to ignore
+        # them.
+        if self.client is False:
+            return []
+
+        # If we've received the response headers from the server they can't
+        # guarantee we still have any state around. Other implementations
+        # (like nghttp2) ignore ALTSVC in this state, so we will too.
+        if self.headers_received:
+            return []
+
+        # Otherwise, this is a sensible enough frame to have received. Return
+        # the event and let it get populated.
+        return [AlternativeServiceAvailable()]
+
+    def send_alt_svc(self, previous_state):
+        """
+        Called when sending an ALTSVC frame on this stream.
+
+        For consistency with the restrictions we apply on receiving ALTSVC
+        frames in ``recv_alt_svc``, we want to restrict when users can send
+        ALTSVC frames to the situations when we ourselves would accept them.
+
+        That means: when we are a server, when we have received the request
+        headers, and when we have not yet sent our own response headers.
+        """
+        # We should not send ALTSVC after we've sent response headers, as the
+        # client may have disposed of its state.
+        if self.headers_sent:
+            raise ProtocolError(
+                "Cannot send ALTSVC after sending response headers."
+            )
+
+        return
+
+
+# STATE MACHINE
+#
+# The stream state machine is defined here to avoid the need to allocate it
+# repeatedly for each stream. It cannot be defined in the stream class because
+# it needs to be able to reference the callbacks defined on the class, but
+# because Python's scoping rules are weird the class object is not actually in
+# scope during the body of the class object.
+#
+# For the sake of clarity, we reproduce the RFC 7540 state machine here:
+#
+#                          +--------+
+#                  send PP |        | recv PP
+#                 ,--------|  idle  |--------.
+#                /         |        |         \
+#               v          +--------+          v
+#        +----------+          |           +----------+
+#        |          |          | send H /  |          |
+# ,------| reserved |          | recv H    | reserved |------.
+# |      | (local)  |          |           | (remote) |      |
+# |      +----------+          v           +----------+      |
+# |          |             +--------+             |          |
+# |          |     recv ES |        | send ES     |          |
+# |   send H |     ,-------|  open  |-------.     | recv H   |
+# |          |    /        |        |        \    |          |
+# |          v   v         +--------+         v   v          |
+# |      +----------+          |           +----------+      |
+# |      |   half   |          |           |   half   |      |
+# |      |  closed  |          | send R /  |  closed  |      |
+# |      | (remote) |          | recv R    | (local)  |      |
+# |      +----------+          |           +----------+      |
+# |           |                |                 |           |
+# |           | send ES /      |       recv ES / |           |
+# |           | send R /       v        send R / |           |
+# |           | recv R     +--------+   recv R   |           |
+# | send R /  `----------->|        |<-----------'  send R / |
+# | recv R                 | closed |               recv R   |
+# `----------------------->|        |<----------------------'
+#                          +--------+
+#
+#    send:   endpoint sends this frame
+#    recv:   endpoint receives this frame
+#
+#    H:  HEADERS frame (with implied CONTINUATIONs)
+#    PP: PUSH_PROMISE frame (with implied CONTINUATIONs)
+#    ES: END_STREAM flag
+#    R:  RST_STREAM frame
+#
+# For the purposes of this state machine we treat HEADERS and their
+# associated CONTINUATION frames as a single jumbo frame. The protocol
+# allows/requires this by preventing other frames from being interleved in
+# between HEADERS/CONTINUATION frames. However, if a CONTINUATION frame is
+# received without a prior HEADERS frame, it *will* be passed to this state
+# machine. The state machine should always reject that frame, either as an
+# invalid transition or because the stream is closed.
+#
+# There is a confusing relationship around PUSH_PROMISE frames. The state
+# machine above considers them to be frames belonging to the new stream,
+# which is *somewhat* true. However, they are sent with the stream ID of
+# their related stream, and are only sendable in some cases.
+# For this reason, our state machine implementation below allows for
+# PUSH_PROMISE frames both in the IDLE state (as in the diagram), but also
+# in the OPEN, HALF_CLOSED_LOCAL, and HALF_CLOSED_REMOTE states.
+# Essentially, for hyper-h2, PUSH_PROMISE frames are effectively sent on
+# two streams.
+#
+# The _transitions dictionary contains a mapping of tuples of
+# (state, input) to tuples of (side_effect_function, end_state). This
+# map contains all allowed transitions: anything not in this map is
+# invalid and immediately causes a transition to ``closed``.
+_transitions = {
+    # State: idle
+    (StreamState.IDLE, StreamInputs.SEND_HEADERS):
+        (H2StreamStateMachine.request_sent, StreamState.OPEN),
+    (StreamState.IDLE, StreamInputs.RECV_HEADERS):
+        (H2StreamStateMachine.request_received, StreamState.OPEN),
+    (StreamState.IDLE, StreamInputs.RECV_DATA):
+        (H2StreamStateMachine.reset_stream_on_error, StreamState.CLOSED),
+    (StreamState.IDLE, StreamInputs.SEND_PUSH_PROMISE):
+        (H2StreamStateMachine.send_new_pushed_stream,
+            StreamState.RESERVED_LOCAL),
+    (StreamState.IDLE, StreamInputs.RECV_PUSH_PROMISE):
+        (H2StreamStateMachine.recv_new_pushed_stream,
+            StreamState.RESERVED_REMOTE),
+    (StreamState.IDLE, StreamInputs.RECV_ALTERNATIVE_SERVICE):
+        (None, StreamState.IDLE),
+    (StreamState.IDLE, StreamInputs.UPGRADE_CLIENT):
+        (H2StreamStateMachine.request_sent, StreamState.HALF_CLOSED_LOCAL),
+    (StreamState.IDLE, StreamInputs.UPGRADE_SERVER):
+        (H2StreamStateMachine.request_received,
+            StreamState.HALF_CLOSED_REMOTE),
+
+    # State: reserved local
+    (StreamState.RESERVED_LOCAL, StreamInputs.SEND_HEADERS):
+        (H2StreamStateMachine.response_sent, StreamState.HALF_CLOSED_REMOTE),
+    (StreamState.RESERVED_LOCAL, StreamInputs.RECV_DATA):
+        (H2StreamStateMachine.reset_stream_on_error, StreamState.CLOSED),
+    (StreamState.RESERVED_LOCAL, StreamInputs.SEND_WINDOW_UPDATE):
+        (None, StreamState.RESERVED_LOCAL),
+    (StreamState.RESERVED_LOCAL, StreamInputs.RECV_WINDOW_UPDATE):
+        (H2StreamStateMachine.window_updated, StreamState.RESERVED_LOCAL),
+    (StreamState.RESERVED_LOCAL, StreamInputs.SEND_RST_STREAM):
+        (H2StreamStateMachine.send_reset_stream, StreamState.CLOSED),
+    (StreamState.RESERVED_LOCAL, StreamInputs.RECV_RST_STREAM):
+        (H2StreamStateMachine.stream_reset, StreamState.CLOSED),
+    (StreamState.RESERVED_LOCAL, StreamInputs.SEND_ALTERNATIVE_SERVICE):
+        (H2StreamStateMachine.send_alt_svc, StreamState.RESERVED_LOCAL),
+    (StreamState.RESERVED_LOCAL, StreamInputs.RECV_ALTERNATIVE_SERVICE):
+        (None, StreamState.RESERVED_LOCAL),
+
+    # State: reserved remote
+    (StreamState.RESERVED_REMOTE, StreamInputs.RECV_HEADERS):
+        (H2StreamStateMachine.response_received,
+            StreamState.HALF_CLOSED_LOCAL),
+    (StreamState.RESERVED_REMOTE, StreamInputs.RECV_DATA):
+        (H2StreamStateMachine.reset_stream_on_error, StreamState.CLOSED),
+    (StreamState.RESERVED_REMOTE, StreamInputs.SEND_WINDOW_UPDATE):
+        (None, StreamState.RESERVED_REMOTE),
+    (StreamState.RESERVED_REMOTE, StreamInputs.RECV_WINDOW_UPDATE):
+        (H2StreamStateMachine.window_updated, StreamState.RESERVED_REMOTE),
+    (StreamState.RESERVED_REMOTE, StreamInputs.SEND_RST_STREAM):
+        (H2StreamStateMachine.send_reset_stream, StreamState.CLOSED),
+    (StreamState.RESERVED_REMOTE, StreamInputs.RECV_RST_STREAM):
+        (H2StreamStateMachine.stream_reset, StreamState.CLOSED),
+    (StreamState.RESERVED_REMOTE, StreamInputs.RECV_ALTERNATIVE_SERVICE):
+        (H2StreamStateMachine.recv_alt_svc, StreamState.RESERVED_REMOTE),
+
+    # State: open
+    (StreamState.OPEN, StreamInputs.SEND_HEADERS):
+        (H2StreamStateMachine.response_sent, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.RECV_HEADERS):
+        (H2StreamStateMachine.response_received, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.SEND_DATA):
+        (None, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.RECV_DATA):
+        (H2StreamStateMachine.data_received, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.SEND_END_STREAM):
+        (None, StreamState.HALF_CLOSED_LOCAL),
+    (StreamState.OPEN, StreamInputs.RECV_END_STREAM):
+        (H2StreamStateMachine.stream_half_closed,
+         StreamState.HALF_CLOSED_REMOTE),
+    (StreamState.OPEN, StreamInputs.SEND_WINDOW_UPDATE):
+        (None, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.RECV_WINDOW_UPDATE):
+        (H2StreamStateMachine.window_updated, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.SEND_RST_STREAM):
+        (H2StreamStateMachine.send_reset_stream, StreamState.CLOSED),
+    (StreamState.OPEN, StreamInputs.RECV_RST_STREAM):
+        (H2StreamStateMachine.stream_reset, StreamState.CLOSED),
+    (StreamState.OPEN, StreamInputs.SEND_PUSH_PROMISE):
+        (H2StreamStateMachine.send_push_promise, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.RECV_PUSH_PROMISE):
+        (H2StreamStateMachine.recv_push_promise, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.SEND_INFORMATIONAL_HEADERS):
+        (H2StreamStateMachine.send_informational_response, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.RECV_INFORMATIONAL_HEADERS):
+        (H2StreamStateMachine.recv_informational_response, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.SEND_ALTERNATIVE_SERVICE):
+        (H2StreamStateMachine.send_alt_svc, StreamState.OPEN),
+    (StreamState.OPEN, StreamInputs.RECV_ALTERNATIVE_SERVICE):
+        (H2StreamStateMachine.recv_alt_svc, StreamState.OPEN),
+
+    # State: half-closed remote
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_HEADERS):
+        (H2StreamStateMachine.response_sent, StreamState.HALF_CLOSED_REMOTE),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.RECV_HEADERS):
+        (H2StreamStateMachine.reset_stream_on_error, StreamState.CLOSED),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_DATA):
+        (None, StreamState.HALF_CLOSED_REMOTE),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.RECV_DATA):
+        (H2StreamStateMachine.reset_stream_on_error, StreamState.CLOSED),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_END_STREAM):
+        (H2StreamStateMachine.send_end_stream, StreamState.CLOSED),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_WINDOW_UPDATE):
+        (None, StreamState.HALF_CLOSED_REMOTE),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.RECV_WINDOW_UPDATE):
+        (H2StreamStateMachine.window_updated, StreamState.HALF_CLOSED_REMOTE),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_RST_STREAM):
+        (H2StreamStateMachine.send_reset_stream, StreamState.CLOSED),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.RECV_RST_STREAM):
+        (H2StreamStateMachine.stream_reset, StreamState.CLOSED),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_PUSH_PROMISE):
+        (H2StreamStateMachine.send_push_promise,
+            StreamState.HALF_CLOSED_REMOTE),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.RECV_PUSH_PROMISE):
+        (H2StreamStateMachine.reset_stream_on_error, StreamState.CLOSED),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_INFORMATIONAL_HEADERS):
+        (H2StreamStateMachine.send_informational_response,
+            StreamState.HALF_CLOSED_REMOTE),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.SEND_ALTERNATIVE_SERVICE):
+        (H2StreamStateMachine.send_alt_svc, StreamState.HALF_CLOSED_REMOTE),
+    (StreamState.HALF_CLOSED_REMOTE, StreamInputs.RECV_ALTERNATIVE_SERVICE):
+        (H2StreamStateMachine.recv_alt_svc, StreamState.HALF_CLOSED_REMOTE),
+
+    # State: half-closed local
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_HEADERS):
+        (H2StreamStateMachine.response_received,
+            StreamState.HALF_CLOSED_LOCAL),
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_DATA):
+        (H2StreamStateMachine.data_received, StreamState.HALF_CLOSED_LOCAL),
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_END_STREAM):
+        (H2StreamStateMachine.stream_ended, StreamState.CLOSED),
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.SEND_WINDOW_UPDATE):
+        (None, StreamState.HALF_CLOSED_LOCAL),
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_WINDOW_UPDATE):
+        (H2StreamStateMachine.window_updated, StreamState.HALF_CLOSED_LOCAL),
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.SEND_RST_STREAM):
+        (H2StreamStateMachine.send_reset_stream, StreamState.CLOSED),
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_RST_STREAM):
+        (H2StreamStateMachine.stream_reset, StreamState.CLOSED),
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_PUSH_PROMISE):
+        (H2StreamStateMachine.recv_push_promise,
+            StreamState.HALF_CLOSED_LOCAL),
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_INFORMATIONAL_HEADERS):
+        (H2StreamStateMachine.recv_informational_response,
+            StreamState.HALF_CLOSED_LOCAL),
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.SEND_ALTERNATIVE_SERVICE):
+        (H2StreamStateMachine.send_alt_svc, StreamState.HALF_CLOSED_LOCAL),
+    (StreamState.HALF_CLOSED_LOCAL, StreamInputs.RECV_ALTERNATIVE_SERVICE):
+        (H2StreamStateMachine.recv_alt_svc, StreamState.HALF_CLOSED_LOCAL),
+
+    # State: closed
+    (StreamState.CLOSED, StreamInputs.RECV_END_STREAM):
+        (None, StreamState.CLOSED),
+    (StreamState.CLOSED, StreamInputs.RECV_ALTERNATIVE_SERVICE):
+        (None, StreamState.CLOSED),
+
+    # RFC 7540 Section 5.1 defines how the end point should react when
+    # receiving a frame on a closed stream with the following statements:
+    #
+    # > An endpoint that receives any frame other than PRIORITY after receiving
+    # > a RST_STREAM MUST treat that as a stream error of type STREAM_CLOSED.
+    # > An endpoint that receives any frames after receiving a frame with the
+    # > END_STREAM flag set MUST treat that as a connection error of type
+    # > STREAM_CLOSED.
+    (StreamState.CLOSED, StreamInputs.RECV_HEADERS):
+        (H2StreamStateMachine.recv_on_closed_stream, StreamState.CLOSED),
+    (StreamState.CLOSED, StreamInputs.RECV_DATA):
+        (H2StreamStateMachine.recv_on_closed_stream, StreamState.CLOSED),
+
+    # > WINDOW_UPDATE or RST_STREAM frames can be received in this state
+    # > for a short period after a DATA or HEADERS frame containing a
+    # > END_STREAM flag is sent, as instructed in RFC 7540 Section 5.1. But we
+    # > don't have access to a clock so we just always allow it.
+    (StreamState.CLOSED, StreamInputs.RECV_WINDOW_UPDATE):
+        (None, StreamState.CLOSED),
+    (StreamState.CLOSED, StreamInputs.RECV_RST_STREAM):
+        (None, StreamState.CLOSED),
+
+    # > A receiver MUST treat the receipt of a PUSH_PROMISE on a stream that is
+    # > neither "open" nor "half-closed (local)" as a connection error of type
+    # > PROTOCOL_ERROR.
+    (StreamState.CLOSED, StreamInputs.RECV_PUSH_PROMISE):
+        (H2StreamStateMachine.recv_push_on_closed_stream, StreamState.CLOSED),
+
+    # Also, users should be forbidden from sending on closed streams.
+    (StreamState.CLOSED, StreamInputs.SEND_HEADERS):
+        (H2StreamStateMachine.send_on_closed_stream, StreamState.CLOSED),
+    (StreamState.CLOSED, StreamInputs.SEND_PUSH_PROMISE):
+        (H2StreamStateMachine.send_push_on_closed_stream, StreamState.CLOSED),
+    (StreamState.CLOSED, StreamInputs.SEND_RST_STREAM):
+        (H2StreamStateMachine.send_on_closed_stream, StreamState.CLOSED),
+    (StreamState.CLOSED, StreamInputs.SEND_DATA):
+        (H2StreamStateMachine.send_on_closed_stream, StreamState.CLOSED),
+    (StreamState.CLOSED, StreamInputs.SEND_WINDOW_UPDATE):
+        (H2StreamStateMachine.send_on_closed_stream, StreamState.CLOSED),
+    (StreamState.CLOSED, StreamInputs.SEND_END_STREAM):
+        (H2StreamStateMachine.send_on_closed_stream, StreamState.CLOSED),
+}
+
+
+class H2Stream(object):
+    """
+    A low-level HTTP/2 stream object. This handles building and receiving
+    frames and maintains per-stream state.
+
+    This wraps a HTTP/2 Stream state machine implementation, ensuring that
+    frames can only be sent/received when the stream is in a valid state.
+    Attempts to create frames that cannot be sent will raise a
+    ``ProtocolError``.
+    """
+    def __init__(self,
+                 stream_id,
+                 config,
+                 inbound_window_size,
+                 outbound_window_size):
+        self.state_machine = H2StreamStateMachine(stream_id)
+        self.stream_id = stream_id
+        self.max_outbound_frame_size = None
+        self.request_method = None
+
+        # The current value of the outbound stream flow control window
+        self.outbound_flow_control_window = outbound_window_size
+
+        # The flow control manager.
+        self._inbound_window_manager = WindowManager(inbound_window_size)
+
+        # The expected content length, if any.
+        self._expected_content_length = None
+
+        # The actual received content length. Always tracked.
+        self._actual_content_length = 0
+
+        # The authority we believe this stream belongs to.
+        self._authority = None
+
+        # The configuration for this stream.
+        self.config = config
+
+    def __repr__(self):
+        return "<%s id:%d state:%r>" % (
+            type(self).__name__,
+            self.stream_id,
+            self.state_machine.state
+        )
+
+    @property
+    def inbound_flow_control_window(self):
+        """
+        The size of the inbound flow control window for the stream. This is
+        rarely publicly useful: instead, use :meth:`remote_flow_control_window
+        <h2.stream.H2Stream.remote_flow_control_window>`. This shortcut is
+        largely present to provide a shortcut to this data.
+        """
+        return self._inbound_window_manager.current_window_size
+
+    @property
+    def open(self):
+        """
+        Whether the stream is 'open' in any sense: that is, whether it counts
+        against the number of concurrent streams.
+        """
+        # RFC 7540 Section 5.1.2 defines 'open' for this purpose to mean either
+        # the OPEN state or either of the HALF_CLOSED states. Perplexingly,
+        # this excludes the reserved states.
+        # For more detail on why we're doing this in this slightly weird way,
+        # see the comment on ``STREAM_OPEN`` at the top of the file.
+        return STREAM_OPEN[self.state_machine.state]
+
+    @property
+    def closed(self):
+        """
+        Whether the stream is closed.
+        """
+        return self.state_machine.state == StreamState.CLOSED
+
+    @property
+    def closed_by(self):
+        """
+        Returns how the stream was closed, as one of StreamClosedBy.
+        """
+        return self.state_machine.stream_closed_by
+
+    def upgrade(self, client_side):
+        """
+        Called by the connection to indicate that this stream is the initial
+        request/response of an upgraded connection. Places the stream into an
+        appropriate state.
+        """
+        self.config.logger.debug("Upgrading %r", self)
+
+        assert self.stream_id == 1
+        input_ = (
+            StreamInputs.UPGRADE_CLIENT if client_side
+            else StreamInputs.UPGRADE_SERVER
+        )
+
+        # This may return events, we deliberately don't want them.
+        self.state_machine.process_input(input_)
+        return
+
+    def send_headers(self, headers, encoder, end_stream=False):
+        """
+        Returns a list of HEADERS/CONTINUATION frames to emit as either headers
+        or trailers.
+        """
+        self.config.logger.debug("Send headers %s on %r", headers, self)
+
+        # Because encoding headers makes an irreversible change to the header
+        # compression context, we make the state transition before we encode
+        # them.
+
+        # First, check if we're a client. If we are, no problem: if we aren't,
+        # we need to scan the header block to see if this is an informational
+        # response.
+        input_ = StreamInputs.SEND_HEADERS
+        if ((not self.state_machine.client) and
+                is_informational_response(headers)):
+            if end_stream:
+                raise ProtocolError(
+                    "Cannot set END_STREAM on informational responses."
+                )
+
+            input_ = StreamInputs.SEND_INFORMATIONAL_HEADERS
+
+        events = self.state_machine.process_input(input_)
+
+        hf = HeadersFrame(self.stream_id)
+        hdr_validation_flags = self._build_hdr_validation_flags(events)
+        frames = self._build_headers_frames(
+            headers, encoder, hf, hdr_validation_flags
+        )
+
+        if end_stream:
+            # Not a bug: the END_STREAM flag is valid on the initial HEADERS
+            # frame, not the CONTINUATION frames that follow.
+            self.state_machine.process_input(StreamInputs.SEND_END_STREAM)
+            frames[0].flags.add('END_STREAM')
+
+        if self.state_machine.trailers_sent and not end_stream:
+            raise ProtocolError("Trailers must have END_STREAM set.")
+
+        if self.state_machine.client and self._authority is None:
+            self._authority = authority_from_headers(headers)
+
+        # store request method for _initialize_content_length
+        self.request_method = extract_method_header(headers)
+
+        return frames
+
+    def push_stream_in_band(self, related_stream_id, headers, encoder):
+        """
+        Returns a list of PUSH_PROMISE/CONTINUATION frames to emit as a pushed
+        stream header. Called on the stream that has the PUSH_PROMISE frame
+        sent on it.
+        """
+        self.config.logger.debug("Push stream %r", self)
+
+        # Because encoding headers makes an irreversible change to the header
+        # compression context, we make the state transition *first*.
+
+        events = self.state_machine.process_input(
+            StreamInputs.SEND_PUSH_PROMISE
+        )
+
+        ppf = PushPromiseFrame(self.stream_id)
+        ppf.promised_stream_id = related_stream_id
+        hdr_validation_flags = self._build_hdr_validation_flags(events)
+        frames = self._build_headers_frames(
+            headers, encoder, ppf, hdr_validation_flags
+        )
+
+        return frames
+
+    def locally_pushed(self):
+        """
+        Mark this stream as one that was pushed by this peer. Must be called
+        immediately after initialization. Sends no frames, simply updates the
+        state machine.
+        """
+        # This does not trigger any events.
+        events = self.state_machine.process_input(
+            StreamInputs.SEND_PUSH_PROMISE
+        )
+        assert not events
+        return []
+
+    def send_data(self, data, end_stream=False, pad_length=None):
+        """
+        Prepare some data frames. Optionally end the stream.
+
+        .. warning:: Does not perform flow control checks.
+        """
+        self.config.logger.debug(
+            "Send data on %r with end stream set to %s", self, end_stream
+        )
+
+        self.state_machine.process_input(StreamInputs.SEND_DATA)
+
+        df = DataFrame(self.stream_id)
+        df.data = data
+        if end_stream:
+            self.state_machine.process_input(StreamInputs.SEND_END_STREAM)
+            df.flags.add('END_STREAM')
+        if pad_length is not None:
+            df.flags.add('PADDED')
+            df.pad_length = pad_length
+
+        # Subtract flow_controlled_length to account for possible padding
+        self.outbound_flow_control_window -= df.flow_controlled_length
+        assert self.outbound_flow_control_window >= 0
+
+        return [df]
+
+    def end_stream(self):
+        """
+        End a stream without sending data.
+        """
+        self.config.logger.debug("End stream %r", self)
+
+        self.state_machine.process_input(StreamInputs.SEND_END_STREAM)
+        df = DataFrame(self.stream_id)
+        df.flags.add('END_STREAM')
+        return [df]
+
+    def advertise_alternative_service(self, field_value):
+        """
+        Advertise an RFC 7838 alternative service. The semantics of this are
+        better documented in the ``H2Connection`` class.
+        """
+        self.config.logger.debug(
+            "Advertise alternative service of %r for %r", field_value, self
+        )
+        self.state_machine.process_input(StreamInputs.SEND_ALTERNATIVE_SERVICE)
+        asf = AltSvcFrame(self.stream_id)
+        asf.field = field_value
+        return [asf]
+
+    def increase_flow_control_window(self, increment):
+        """
+        Increase the size of the flow control window for the remote side.
+        """
+        self.config.logger.debug(
+            "Increase flow control window for %r by %d",
+            self, increment
+        )
+        self.state_machine.process_input(StreamInputs.SEND_WINDOW_UPDATE)
+        self._inbound_window_manager.window_opened(increment)
+
+        wuf = WindowUpdateFrame(self.stream_id)
+        wuf.window_increment = increment
+        return [wuf]
+
+    def receive_push_promise_in_band(self,
+                                     promised_stream_id,
+                                     headers,
+                                     header_encoding):
+        """
+        Receives a push promise frame sent on this stream, pushing a remote
+        stream. This is called on the stream that has the PUSH_PROMISE sent
+        on it.
+        """
+        self.config.logger.debug(
+            "Receive Push Promise on %r for remote stream %d",
+            self, promised_stream_id
+        )
+        events = self.state_machine.process_input(
+            StreamInputs.RECV_PUSH_PROMISE
+        )
+        events[0].pushed_stream_id = promised_stream_id
+
+        hdr_validation_flags = self._build_hdr_validation_flags(events)
+        events[0].headers = self._process_received_headers(
+            headers, hdr_validation_flags, header_encoding
+        )
+        return [], events
+
+    def remotely_pushed(self, pushed_headers):
+        """
+        Mark this stream as one that was pushed by the remote peer. Must be
+        called immediately after initialization. Sends no frames, simply
+        updates the state machine.
+        """
+        self.config.logger.debug("%r pushed by remote peer", self)
+        events = self.state_machine.process_input(
+            StreamInputs.RECV_PUSH_PROMISE
+        )
+        self._authority = authority_from_headers(pushed_headers)
+        return [], events
+
+    def receive_headers(self, headers, end_stream, header_encoding):
+        """
+        Receive a set of headers (or trailers).
+        """
+        if is_informational_response(headers):
+            if end_stream:
+                raise ProtocolError(
+                    "Cannot set END_STREAM on informational responses"
+                )
+            input_ = StreamInputs.RECV_INFORMATIONAL_HEADERS
+        else:
+            input_ = StreamInputs.RECV_HEADERS
+
+        events = self.state_machine.process_input(input_)
+
+        if end_stream:
+            es_events = self.state_machine.process_input(
+                StreamInputs.RECV_END_STREAM
+            )
+            events[0].stream_ended = es_events[0]
+            events += es_events
+
+        self._initialize_content_length(headers)
+
+        if isinstance(events[0], TrailersReceived):
+            if not end_stream:
+                raise ProtocolError("Trailers must have END_STREAM set")
+
+        hdr_validation_flags = self._build_hdr_validation_flags(events)
+        events[0].headers = self._process_received_headers(
+            headers, hdr_validation_flags, header_encoding
+        )
+        return [], events
+
+    def receive_data(self, data, end_stream, flow_control_len):
+        """
+        Receive some data.
+        """
+        self.config.logger.debug(
+            "Receive data on %r with end stream %s and flow control length "
+            "set to %d", self, end_stream, flow_control_len
+        )
+        events = self.state_machine.process_input(StreamInputs.RECV_DATA)
+        self._inbound_window_manager.window_consumed(flow_control_len)
+        self._track_content_length(len(data), end_stream)
+
+        if end_stream:
+            es_events = self.state_machine.process_input(
+                StreamInputs.RECV_END_STREAM
+            )
+            events[0].stream_ended = es_events[0]
+            events.extend(es_events)
+
+        events[0].data = data
+        events[0].flow_controlled_length = flow_control_len
+        return [], events
+
+    def receive_window_update(self, increment):
+        """
+        Handle a WINDOW_UPDATE increment.
+        """
+        self.config.logger.debug(
+            "Receive Window Update on %r for increment of %d",
+            self, increment
+        )
+        events = self.state_machine.process_input(
+            StreamInputs.RECV_WINDOW_UPDATE
+        )
+        frames = []
+
+        # If we encounter a problem with incrementing the flow control window,
+        # this should be treated as a *stream* error, not a *connection* error.
+        # That means we need to catch the error and forcibly close the stream.
+        if events:
+            events[0].delta = increment
+            try:
+                self.outbound_flow_control_window = guard_increment_window(
+                    self.outbound_flow_control_window,
+                    increment
+                )
+            except FlowControlError:
+                # Ok, this is bad. We're going to need to perform a local
+                # reset.
+                event = StreamReset()
+                event.stream_id = self.stream_id
+                event.error_code = ErrorCodes.FLOW_CONTROL_ERROR
+                event.remote_reset = False
+
+                events = [event]
+                frames = self.reset_stream(event.error_code)
+
+        return frames, events
+
+    def receive_continuation(self):
+        """
+        A naked CONTINUATION frame has been received. This is always an error,
+        but the type of error it is depends on the state of the stream and must
+        transition the state of the stream, so we need to handle it.
+        """
+        self.config.logger.debug("Receive Continuation frame on %r", self)
+        self.state_machine.process_input(
+            StreamInputs.RECV_CONTINUATION
+        )
+        assert False, "Should not be reachable"
+
+    def receive_alt_svc(self, frame):
+        """
+        An Alternative Service frame was received on the stream. This frame
+        inherits the origin associated with this stream.
+        """
+        self.config.logger.debug(
+            "Receive Alternative Service frame on stream %r", self
+        )
+
+        # If the origin is present, RFC 7838 says we have to ignore it.
+        if frame.origin:
+            return [], []
+
+        events = self.state_machine.process_input(
+            StreamInputs.RECV_ALTERNATIVE_SERVICE
+        )
+
+        # There are lots of situations where we want to ignore the ALTSVC
+        # frame. If we need to pay attention, we'll have an event and should
+        # fill it out.
+        if events:
+            assert isinstance(events[0], AlternativeServiceAvailable)
+            events[0].origin = self._authority
+            events[0].field_value = frame.field
+
+        return [], events
+
+    def reset_stream(self, error_code=0):
+        """
+        Close the stream locally. Reset the stream with an error code.
+        """
+        self.config.logger.debug(
+            "Local reset %r with error code: %d", self, error_code
+        )
+        self.state_machine.process_input(StreamInputs.SEND_RST_STREAM)
+
+        rsf = RstStreamFrame(self.stream_id)
+        rsf.error_code = error_code
+        return [rsf]
+
+    def stream_reset(self, frame):
+        """
+        Handle a stream being reset remotely.
+        """
+        self.config.logger.debug(
+            "Remote reset %r with error code: %d", self, frame.error_code
+        )
+        events = self.state_machine.process_input(StreamInputs.RECV_RST_STREAM)
+
+        if events:
+            # We don't fire an event if this stream is already closed.
+            events[0].error_code = _error_code_from_int(frame.error_code)
+
+        return [], events
+
+    def acknowledge_received_data(self, acknowledged_size):
+        """
+        The user has informed us that they've processed some amount of data
+        that was received on this stream. Pass that to the window manager and
+        potentially return some WindowUpdate frames.
+        """
+        self.config.logger.debug(
+            "Acknowledge received data with size %d on %r",
+            acknowledged_size, self
+        )
+        increment = self._inbound_window_manager.process_bytes(
+            acknowledged_size
+        )
+        if increment:
+            f = WindowUpdateFrame(self.stream_id)
+            f.window_increment = increment
+            return [f]
+
+        return []
+
+    def _build_hdr_validation_flags(self, events):
+        """
+        Constructs a set of header validation flags for use when normalizing
+        and validating header blocks.
+        """
+        is_trailer = isinstance(
+            events[0], (_TrailersSent, TrailersReceived)
+        )
+        is_response_header = isinstance(
+            events[0],
+            (
+                _ResponseSent,
+                ResponseReceived,
+                InformationalResponseReceived
+            )
+        )
+        is_push_promise = isinstance(
+            events[0], (PushedStreamReceived, _PushedRequestSent)
+        )
+
+        return HeaderValidationFlags(
+            is_client=self.state_machine.client,
+            is_trailer=is_trailer,
+            is_response_header=is_response_header,
+            is_push_promise=is_push_promise,
+        )
+
+    def _build_headers_frames(self,
+                              headers,
+                              encoder,
+                              first_frame,
+                              hdr_validation_flags):
+        """
+        Helper method to build headers or push promise frames.
+        """
+        # We need to lowercase the header names, and to ensure that secure
+        # header fields are kept out of compression contexts.
+        if self.config.normalize_outbound_headers:
+            headers = normalize_outbound_headers(
+                headers, hdr_validation_flags
+            )
+        if self.config.validate_outbound_headers:
+            headers = validate_outbound_headers(
+                headers, hdr_validation_flags
+            )
+
+        encoded_headers = encoder.encode(headers)
+
+        # Slice into blocks of max_outbound_frame_size. Be careful with this:
+        # it only works right because we never send padded frames or priority
+        # information on the frames. Revisit this if we do.
+        header_blocks = [
+            encoded_headers[i:i+self.max_outbound_frame_size]
+            for i in range(
+                0, len(encoded_headers), self.max_outbound_frame_size
+            )
+        ]
+
+        frames = []
+        first_frame.data = header_blocks[0]
+        frames.append(first_frame)
+
+        for block in header_blocks[1:]:
+            cf = ContinuationFrame(self.stream_id)
+            cf.data = block
+            frames.append(cf)
+
+        frames[-1].flags.add('END_HEADERS')
+        return frames
+
+    def _process_received_headers(self,
+                                  headers,
+                                  header_validation_flags,
+                                  header_encoding):
+        """
+        When headers have been received from the remote peer, run a processing
+        pipeline on them to transform them into the appropriate form for
+        attaching to an event.
+        """
+        if self.config.normalize_inbound_headers:
+            headers = normalize_inbound_headers(
+                headers, header_validation_flags
+            )
+
+        if self.config.validate_inbound_headers:
+            headers = validate_headers(headers, header_validation_flags)
+
+        if header_encoding:
+            headers = _decode_headers(headers, header_encoding)
+
+        # The above steps are all generators, so we need to concretize the
+        # headers now.
+        return list(headers)
+
+    def _initialize_content_length(self, headers):
+        """
+        Checks the headers for a content-length header and initializes the
+        _expected_content_length field from it. It's not an error for no
+        Content-Length header to be present.
+        """
+        if self.request_method == b'HEAD':
+            self._expected_content_length = 0
+            return
+
+        for n, v in headers:
+            if n == b'content-length':
+                try:
+                    self._expected_content_length = int(v, 10)
+                except ValueError:
+                    raise ProtocolError(
+                        "Invalid content-length header: %s" % v
+                    )
+
+                return
+
+    def _track_content_length(self, length, end_stream):
+        """
+        Update the expected content length in response to data being received.
+        Validates that the appropriate amount of data is sent. Always updates
+        the received data, but only validates the length against the
+        content-length header if one was sent.
+
+        :param length: The length of the body chunk received.
+        :param end_stream: If this is the last body chunk received.
+        """
+        self._actual_content_length += length
+        actual = self._actual_content_length
+        expected = self._expected_content_length
+
+        if expected is not None:
+            if expected < actual:
+                raise InvalidBodyLengthError(expected, actual)
+
+            if end_stream and expected != actual:
+                raise InvalidBodyLengthError(expected, actual)
+
+    def _inbound_flow_control_change_from_settings(self, delta):
+        """
+        We changed SETTINGS_INITIAL_WINDOW_SIZE, which means we need to
+        update the target window size for flow control. For our flow control
+        strategy, this means we need to do two things: we need to adjust the
+        current window size, but we also need to set the target maximum window
+        size to the new value.
+        """
+        new_max_size = self._inbound_window_manager.max_window_size + delta
+        self._inbound_window_manager.window_opened(delta)
+        self._inbound_window_manager.max_window_size = new_max_size
+
+
+def _decode_headers(headers, encoding):
+    """
+    Given an iterable of header two-tuples and an encoding, decodes those
+    headers using that encoding while preserving the type of the header tuple.
+    This ensures that the use of ``HeaderTuple`` is preserved.
+    """
+    for header in headers:
+        # This function expects to work on decoded headers, which are always
+        # HeaderTuple objects.
+        assert isinstance(header, HeaderTuple)
+
+        name, value = header
+        name = name.decode(encoding)
+        value = value.decode(encoding)
+        yield header.__class__(name, value)
diff --git a/testing/web-platform/tests/tools/third_party/h2/h2/utilities.py b/testing/web-platform/tests/tools/third_party/h2/h2/utilities.py
new file mode 100644
index 0000000000..06c916eea7
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/h2/utilities.py
@@ -0,0 +1,660 @@
+# -*- coding: utf-8 -*-
+"""
+h2/utilities
+~~~~~~~~~~~~
+
+Utility functions that do not belong in a separate module.
+"""
+import collections
+import re
+from string import whitespace
+import sys
+
+from hpack import HeaderTuple, NeverIndexedHeaderTuple
+
+from .exceptions import ProtocolError, FlowControlError
+
+UPPER_RE = re.compile(b"[A-Z]")
+
+# A set of headers that are hop-by-hop or connection-specific and thus
+# forbidden in HTTP/2. This list comes from RFC 7540 § 8.1.2.2.
+CONNECTION_HEADERS = frozenset([
+    b'connection', u'connection',
+    b'proxy-connection', u'proxy-connection',
+    b'keep-alive', u'keep-alive',
+    b'transfer-encoding', u'transfer-encoding',
+    b'upgrade', u'upgrade',
+])
+
+
+_ALLOWED_PSEUDO_HEADER_FIELDS = frozenset([
+    b':method', u':method',
+    b':scheme', u':scheme',
+    b':authority', u':authority',
+    b':path', u':path',
+    b':status', u':status',
+    b':protocol', u':protocol',
+])
+
+
+_SECURE_HEADERS = frozenset([
+    # May have basic credentials which are vulnerable to dictionary attacks.
+    b'authorization', u'authorization',
+    b'proxy-authorization', u'proxy-authorization',
+])
+
+
+_REQUEST_ONLY_HEADERS = frozenset([
+    b':scheme', u':scheme',
+    b':path', u':path',
+    b':authority', u':authority',
+    b':method', u':method',
+    b':protocol', u':protocol',
+])
+
+
+_RESPONSE_ONLY_HEADERS = frozenset([b':status', u':status'])
+
+
+# A Set of pseudo headers that are only valid if the method is
+# CONNECT, see RFC 8441 § 5
+_CONNECT_REQUEST_ONLY_HEADERS = frozenset([b':protocol', u':protocol'])
+
+
+if sys.version_info[0] == 2:  # Python 2.X
+    _WHITESPACE = frozenset(whitespace)
+else:  # Python 3.3+
+    _WHITESPACE = frozenset(map(ord, whitespace))
+
+
+def _secure_headers(headers, hdr_validation_flags):
+    """
+    Certain headers are at risk of being attacked during the header compression
+    phase, and so need to be kept out of header compression contexts. This
+    function automatically transforms certain specific headers into HPACK
+    never-indexed fields to ensure they don't get added to header compression
+    contexts.
+
+    This function currently implements two rules:
+
+    - 'authorization' and 'proxy-authorization' fields are automatically made
+      never-indexed.
+    - Any 'cookie' header field shorter than 20 bytes long is made
+      never-indexed.
+
+    These fields are the most at-risk. These rules are inspired by Firefox
+    and nghttp2.
+    """
+    for header in headers:
+        if header[0] in _SECURE_HEADERS:
+            yield NeverIndexedHeaderTuple(*header)
+        elif header[0] in (b'cookie', u'cookie') and len(header[1]) < 20:
+            yield NeverIndexedHeaderTuple(*header)
+        else:
+            yield header
+
+
+def extract_method_header(headers):
+    """
+    Extracts the request method from the headers list.
+    """
+    for k, v in headers:
+        if k in (b':method', u':method'):
+            if not isinstance(v, bytes):
+                return v.encode('utf-8')
+            else:
+                return v
+
+
+def is_informational_response(headers):
+    """
+    Searches a header block for a :status header to confirm that a given
+    collection of headers are an informational response. Assumes the header
+    block is well formed: that is, that the HTTP/2 special headers are first
+    in the block, and so that it can stop looking when it finds the first
+    header field whose name does not begin with a colon.
+
+    :param headers: The HTTP/2 header block.
+    :returns: A boolean indicating if this is an informational response.
+    """
+    for n, v in headers:
+        if isinstance(n, bytes):
+            sigil = b':'
+            status = b':status'
+            informational_start = b'1'
+        else:
+            sigil = u':'
+            status = u':status'
+            informational_start = u'1'
+
+        # If we find a non-special header, we're done here: stop looping.
+        if not n.startswith(sigil):
+            return False
+
+        # This isn't the status header, bail.
+        if n != status:
+            continue
+
+        # If the first digit is a 1, we've got informational headers.
+        return v.startswith(informational_start)
+
+
+def guard_increment_window(current, increment):
+    """
+    Increments a flow control window, guarding against that window becoming too
+    large.
+
+    :param current: The current value of the flow control window.
+    :param increment: The increment to apply to that window.
+    :returns: The new value of the window.
+    :raises: ``FlowControlError``
+    """
+    # The largest value the flow control window may take.
+    LARGEST_FLOW_CONTROL_WINDOW = 2**31 - 1
+
+    new_size = current + increment
+
+    if new_size > LARGEST_FLOW_CONTROL_WINDOW:
+        raise FlowControlError(
+            "May not increment flow control window past %d" %
+            LARGEST_FLOW_CONTROL_WINDOW
+        )
+
+    return new_size
+
+
+def authority_from_headers(headers):
+    """
+    Given a header set, searches for the authority header and returns the
+    value.
+
+    Note that this doesn't terminate early, so should only be called if the
+    headers are for a client request. Otherwise, will loop over the entire
+    header set, which is potentially unwise.
+
+    :param headers: The HTTP header set.
+    :returns: The value of the authority header, or ``None``.
+    :rtype: ``bytes`` or ``None``.
+    """
+    for n, v in headers:
+        # This gets run against headers that come both from HPACK and from the
+        # user, so we may have unicode floating around in here. We only want
+        # bytes.
+        if n in (b':authority', u':authority'):
+            return v.encode('utf-8') if not isinstance(v, bytes) else v
+
+    return None
+
+
+# Flags used by the validate_headers pipeline to determine which checks
+# should be applied to a given set of headers.
+HeaderValidationFlags = collections.namedtuple(
+    'HeaderValidationFlags',
+    ['is_client', 'is_trailer', 'is_response_header', 'is_push_promise']
+)
+
+
+def validate_headers(headers, hdr_validation_flags):
+    """
+    Validates a header sequence against a set of constraints from RFC 7540.
+
+    :param headers: The HTTP header set.
+    :param hdr_validation_flags: An instance of HeaderValidationFlags.
+    """
+    # This validation logic is built on a sequence of generators that are
+    # iterated over to provide the final header list. This reduces some of the
+    # overhead of doing this checking. However, it's worth noting that this
+    # checking remains somewhat expensive, and attempts should be made wherever
+    # possible to reduce the time spent doing them.
+    #
+    # For example, we avoid tuple upacking in loops because it represents a
+    # fixed cost that we don't want to spend, instead indexing into the header
+    # tuples.
+    headers = _reject_uppercase_header_fields(
+        headers, hdr_validation_flags
+    )
+    headers = _reject_surrounding_whitespace(
+        headers, hdr_validation_flags
+    )
+    headers = _reject_te(
+        headers, hdr_validation_flags
+    )
+    headers = _reject_connection_header(
+        headers, hdr_validation_flags
+    )
+    headers = _reject_pseudo_header_fields(
+        headers, hdr_validation_flags
+    )
+    headers = _check_host_authority_header(
+        headers, hdr_validation_flags
+    )
+    headers = _check_path_header(headers, hdr_validation_flags)
+
+    return headers
+
+
+def _reject_uppercase_header_fields(headers, hdr_validation_flags):
+    """
+    Raises a ProtocolError if any uppercase character is found in a header
+    block.
+    """
+    for header in headers:
+        if UPPER_RE.search(header[0]):
+            raise ProtocolError(
+                "Received uppercase header name %s." % header[0])
+        yield header
+
+
+def _reject_surrounding_whitespace(headers, hdr_validation_flags):
+    """
+    Raises a ProtocolError if any header name or value is surrounded by
+    whitespace characters.
+    """
+    # For compatibility with RFC 7230 header fields, we need to allow the field
+    # value to be an empty string. This is ludicrous, but technically allowed.
+    # The field name may not be empty, though, so we can safely assume that it
+    # must have at least one character in it and throw exceptions if it
+    # doesn't.
+    for header in headers:
+        if header[0][0] in _WHITESPACE or header[0][-1] in _WHITESPACE:
+            raise ProtocolError(
+                "Received header name surrounded by whitespace %r" % header[0])
+        if header[1] and ((header[1][0] in _WHITESPACE) or
+           (header[1][-1] in _WHITESPACE)):
+            raise ProtocolError(
+                "Received header value surrounded by whitespace %r" % header[1]
+            )
+        yield header
+
+
+def _reject_te(headers, hdr_validation_flags):
+    """
+    Raises a ProtocolError if the TE header is present in a header block and
+    its value is anything other than "trailers".
+    """
+    for header in headers:
+        if header[0] in (b'te', u'te'):
+            if header[1].lower() not in (b'trailers', u'trailers'):
+                raise ProtocolError(
+                    "Invalid value for Transfer-Encoding header: %s" %
+                    header[1]
+                )
+
+        yield header
+
+
+def _reject_connection_header(headers, hdr_validation_flags):
+    """
+    Raises a ProtocolError if the Connection header is present in a header
+    block.
+    """
+    for header in headers:
+        if header[0] in CONNECTION_HEADERS:
+            raise ProtocolError(
+                "Connection-specific header field present: %s." % header[0]
+            )
+
+        yield header
+
+
+def _custom_startswith(test_string, bytes_prefix, unicode_prefix):
+    """
+    Given a string that might be a bytestring or a Unicode string,
+    return True if it starts with the appropriate prefix.
+    """
+    if isinstance(test_string, bytes):
+        return test_string.startswith(bytes_prefix)
+    else:
+        return test_string.startswith(unicode_prefix)
+
+
+def _assert_header_in_set(string_header, bytes_header, header_set):
+    """
+    Given a set of header names, checks whether the string or byte version of
+    the header name is present. Raises a Protocol error with the appropriate
+    error if it's missing.
+    """
+    if not (string_header in header_set or bytes_header in header_set):
+        raise ProtocolError(
+            "Header block missing mandatory %s header" % string_header
+        )
+
+
+def _reject_pseudo_header_fields(headers, hdr_validation_flags):
+    """
+    Raises a ProtocolError if duplicate pseudo-header fields are found in a
+    header block or if a pseudo-header field appears in a block after an
+    ordinary header field.
+
+    Raises a ProtocolError if pseudo-header fields are found in trailers.
+    """
+    seen_pseudo_header_fields = set()
+    seen_regular_header = False
+    method = None
+
+    for header in headers:
+        if _custom_startswith(header[0], b':', u':'):
+            if header[0] in seen_pseudo_header_fields:
+                raise ProtocolError(
+                    "Received duplicate pseudo-header field %s" % header[0]
+                )
+
+            seen_pseudo_header_fields.add(header[0])
+
+            if seen_regular_header:
+                raise ProtocolError(
+                    "Received pseudo-header field out of sequence: %s" %
+                    header[0]
+                )
+
+            if header[0] not in _ALLOWED_PSEUDO_HEADER_FIELDS:
+                raise ProtocolError(
+                    "Received custom pseudo-header field %s" % header[0]
+                )
+
+            if header[0] in (b':method', u':method'):
+                if not isinstance(header[1], bytes):
+                    method = header[1].encode('utf-8')
+                else:
+                    method = header[1]
+
+        else:
+            seen_regular_header = True
+
+        yield header
+
+    # Check the pseudo-headers we got to confirm they're acceptable.
+    _check_pseudo_header_field_acceptability(
+        seen_pseudo_header_fields, method, hdr_validation_flags
+    )
+
+
+def _check_pseudo_header_field_acceptability(pseudo_headers,
+                                             method,
+                                             hdr_validation_flags):
+    """
+    Given the set of pseudo-headers present in a header block and the
+    validation flags, confirms that RFC 7540 allows them.
+    """
+    # Pseudo-header fields MUST NOT appear in trailers - RFC 7540 § 8.1.2.1
+    if hdr_validation_flags.is_trailer and pseudo_headers:
+        raise ProtocolError(
+            "Received pseudo-header in trailer %s" % pseudo_headers
+        )
+
+    # If ':status' pseudo-header is not there in a response header, reject it.
+    # Similarly, if ':path', ':method', or ':scheme' are not there in a request
+    # header, reject it. Additionally, if a response contains any request-only
+    # headers or vice-versa, reject it.
+    # Relevant RFC section: RFC 7540 § 8.1.2.4
+    # https://tools.ietf.org/html/rfc7540#section-8.1.2.4
+    if hdr_validation_flags.is_response_header:
+        _assert_header_in_set(u':status', b':status', pseudo_headers)
+        invalid_response_headers = pseudo_headers & _REQUEST_ONLY_HEADERS
+        if invalid_response_headers:
+            raise ProtocolError(
+                "Encountered request-only headers %s" %
+                invalid_response_headers
+            )
+    elif (not hdr_validation_flags.is_response_header and
+          not hdr_validation_flags.is_trailer):
+        # This is a request, so we need to have seen :path, :method, and
+        # :scheme.
+        _assert_header_in_set(u':path', b':path', pseudo_headers)
+        _assert_header_in_set(u':method', b':method', pseudo_headers)
+        _assert_header_in_set(u':scheme', b':scheme', pseudo_headers)
+        invalid_request_headers = pseudo_headers & _RESPONSE_ONLY_HEADERS
+        if invalid_request_headers:
+            raise ProtocolError(
+                "Encountered response-only headers %s" %
+                invalid_request_headers
+            )
+        if method != b'CONNECT':
+            invalid_headers = pseudo_headers & _CONNECT_REQUEST_ONLY_HEADERS
+            if invalid_headers:
+                raise ProtocolError(
+                    "Encountered connect-request-only headers %s" %
+                    invalid_headers
+                )
+
+
+def _validate_host_authority_header(headers):
+    """
+    Given the :authority and Host headers from a request block that isn't
+    a trailer, check that:
+     1. At least one of these headers is set.
+     2. If both headers are set, they match.
+
+    :param headers: The HTTP header set.
+    :raises: ``ProtocolError``
+    """
+    # We use None as a sentinel value.  Iterate over the list of headers,
+    # and record the value of these headers (if present).  We don't need
+    # to worry about receiving duplicate :authority headers, as this is
+    # enforced by the _reject_pseudo_header_fields() pipeline.
+    #
+    # TODO: We should also guard against receiving duplicate Host headers,
+    # and against sending duplicate headers.
+    authority_header_val = None
+    host_header_val = None
+
+    for header in headers:
+        if header[0] in (b':authority', u':authority'):
+            authority_header_val = header[1]
+        elif header[0] in (b'host', u'host'):
+            host_header_val = header[1]
+
+        yield header
+
+    # If we have not-None values for these variables, then we know we saw
+    # the corresponding header.
+    authority_present = (authority_header_val is not None)
+    host_present = (host_header_val is not None)
+
+    # It is an error for a request header block to contain neither
+    # an :authority header nor a Host header.
+    if not authority_present and not host_present:
+        raise ProtocolError(
+            "Request header block does not have an :authority or Host header."
+        )
+
+    # If we receive both headers, they should definitely match.
+    if authority_present and host_present:
+        if authority_header_val != host_header_val:
+            raise ProtocolError(
+                "Request header block has mismatched :authority and "
+                "Host headers: %r / %r"
+                % (authority_header_val, host_header_val)
+            )
+
+
+def _check_host_authority_header(headers, hdr_validation_flags):
+    """
+    Raises a ProtocolError if a header block arrives that does not contain an
+    :authority or a Host header, or if a header block contains both fields,
+    but their values do not match.
+    """
+    # We only expect to see :authority and Host headers on request header
+    # blocks that aren't trailers, so skip this validation if this is a
+    # response header or we're looking at trailer blocks.
+    skip_validation = (
+        hdr_validation_flags.is_response_header or
+        hdr_validation_flags.is_trailer
+    )
+    if skip_validation:
+        return headers
+
+    return _validate_host_authority_header(headers)
+
+
+def _check_path_header(headers, hdr_validation_flags):
+    """
+    Raise a ProtocolError if a header block arrives or is sent that contains an
+    empty :path header.
+    """
+    def inner():
+        for header in headers:
+            if header[0] in (b':path', u':path'):
+                if not header[1]:
+                    raise ProtocolError("An empty :path header is forbidden")
+
+            yield header
+
+    # We only expect to see :authority and Host headers on request header
+    # blocks that aren't trailers, so skip this validation if this is a
+    # response header or we're looking at trailer blocks.
+    skip_validation = (
+        hdr_validation_flags.is_response_header or
+        hdr_validation_flags.is_trailer
+    )
+    if skip_validation:
+        return headers
+    else:
+        return inner()
+
+
+def _lowercase_header_names(headers, hdr_validation_flags):
+    """
+    Given an iterable of header two-tuples, rebuilds that iterable with the
+    header names lowercased. This generator produces tuples that preserve the
+    original type of the header tuple for tuple and any ``HeaderTuple``.
+    """
+    for header in headers:
+        if isinstance(header, HeaderTuple):
+            yield header.__class__(header[0].lower(), header[1])
+        else:
+            yield (header[0].lower(), header[1])
+
+
+def _strip_surrounding_whitespace(headers, hdr_validation_flags):
+    """
+    Given an iterable of header two-tuples, strip both leading and trailing
+    whitespace from both header names and header values. This generator
+    produces tuples that preserve the original type of the header tuple for
+    tuple and any ``HeaderTuple``.
+    """
+    for header in headers:
+        if isinstance(header, HeaderTuple):
+            yield header.__class__(header[0].strip(), header[1].strip())
+        else:
+            yield (header[0].strip(), header[1].strip())
+
+
+def _strip_connection_headers(headers, hdr_validation_flags):
+    """
+    Strip any connection headers as per RFC7540 § 8.1.2.2.
+    """
+    for header in headers:
+        if header[0] not in CONNECTION_HEADERS:
+            yield header
+
+
+def _check_sent_host_authority_header(headers, hdr_validation_flags):
+    """
+    Raises an InvalidHeaderBlockError if we try to send a header block
+    that does not contain an :authority or a Host header, or if
+    the header block contains both fields, but their values do not match.
+    """
+    # We only expect to see :authority and Host headers on request header
+    # blocks that aren't trailers, so skip this validation if this is a
+    # response header or we're looking at trailer blocks.
+    skip_validation = (
+        hdr_validation_flags.is_response_header or
+        hdr_validation_flags.is_trailer
+    )
+    if skip_validation:
+        return headers
+
+    return _validate_host_authority_header(headers)
+
+
+def _combine_cookie_fields(headers, hdr_validation_flags):
+    """
+    RFC 7540 § 8.1.2.5 allows HTTP/2 clients to split the Cookie header field,
+    which must normally appear only once, into multiple fields for better
+    compression. However, they MUST be joined back up again when received.
+    This normalization step applies that transform. The side-effect is that
+    all cookie fields now appear *last* in the header block.
+    """
+    # There is a problem here about header indexing. Specifically, it's
+    # possible that all these cookies are sent with different header indexing
+    # values. At this point it shouldn't matter too much, so we apply our own
+    # logic and make them never-indexed.
+    cookies = []
+    for header in headers:
+        if header[0] == b'cookie':
+            cookies.append(header[1])
+        else:
+            yield header
+    if cookies:
+        cookie_val = b'; '.join(cookies)
+        yield NeverIndexedHeaderTuple(b'cookie', cookie_val)
+
+
+def normalize_outbound_headers(headers, hdr_validation_flags):
+    """
+    Normalizes a header sequence that we are about to send.
+
+    :param headers: The HTTP header set.
+    :param hdr_validation_flags: An instance of HeaderValidationFlags.
+    """
+    headers = _lowercase_header_names(headers, hdr_validation_flags)
+    headers = _strip_surrounding_whitespace(headers, hdr_validation_flags)
+    headers = _strip_connection_headers(headers, hdr_validation_flags)
+    headers = _secure_headers(headers, hdr_validation_flags)
+
+    return headers
+
+
+def normalize_inbound_headers(headers, hdr_validation_flags):
+    """
+    Normalizes a header sequence that we have received.
+
+    :param headers: The HTTP header set.
+    :param hdr_validation_flags: An instance of HeaderValidationFlags
+    """
+    headers = _combine_cookie_fields(headers, hdr_validation_flags)
+    return headers
+
+
+def validate_outbound_headers(headers, hdr_validation_flags):
+    """
+    Validates and normalizes a header sequence that we are about to send.
+
+    :param headers: The HTTP header set.
+    :param hdr_validation_flags: An instance of HeaderValidationFlags.
+    """
+    headers = _reject_te(
+        headers, hdr_validation_flags
+    )
+    headers = _reject_connection_header(
+        headers, hdr_validation_flags
+    )
+    headers = _reject_pseudo_header_fields(
+        headers, hdr_validation_flags
+    )
+    headers = _check_sent_host_authority_header(
+        headers, hdr_validation_flags
+    )
+    headers = _check_path_header(headers, hdr_validation_flags)
+
+    return headers
+
+
+class SizeLimitDict(collections.OrderedDict):
+
+    def __init__(self, *args, **kwargs):
+        self._size_limit = kwargs.pop("size_limit", None)
+        super(SizeLimitDict, self).__init__(*args, **kwargs)
+
+        self._check_size_limit()
+
+    def __setitem__(self, key, value):
+        super(SizeLimitDict, self).__setitem__(key, value)
+
+        self._check_size_limit()
+
+    def _check_size_limit(self):
+        if self._size_limit is not None:
+            while len(self) > self._size_limit:
+                self.popitem(last=False)
diff --git a/testing/web-platform/tests/tools/third_party/h2/h2/windows.py b/testing/web-platform/tests/tools/third_party/h2/h2/windows.py
new file mode 100644
index 0000000000..6656975f48
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/h2/windows.py
@@ -0,0 +1,139 @@
+# -*- coding: utf-8 -*-
+"""
+h2/windows
+~~~~~~~~~~
+
+Defines tools for managing HTTP/2 flow control windows.
+
+The objects defined in this module are used to automatically manage HTTP/2
+flow control windows. Specifically, they keep track of what the size of the
+window is, how much data has been consumed from that window, and how much data
+the user has already used. It then implements a basic algorithm that attempts
+to manage the flow control window without user input, trying to ensure that it
+does not emit too many WINDOW_UPDATE frames.
+"""
+from __future__ import division
+
+from .exceptions import FlowControlError
+
+
+# The largest acceptable value for a HTTP/2 flow control window.
+LARGEST_FLOW_CONTROL_WINDOW = 2**31 - 1
+
+
+class WindowManager(object):
+    """
+    A basic HTTP/2 window manager.
+
+    :param max_window_size: The maximum size of the flow control window.
+    :type max_window_size: ``int``
+    """
+    def __init__(self, max_window_size):
+        assert max_window_size <= LARGEST_FLOW_CONTROL_WINDOW
+        self.max_window_size = max_window_size
+        self.current_window_size = max_window_size
+        self._bytes_processed = 0
+
+    def window_consumed(self, size):
+        """
+        We have received a certain number of bytes from the remote peer. This
+        necessarily shrinks the flow control window!
+
+        :param size: The number of flow controlled bytes we received from the
+            remote peer.
+        :type size: ``int``
+        :returns: Nothing.
+        :rtype: ``None``
+        """
+        self.current_window_size -= size
+        if self.current_window_size < 0:
+            raise FlowControlError("Flow control window shrunk below 0")
+
+    def window_opened(self, size):
+        """
+        The flow control window has been incremented, either because of manual
+        flow control management or because of the user changing the flow
+        control settings. This can have the effect of increasing what we
+        consider to be the "maximum" flow control window size.
+
+        This does not increase our view of how many bytes have been processed,
+        only of how much space is in the window.
+
+        :param size: The increment to the flow control window we received.
+        :type size: ``int``
+        :returns: Nothing
+        :rtype: ``None``
+        """
+        self.current_window_size += size
+
+        if self.current_window_size > LARGEST_FLOW_CONTROL_WINDOW:
+            raise FlowControlError(
+                "Flow control window mustn't exceed %d" %
+                LARGEST_FLOW_CONTROL_WINDOW
+            )
+
+        if self.current_window_size > self.max_window_size:
+            self.max_window_size = self.current_window_size
+
+    def process_bytes(self, size):
+        """
+        The application has informed us that it has processed a certain number
+        of bytes. This may cause us to want to emit a window update frame. If
+        we do want to emit a window update frame, this method will return the
+        number of bytes that we should increment the window by.
+
+        :param size: The number of flow controlled bytes that the application
+            has processed.
+        :type size: ``int``
+        :returns: The number of bytes to increment the flow control window by,
+            or ``None``.
+        :rtype: ``int`` or ``None``
+        """
+        self._bytes_processed += size
+        return self._maybe_update_window()
+
+    def _maybe_update_window(self):
+        """
+        Run the algorithm.
+
+        Our current algorithm can be described like this.
+
+        1. If no bytes have been processed, we immediately return 0. There is
+           no meaningful way for us to hand space in the window back to the
+           remote peer, so let's not even try.
+        2. If there is no space in the flow control window, and we have
+           processed at least 1024 bytes (or 1/4 of the window, if the window
+           is smaller), we will emit a window update frame. This is to avoid
+           the risk of blocking a stream altogether.
+        3. If there is space in the flow control window, and we have processed
+           at least 1/2 of the window worth of bytes, we will emit a window
+           update frame. This is to minimise the number of window update frames
+           we have to emit.
+
+        In a healthy system with large flow control windows, this will
+        irregularly emit WINDOW_UPDATE frames. This prevents us starving the
+        connection by emitting eleventy bajillion WINDOW_UPDATE frames,
+        especially in situations where the remote peer is sending a lot of very
+        small DATA frames.
+        """
+        # TODO: Can the window be smaller than 1024 bytes? If not, we can
+        # streamline this algorithm.
+        if not self._bytes_processed:
+            return None
+
+        max_increment = (self.max_window_size - self.current_window_size)
+        increment = 0
+
+        # Note that, even though we may increment less than _bytes_processed,
+        # we still want to set it to zero whenever we emit an increment. This
+        # is because we'll always increment up to the maximum we can.
+        if (self.current_window_size == 0) and (
+                self._bytes_processed > min(1024, self.max_window_size // 4)):
+            increment = min(self._bytes_processed, max_increment)
+            self._bytes_processed = 0
+        elif self._bytes_processed >= (self.max_window_size // 2):
+            increment = min(self._bytes_processed, max_increment)
+            self._bytes_processed = 0
+
+        self.current_window_size += increment
+        return increment
diff --git a/testing/web-platform/tests/tools/third_party/h2/setup.cfg b/testing/web-platform/tests/tools/third_party/h2/setup.cfg
new file mode 100644
index 0000000000..3670507ff1
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/setup.cfg
@@ -0,0 +1,10 @@
+[tool:pytest]
+testpaths = test
+
+[wheel]
+universal = 1
+
+[egg_info]
+tag_build = 
+tag_date = 0
+
diff --git a/testing/web-platform/tests/tools/third_party/h2/setup.py b/testing/web-platform/tests/tools/third_party/h2/setup.py
new file mode 100644
index 0000000000..1ce95d5796
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/setup.py
@@ -0,0 +1,76 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+import codecs
+import os
+import re
+import sys
+
+try:
+    from setuptools import setup
+except ImportError:
+    from distutils.core import setup
+
+# Get the version
+version_regex = r'__version__ = ["\']([^"\']*)["\']'
+with open('h2/__init__.py', 'r') as f:
+    text = f.read()
+    match = re.search(version_regex, text)
+
+    if match:
+        version = match.group(1)
+    else:
+        raise RuntimeError("No version number found!")
+
+# Stealing this from Kenneth Reitz
+if sys.argv[-1] == 'publish':
+    os.system('python setup.py sdist upload')
+    sys.exit()
+
+packages = [
+    'h2',
+]
+
+readme = codecs.open('README.rst', encoding='utf-8').read()
+history = codecs.open('HISTORY.rst', encoding='utf-8').read()
+
+setup(
+    name='h2',
+    version=version,
+    description='HTTP/2 State-Machine based protocol implementation',
+    long_description=u'\n\n'.join([readme, history]),
+    author='Cory Benfield',
+    author_email='cory@lukasa.co.uk',
+    url='https://github.com/python-hyper/hyper-h2',
+    project_urls={
+        'Documentation': 'https://python-hyper.org/projects/h2',
+        'Source': 'https://github.com/python-hyper/hyper-h2',
+    },
+    packages=packages,
+    package_data={'': ['LICENSE', 'README.rst', 'CONTRIBUTORS.rst', 'HISTORY.rst', 'NOTICES']},
+    package_dir={'h2': 'h2'},
+    include_package_data=True,
+    license='MIT License',
+    classifiers=[
+        'Development Status :: 5 - Production/Stable',
+        'Intended Audience :: Developers',
+        'License :: OSI Approved :: MIT License',
+        'Programming Language :: Python',
+        'Programming Language :: Python :: 2',
+        'Programming Language :: Python :: 2.7',
+        'Programming Language :: Python :: 3',
+        'Programming Language :: Python :: 3.4',
+        'Programming Language :: Python :: 3.5',
+        'Programming Language :: Python :: 3.6',
+        'Programming Language :: Python :: 3.7',
+        'Programming Language :: Python :: 3.8',
+        'Programming Language :: Python :: Implementation :: CPython',
+        'Programming Language :: Python :: Implementation :: PyPy',
+    ],
+    install_requires=[
+        'hyperframe>=5.2.0, <6',
+        'hpack>=3.0,<4',
+    ],
+    extras_require={
+        ':python_version == "2.7"': ['enum34>=1.1.6, <2'],
+    }
+)
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/conftest.py b/testing/web-platform/tests/tools/third_party/h2/test/conftest.py
new file mode 100644
index 0000000000..c646ad361c
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/conftest.py
@@ -0,0 +1,16 @@
+# -*- coding: utf-8 -*-
+from hypothesis import settings, HealthCheck
+
+import pytest
+import helpers
+
+# Set up a CI profile that allows slow example generation.
+settings.register_profile(
+    "travis",
+    settings(suppress_health_check=[HealthCheck.too_slow])
+)
+
+
+@pytest.fixture
+def frame_factory():
+    return helpers.FrameFactory()
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/coroutine_tests.py b/testing/web-platform/tests/tools/third_party/h2/test/coroutine_tests.py
new file mode 100644
index 0000000000..0f48c02d99
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/coroutine_tests.py
@@ -0,0 +1,74 @@
+# -*- coding: utf-8 -*-
+"""
+coroutine_tests
+~~~~~~~~~~~~~~~
+
+This file gives access to a coroutine-based test class. This allows each test
+case to be defined as a pair of interacting coroutines, sending data to each
+other by yielding the flow of control.
+
+The advantage of this method is that we avoid the difficulty of using threads
+in Python, as well as the pain of using sockets and events to communicate and
+organise the communication. This makes the tests entirely deterministic and
+makes them behave identically on all platforms, as well as ensuring they both
+succeed and fail quickly.
+"""
+import itertools
+import functools
+
+import pytest
+
+
+class CoroutineTestCase(object):
+    """
+    A base class for tests that use interacting coroutines.
+
+    The run_until_complete method takes a number of coroutines as arguments.
+    Each one is, in order, passed the output of the previous coroutine until
+    one is exhausted. If a coroutine does not initially yield data (that is,
+    its first action is to receive data), the calling code should prime it by
+    using the 'server' decorator on this class.
+    """
+    def run_until_complete(self, *coroutines):
+        """
+        Executes a set of coroutines that communicate between each other. Each
+        one is, in order, passed the output of the previous coroutine until
+        one is exhausted. If a coroutine does not initially yield data (that
+        is, its first action is to receive data), the calling code should prime
+        it by using the 'server' decorator on this class.
+
+        Once a coroutine is exhausted, the method performs a final check to
+        ensure that all other coroutines are exhausted. This ensures that all
+        assertions in those coroutines got executed.
+        """
+        looping_coroutines = itertools.cycle(coroutines)
+        data = None
+
+        for coro in looping_coroutines:
+            try:
+                data = coro.send(data)
+            except StopIteration:
+                break
+
+        for coro in coroutines:
+            try:
+                next(coro)
+            except StopIteration:
+                continue
+            else:
+                pytest.fail("Coroutine %s not exhausted" % coro)
+
+    def server(self, func):
+        """
+        A decorator that marks a test coroutine as a 'server' coroutine: that
+        is, one whose first action is to consume data, rather than one that
+        initially emits data. The effect of this decorator is simply to prime
+        the coroutine.
+        """
+        @functools.wraps(func)
+        def wrapper(*args, **kwargs):
+            c = func(*args, **kwargs)
+            next(c)
+            return c
+
+        return wrapper
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/helpers.py b/testing/web-platform/tests/tools/third_party/h2/test/helpers.py
new file mode 100644
index 0000000000..2a4e909321
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/helpers.py
@@ -0,0 +1,176 @@
+# -*- coding: utf-8 -*-
+"""
+helpers
+~~~~~~~
+
+This module contains helpers for the h2 tests.
+"""
+from hyperframe.frame import (
+    HeadersFrame, DataFrame, SettingsFrame, WindowUpdateFrame, PingFrame,
+    GoAwayFrame, RstStreamFrame, PushPromiseFrame, PriorityFrame,
+    ContinuationFrame, AltSvcFrame
+)
+from hpack.hpack import Encoder
+
+
+SAMPLE_SETTINGS = {
+    SettingsFrame.HEADER_TABLE_SIZE: 4096,
+    SettingsFrame.ENABLE_PUSH: 1,
+    SettingsFrame.MAX_CONCURRENT_STREAMS: 2,
+}
+
+
+class FrameFactory(object):
+    """
+    A class containing lots of helper methods and state to build frames. This
+    allows test cases to easily build correct HTTP/2 frames to feed to
+    hyper-h2.
+    """
+    def __init__(self):
+        self.encoder = Encoder()
+
+    def refresh_encoder(self):
+        self.encoder = Encoder()
+
+    def preamble(self):
+        return b'PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n'
+
+    def build_headers_frame(self,
+                            headers,
+                            flags=[],
+                            stream_id=1,
+                            **priority_kwargs):
+        """
+        Builds a single valid headers frame out of the contained headers.
+        """
+        f = HeadersFrame(stream_id)
+        f.data = self.encoder.encode(headers)
+        f.flags.add('END_HEADERS')
+        for flag in flags:
+            f.flags.add(flag)
+
+        for k, v in priority_kwargs.items():
+            setattr(f, k, v)
+
+        return f
+
+    def build_continuation_frame(self, header_block, flags=[], stream_id=1):
+        """
+        Builds a single continuation frame out of the binary header block.
+        """
+        f = ContinuationFrame(stream_id)
+        f.data = header_block
+        f.flags = set(flags)
+
+        return f
+
+    def build_data_frame(self, data, flags=None, stream_id=1, padding_len=0):
+        """
+        Builds a single data frame out of a chunk of data.
+        """
+        flags = set(flags) if flags is not None else set()
+        f = DataFrame(stream_id)
+        f.data = data
+        f.flags = flags
+
+        if padding_len:
+            flags.add('PADDED')
+            f.pad_length = padding_len
+
+        return f
+
+    def build_settings_frame(self, settings, ack=False):
+        """
+        Builds a single settings frame.
+        """
+        f = SettingsFrame(0)
+        if ack:
+            f.flags.add('ACK')
+
+        f.settings = settings
+        return f
+
+    def build_window_update_frame(self, stream_id, increment):
+        """
+        Builds a single WindowUpdate frame.
+        """
+        f = WindowUpdateFrame(stream_id)
+        f.window_increment = increment
+        return f
+
+    def build_ping_frame(self, ping_data, flags=None):
+        """
+        Builds a single Ping frame.
+        """
+        f = PingFrame(0)
+        f.opaque_data = ping_data
+        if flags:
+            f.flags = set(flags)
+
+        return f
+
+    def build_goaway_frame(self,
+                           last_stream_id,
+                           error_code=0,
+                           additional_data=b''):
+        """
+        Builds a single GOAWAY frame.
+        """
+        f = GoAwayFrame(0)
+        f.error_code = error_code
+        f.last_stream_id = last_stream_id
+        f.additional_data = additional_data
+        return f
+
+    def build_rst_stream_frame(self, stream_id, error_code=0):
+        """
+        Builds a single RST_STREAM frame.
+        """
+        f = RstStreamFrame(stream_id)
+        f.error_code = error_code
+        return f
+
+    def build_push_promise_frame(self,
+                                 stream_id,
+                                 promised_stream_id,
+                                 headers,
+                                 flags=[]):
+        """
+        Builds a single PUSH_PROMISE frame.
+        """
+        f = PushPromiseFrame(stream_id)
+        f.promised_stream_id = promised_stream_id
+        f.data = self.encoder.encode(headers)
+        f.flags = set(flags)
+        f.flags.add('END_HEADERS')
+        return f
+
+    def build_priority_frame(self,
+                             stream_id,
+                             weight,
+                             depends_on=0,
+                             exclusive=False):
+        """
+        Builds a single priority frame.
+        """
+        f = PriorityFrame(stream_id)
+        f.depends_on = depends_on
+        f.stream_weight = weight
+        f.exclusive = exclusive
+        return f
+
+    def build_alt_svc_frame(self, stream_id, origin, field):
+        """
+        Builds a single ALTSVC frame.
+        """
+        f = AltSvcFrame(stream_id)
+        f.origin = origin
+        f.field = field
+        return f
+
+    def change_table_size(self, new_size):
+        """
+        Causes the encoder to send a dynamic size update in the next header
+        block it sends.
+        """
+        self.encoder.header_table_size = new_size
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_basic_logic.py b/testing/web-platform/tests/tools/third_party/h2/test/test_basic_logic.py
new file mode 100644
index 0000000000..7df99a6a57
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_basic_logic.py
@@ -0,0 +1,1877 @@
+# -*- coding: utf-8 -*-
+"""
+test_basic_logic
+~~~~~~~~~~~~~~~~
+
+Test the basic logic of the h2 state machines.
+"""
+import random
+import sys
+
+import hyperframe
+import pytest
+
+import h2.config
+import h2.connection
+import h2.errors
+import h2.events
+import h2.exceptions
+import h2.frame_buffer
+import h2.settings
+import h2.stream
+
+import helpers
+
+from hypothesis import given
+from hypothesis.strategies import integers
+
+
+IS_PYTHON3 = sys.version_info >= (3, 0)
+
+
+class TestBasicClient(object):
+    """
+    Basic client-side tests.
+    """
+    example_request_headers = [
+        (u':authority', u'example.com'),
+        (u':path', u'/'),
+        (u':scheme', u'https'),
+        (u':method', u'GET'),
+    ]
+    bytes_example_request_headers = [
+        (b':authority', b'example.com'),
+        (b':path', b'/'),
+        (b':scheme', b'https'),
+        (b':method', b'GET'),
+    ]
+    example_response_headers = [
+        (u':status', u'200'),
+        (u'server', u'fake-serv/0.1.0')
+    ]
+    bytes_example_response_headers = [
+        (b':status', b'200'),
+        (b'server', b'fake-serv/0.1.0')
+    ]
+
+    def test_begin_connection(self, frame_factory):
+        """
+        Client connections emit the HTTP/2 preamble.
+        """
+        c = h2.connection.H2Connection()
+        expected_settings = frame_factory.build_settings_frame(
+            c.local_settings
+        )
+        expected_data = (
+            b'PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n' + expected_settings.serialize()
+        )
+
+        events = c.initiate_connection()
+        assert not events
+        assert c.data_to_send() == expected_data
+
+    def test_sending_headers(self):
+        """
+        Single headers frames are correctly encoded.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+
+        # Clear the data, then send headers.
+        c.clear_outbound_data_buffer()
+        events = c.send_headers(1, self.example_request_headers)
+        assert not events
+        assert c.data_to_send() == (
+            b'\x00\x00\r\x01\x04\x00\x00\x00\x01'
+            b'A\x88/\x91\xd3]\x05\\\x87\xa7\x84\x87\x82'
+        )
+
+    def test_sending_data(self):
+        """
+        Single data frames are encoded correctly.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers)
+
+        # Clear the data, then send some data.
+        c.clear_outbound_data_buffer()
+        events = c.send_data(1, b'some data')
+        assert not events
+        data_to_send = c.data_to_send()
+        assert (
+            data_to_send == b'\x00\x00\t\x00\x00\x00\x00\x00\x01some data'
+        )
+
+        buffer = h2.frame_buffer.FrameBuffer(server=False)
+        buffer.max_frame_size = 65535
+        buffer.add_data(data_to_send)
+        data_frame = list(buffer)[0]
+        sanity_check_data_frame(
+            data_frame=data_frame,
+            expected_flow_controlled_length=len(b'some data'),
+            expect_padded_flag=False,
+            expected_data_frame_pad_length=0
+        )
+
+    def test_sending_data_in_memoryview(self):
+        """
+        Support memoryview for sending data.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers)
+
+        # Clear the data, then send some data.
+        c.clear_outbound_data_buffer()
+        events = c.send_data(1, memoryview(b'some data'))
+        assert not events
+        data_to_send = c.data_to_send()
+        assert (
+            data_to_send == b'\x00\x00\t\x00\x00\x00\x00\x00\x01some data'
+        )
+
+    def test_sending_data_with_padding(self):
+        """
+        Single data frames with padding are encoded correctly.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers)
+
+        # Clear the data, then send some data.
+        c.clear_outbound_data_buffer()
+        events = c.send_data(1, b'some data', pad_length=5)
+        assert not events
+        data_to_send = c.data_to_send()
+        assert data_to_send == (
+            b'\x00\x00\x0f\x00\x08\x00\x00\x00\x01'
+            b'\x05some data\x00\x00\x00\x00\x00'
+        )
+
+        buffer = h2.frame_buffer.FrameBuffer(server=False)
+        buffer.max_frame_size = 65535
+        buffer.add_data(data_to_send)
+        data_frame = list(buffer)[0]
+        sanity_check_data_frame(
+            data_frame=data_frame,
+            expected_flow_controlled_length=len(b'some data') + 1 + 5,
+            expect_padded_flag=True,
+            expected_data_frame_pad_length=5
+        )
+
+    def test_sending_data_with_zero_length_padding(self):
+        """
+        Single data frames with zero-length padding are encoded
+        correctly.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers)
+
+        # Clear the data, then send some data.
+        c.clear_outbound_data_buffer()
+        events = c.send_data(1, b'some data', pad_length=0)
+        assert not events
+        data_to_send = c.data_to_send()
+        assert data_to_send == (
+            b'\x00\x00\x0a\x00\x08\x00\x00\x00\x01'
+            b'\x00some data'
+        )
+
+        buffer = h2.frame_buffer.FrameBuffer(server=False)
+        buffer.max_frame_size = 65535
+        buffer.add_data(data_to_send)
+        data_frame = list(buffer)[0]
+        sanity_check_data_frame(
+            data_frame=data_frame,
+            expected_flow_controlled_length=len(b'some data') + 1,
+            expect_padded_flag=True,
+            expected_data_frame_pad_length=0
+        )
+
+    @pytest.mark.parametrize("expected_error,pad_length", [
+        (None,  0),
+        (None, 255),
+        (None, None),
+        (ValueError, -1),
+        (ValueError, 256),
+        (TypeError, 'invalid'),
+        (TypeError, ''),
+        (TypeError, '10'),
+        (TypeError, {}),
+        (TypeError, ['1', '2', '3']),
+        (TypeError, []),
+        (TypeError, 1.5),
+        (TypeError, 1.0),
+        (TypeError, -1.0),
+    ])
+    def test_sending_data_with_invalid_padding_length(self,
+                                                      expected_error,
+                                                      pad_length):
+        """
+        ``send_data`` with a ``pad_length`` parameter that is an integer
+        outside the range of [0, 255] throws a ``ValueError``, and a
+        ``pad_length`` parameter which is not an ``integer`` type
+        throws a ``TypeError``.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers)
+
+        c.clear_outbound_data_buffer()
+        if expected_error is not None:
+            with pytest.raises(expected_error):
+                c.send_data(1, b'some data', pad_length=pad_length)
+        else:
+            c.send_data(1, b'some data', pad_length=pad_length)
+
+    def test_closing_stream_sending_data(self, frame_factory):
+        """
+        We can close a stream with a data frame.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers)
+
+        f = frame_factory.build_data_frame(
+            data=b'some data',
+            flags=['END_STREAM'],
+        )
+
+        # Clear the data, then send some data.
+        c.clear_outbound_data_buffer()
+        events = c.send_data(1, b'some data', end_stream=True)
+        assert not events
+        assert c.data_to_send() == f.serialize()
+
+    def test_receiving_a_response(self, frame_factory):
+        """
+        When receiving a response, the ResponseReceived event fires.
+        """
+        config = h2.config.H2Configuration(header_encoding='utf-8')
+        c = h2.connection.H2Connection(config=config)
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers, end_stream=True)
+
+        # Clear the data
+        f = frame_factory.build_headers_frame(
+            self.example_response_headers
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.ResponseReceived)
+        assert event.stream_id == 1
+        assert event.headers == self.example_response_headers
+
+    def test_receiving_a_response_bytes(self, frame_factory):
+        """
+        When receiving a response, the ResponseReceived event fires with bytes
+        headers if the encoding is set appropriately.
+        """
+        config = h2.config.H2Configuration(header_encoding=False)
+        c = h2.connection.H2Connection(config=config)
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers, end_stream=True)
+
+        # Clear the data
+        f = frame_factory.build_headers_frame(
+            self.example_response_headers
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.ResponseReceived)
+        assert event.stream_id == 1
+        assert event.headers == self.bytes_example_response_headers
+
+    def test_receiving_a_response_change_encoding(self, frame_factory):
+        """
+        When receiving a response, the ResponseReceived event fires with bytes
+        headers if the encoding is set appropriately, but if this changes then
+        the change reflects it.
+        """
+        config = h2.config.H2Configuration(header_encoding=False)
+        c = h2.connection.H2Connection(config=config)
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers, end_stream=True)
+
+        f = frame_factory.build_headers_frame(
+            self.example_response_headers
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.ResponseReceived)
+        assert event.stream_id == 1
+        assert event.headers == self.bytes_example_response_headers
+
+        c.send_headers(3, self.example_request_headers, end_stream=True)
+        c.config.header_encoding = 'utf-8'
+        f = frame_factory.build_headers_frame(
+            self.example_response_headers,
+            stream_id=3,
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.ResponseReceived)
+        assert event.stream_id == 3
+        assert event.headers == self.example_response_headers
+
+    def test_end_stream_without_data(self, frame_factory):
+        """
+        Ending a stream without data emits a zero-length DATA frame with
+        END_STREAM set.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers, end_stream=False)
+
+        # Clear the data
+        c.clear_outbound_data_buffer()
+        f = frame_factory.build_data_frame(b'', flags=['END_STREAM'])
+        events = c.end_stream(1)
+
+        assert not events
+        assert c.data_to_send() == f.serialize()
+
+    def test_cannot_send_headers_on_lower_stream_id(self):
+        """
+        Once stream ID x has been used, cannot use stream ID y where y < x.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(3, self.example_request_headers, end_stream=False)
+
+        with pytest.raises(h2.exceptions.StreamIDTooLowError) as e:
+            c.send_headers(1, self.example_request_headers, end_stream=True)
+
+        assert e.value.stream_id == 1
+        assert e.value.max_stream_id == 3
+
+    def test_receiving_pushed_stream(self, frame_factory):
+        """
+        Pushed streams fire a PushedStreamReceived event, followed by
+        ResponseReceived when the response headers are received.
+        """
+        config = h2.config.H2Configuration(header_encoding='utf-8')
+        c = h2.connection.H2Connection(config=config)
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers, end_stream=False)
+
+        f1 = frame_factory.build_headers_frame(
+            self.example_response_headers
+        )
+        f2 = frame_factory.build_push_promise_frame(
+            stream_id=1,
+            promised_stream_id=2,
+            headers=self.example_request_headers,
+            flags=['END_HEADERS'],
+        )
+        f3 = frame_factory.build_headers_frame(
+            self.example_response_headers,
+            stream_id=2,
+        )
+        data = b''.join(x.serialize() for x in [f1, f2, f3])
+
+        events = c.receive_data(data)
+
+        assert len(events) == 3
+        stream_push_event = events[1]
+        response_event = events[2]
+        assert isinstance(stream_push_event, h2.events.PushedStreamReceived)
+        assert isinstance(response_event, h2.events.ResponseReceived)
+
+        assert stream_push_event.pushed_stream_id == 2
+        assert stream_push_event.parent_stream_id == 1
+        assert (
+            stream_push_event.headers == self.example_request_headers
+        )
+        assert response_event.stream_id == 2
+        assert response_event.headers == self.example_response_headers
+
+    def test_receiving_pushed_stream_bytes(self, frame_factory):
+        """
+        Pushed headers are not decoded if the header encoding is set to False.
+        """
+        config = h2.config.H2Configuration(header_encoding=False)
+        c = h2.connection.H2Connection(config=config)
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers, end_stream=False)
+
+        f1 = frame_factory.build_headers_frame(
+            self.example_response_headers
+        )
+        f2 = frame_factory.build_push_promise_frame(
+            stream_id=1,
+            promised_stream_id=2,
+            headers=self.example_request_headers,
+            flags=['END_HEADERS'],
+        )
+        f3 = frame_factory.build_headers_frame(
+            self.example_response_headers,
+            stream_id=2,
+        )
+        data = b''.join(x.serialize() for x in [f1, f2, f3])
+
+        events = c.receive_data(data)
+
+        assert len(events) == 3
+        stream_push_event = events[1]
+        response_event = events[2]
+        assert isinstance(stream_push_event, h2.events.PushedStreamReceived)
+        assert isinstance(response_event, h2.events.ResponseReceived)
+
+        assert stream_push_event.pushed_stream_id == 2
+        assert stream_push_event.parent_stream_id == 1
+        assert (
+            stream_push_event.headers == self.bytes_example_request_headers
+        )
+        assert response_event.stream_id == 2
+        assert response_event.headers == self.bytes_example_response_headers
+
+    def test_cannot_receive_pushed_stream_when_enable_push_is_0(self,
+                                                                frame_factory):
+        """
+        If we have set SETTINGS_ENABLE_PUSH to 0, receiving PUSH_PROMISE frames
+        triggers the connection to be closed.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.local_settings.enable_push = 0
+        c.send_headers(1, self.example_request_headers, end_stream=False)
+
+        f1 = frame_factory.build_settings_frame({}, ack=True)
+        f2 = frame_factory.build_headers_frame(
+            self.example_response_headers
+        )
+        f3 = frame_factory.build_push_promise_frame(
+            stream_id=1,
+            promised_stream_id=2,
+            headers=self.example_request_headers,
+            flags=['END_HEADERS'],
+        )
+        c.receive_data(f1.serialize())
+        c.receive_data(f2.serialize())
+        c.clear_outbound_data_buffer()
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(f3.serialize())
+
+        expected_frame = frame_factory.build_goaway_frame(
+            0, h2.errors.ErrorCodes.PROTOCOL_ERROR
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_receiving_response_no_body(self, frame_factory):
+        """
+        Receiving a response without a body fires two events, ResponseReceived
+        and StreamEnded.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers, end_stream=True)
+
+        f = frame_factory.build_headers_frame(
+            self.example_response_headers,
+            flags=['END_STREAM']
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 2
+        response_event = events[0]
+        end_stream = events[1]
+
+        assert isinstance(response_event, h2.events.ResponseReceived)
+        assert isinstance(end_stream, h2.events.StreamEnded)
+
+    def test_oversize_headers(self):
+        """
+        Sending headers that are oversized generates a stream of CONTINUATION
+        frames.
+        """
+        all_bytes = [chr(x) for x in range(0, 256)]
+        if IS_PYTHON3:
+            all_bytes = [x.encode('latin1') for x in all_bytes]
+
+        large_binary_string = b''.join(
+            random.choice(all_bytes) for _ in range(0, 256)
+        )
+        test_headers = [
+            (':authority', 'example.com'),
+            (':path', '/'),
+            (':method', 'GET'),
+            (':scheme', 'https'),
+            ('key', large_binary_string)
+        ]
+        c = h2.connection.H2Connection()
+
+        # Greatly shrink the max frame size to force us over.
+        c.max_outbound_frame_size = 48
+        c.initiate_connection()
+        c.send_headers(1, test_headers, end_stream=True)
+
+        # Use the frame buffer here, because we don't care about decoding
+        # the headers. Don't send all the data in because that will force the
+        # frame buffer to stop caching the CONTINUATION frames, so instead
+        # send all but one byte.
+        buffer = h2.frame_buffer.FrameBuffer(server=True)
+        buffer.max_frame_size = 65535
+        data = c.data_to_send()
+        buffer.add_data(data[:-1])
+
+        # Drain the buffer, confirming that it only provides a single frame
+        # (the settings frame)
+        assert len(list(buffer)) == 1
+
+        # Get the cached frames.
+        frames = buffer._headers_buffer
+
+        # Split the frames up.
+        headers_frame = frames[0]
+        continuation_frames = frames[1:]
+
+        assert isinstance(headers_frame, hyperframe.frame.HeadersFrame)
+        assert all(
+            map(
+                lambda f: isinstance(f, hyperframe.frame.ContinuationFrame),
+                continuation_frames)
+        )
+        assert all(
+            map(lambda f: len(f.data) <= c.max_outbound_frame_size, frames)
+        )
+
+        assert frames[0].flags == {'END_STREAM'}
+
+        buffer.add_data(data[-1:])
+        headers = list(buffer)[0]
+        assert isinstance(headers, hyperframe.frame.HeadersFrame)
+
+    def test_handle_stream_reset(self, frame_factory):
+        """
+        Streams being remotely reset fires a StreamReset event.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers, end_stream=True)
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_rst_stream_frame(
+            stream_id=1,
+            error_code=h2.errors.ErrorCodes.STREAM_CLOSED,
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.StreamReset)
+        assert event.stream_id == 1
+        assert event.error_code is h2.errors.ErrorCodes.STREAM_CLOSED
+        assert isinstance(event.error_code, h2.errors.ErrorCodes)
+        assert event.remote_reset
+
+    def test_handle_stream_reset_with_unknown_erorr_code(self, frame_factory):
+        """
+        Streams being remotely reset with unknown error codes behave exactly as
+        they do with known error codes, but the error code on the event is an
+        int, instead of being an ErrorCodes.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers, end_stream=True)
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_rst_stream_frame(stream_id=1, error_code=0xFA)
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.StreamReset)
+        assert event.stream_id == 1
+        assert event.error_code == 250
+        assert not isinstance(event.error_code, h2.errors.ErrorCodes)
+        assert event.remote_reset
+
+    def test_can_consume_partial_data_from_connection(self):
+        """
+        We can do partial reads from the connection.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+
+        assert len(c.data_to_send(2)) == 2
+        assert len(c.data_to_send(3)) == 3
+        assert 0 < len(c.data_to_send(500)) < 500
+        assert len(c.data_to_send(10)) == 0
+        assert len(c.data_to_send()) == 0
+
+    def test_we_can_update_settings(self, frame_factory):
+        """
+        Updating the settings emits a SETTINGS frame.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.clear_outbound_data_buffer()
+
+        new_settings = {
+            h2.settings.SettingCodes.HEADER_TABLE_SIZE: 52,
+            h2.settings.SettingCodes.ENABLE_PUSH: 0,
+        }
+        events = c.update_settings(new_settings)
+        assert not events
+
+        f = frame_factory.build_settings_frame(new_settings)
+        assert c.data_to_send() == f.serialize()
+
+    def test_settings_get_acked_correctly(self, frame_factory):
+        """
+        When settings changes are ACKed, they contain the changed settings.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+
+        new_settings = {
+            h2.settings.SettingCodes.HEADER_TABLE_SIZE: 52,
+            h2.settings.SettingCodes.ENABLE_PUSH: 0,
+        }
+        c.update_settings(new_settings)
+
+        f = frame_factory.build_settings_frame({}, ack=True)
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.SettingsAcknowledged)
+        assert len(event.changed_settings) == len(new_settings)
+        for setting, value in new_settings.items():
+            assert event.changed_settings[setting].new_value == value
+
+    def test_cannot_create_new_outbound_stream_over_limit(self, frame_factory):
+        """
+        When the number of outbound streams exceeds the remote peer's
+        MAX_CONCURRENT_STREAMS setting, attempting to open new streams fails.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+
+        f = frame_factory.build_settings_frame(
+            {h2.settings.SettingCodes.MAX_CONCURRENT_STREAMS: 1}
+        )
+        c.receive_data(f.serialize())[0]
+
+        c.send_headers(1, self.example_request_headers)
+
+        with pytest.raises(h2.exceptions.TooManyStreamsError):
+            c.send_headers(3, self.example_request_headers)
+
+    def test_can_receive_trailers(self, frame_factory):
+        """
+        When two HEADERS blocks are received in the same stream from a
+        server, the second set are trailers.
+        """
+        config = h2.config.H2Configuration(header_encoding='utf-8')
+        c = h2.connection.H2Connection(config=config)
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers)
+        f = frame_factory.build_headers_frame(self.example_response_headers)
+        c.receive_data(f.serialize())
+
+        # Send in trailers.
+        trailers = [('content-length', '0')]
+        f = frame_factory.build_headers_frame(
+            trailers,
+            flags=['END_STREAM'],
+        )
+        events = c.receive_data(f.serialize())
+        assert len(events) == 2
+
+        event = events[0]
+        assert isinstance(event, h2.events.TrailersReceived)
+        assert event.headers == trailers
+        assert event.stream_id == 1
+
+    def test_reject_trailers_not_ending_stream(self, frame_factory):
+        """
+        When trailers are received without the END_STREAM flag being present,
+        this is a ProtocolError.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers)
+        f = frame_factory.build_headers_frame(self.example_response_headers)
+        c.receive_data(f.serialize())
+
+        # Send in trailers.
+        c.clear_outbound_data_buffer()
+        trailers = [('content-length', '0')]
+        f = frame_factory.build_headers_frame(
+            trailers,
+            flags=[],
+        )
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(f.serialize())
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=0, error_code=h2.errors.ErrorCodes.PROTOCOL_ERROR,
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_can_send_trailers(self, frame_factory):
+        """
+        When a second set of headers are sent, they are properly trailers.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.clear_outbound_data_buffer()
+        c.send_headers(1, self.example_request_headers)
+
+        # Now send trailers.
+        trailers = [('content-length', '0')]
+        c.send_headers(1, trailers, end_stream=True)
+
+        frame_factory.refresh_encoder()
+        f1 = frame_factory.build_headers_frame(
+            self.example_request_headers,
+        )
+        f2 = frame_factory.build_headers_frame(
+            trailers,
+            flags=['END_STREAM'],
+        )
+        assert c.data_to_send() == f1.serialize() + f2.serialize()
+
+    def test_trailers_must_have_end_stream(self, frame_factory):
+        """
+        A set of trailers must carry the END_STREAM flag.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+
+        # Send headers.
+        c.send_headers(1, self.example_request_headers)
+
+        # Now send trailers.
+        trailers = [('content-length', '0')]
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.send_headers(1, trailers)
+
+    def test_headers_are_lowercase(self, frame_factory):
+        """
+        When headers are sent, they are forced to lower-case.
+        """
+        weird_headers = self.example_request_headers + [
+            ('ChAnGiNg-CaSe', 'AlsoHere'),
+            ('alllowercase', 'alllowercase'),
+            ('ALLCAPS', 'ALLCAPS'),
+        ]
+        expected_headers = self.example_request_headers + [
+            ('changing-case', 'AlsoHere'),
+            ('alllowercase', 'alllowercase'),
+            ('allcaps', 'ALLCAPS'),
+        ]
+
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.clear_outbound_data_buffer()
+
+        c.send_headers(1, weird_headers)
+        expected_frame = frame_factory.build_headers_frame(
+            headers=expected_headers
+        )
+
+        assert c.data_to_send() == expected_frame.serialize()
+
+    @given(frame_size=integers(min_value=2**14, max_value=(2**24 - 1)))
+    def test_changing_max_frame_size(self, frame_factory, frame_size):
+        """
+        When the user changes the max frame size and the change is ACKed, the
+        remote peer is now bound by the new frame size.
+        """
+        # We need to refresh the encoder because hypothesis has a problem with
+        # integrating with py.test, meaning that we use the same frame factory
+        # for all tests.
+        # See https://github.com/HypothesisWorks/hypothesis-python/issues/377
+        frame_factory.refresh_encoder()
+
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+
+        # Set up the stream.
+        c.send_headers(1, self.example_request_headers, end_stream=True)
+        headers_frame = frame_factory.build_headers_frame(
+            headers=self.example_response_headers,
+        )
+        c.receive_data(headers_frame.serialize())
+
+        # Change the max frame size.
+        c.update_settings(
+            {h2.settings.SettingCodes.MAX_FRAME_SIZE: frame_size}
+        )
+        settings_ack = frame_factory.build_settings_frame({}, ack=True)
+        c.receive_data(settings_ack.serialize())
+
+        # Greatly increase the flow control windows: we're not here to test
+        # flow control today.
+        c.increment_flow_control_window(increment=(2 * frame_size) + 1)
+        c.increment_flow_control_window(
+            increment=(2 * frame_size) + 1, stream_id=1
+        )
+
+        # Send one DATA frame that is exactly the max frame size: confirm it's
+        # fine.
+        data = frame_factory.build_data_frame(
+            data=(b'\x00' * frame_size),
+        )
+        events = c.receive_data(data.serialize())
+        assert len(events) == 1
+        assert isinstance(events[0], h2.events.DataReceived)
+        assert events[0].flow_controlled_length == frame_size
+
+        # Send one that is one byte too large: confirm a protocol error is
+        # raised.
+        data.data += b'\x00'
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(data.serialize())
+
+    def test_cookies_are_joined_on_push(self, frame_factory):
+        """
+        RFC 7540 Section 8.1.2.5 requires that we join multiple Cookie headers
+        in a header block together when they're received on a push.
+        """
+        # This is a moderately varied set of cookie headers: some combined,
+        # some split.
+        cookie_headers = [
+            ('cookie',
+                'username=John Doe; expires=Thu, 18 Dec 2013 12:00:00 UTC'),
+            ('cookie', 'path=1'),
+            ('cookie', 'test1=val1; test2=val2')
+        ]
+        expected = (
+            'username=John Doe; expires=Thu, 18 Dec 2013 12:00:00 UTC; '
+            'path=1; test1=val1; test2=val2'
+        )
+
+        config = h2.config.H2Configuration(header_encoding='utf-8')
+        c = h2.connection.H2Connection(config=config)
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers, end_stream=True)
+
+        f = frame_factory.build_push_promise_frame(
+            stream_id=1,
+            promised_stream_id=2,
+            headers=self.example_request_headers + cookie_headers
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        e = events[0]
+
+        cookie_fields = [(n, v) for n, v in e.headers if n == 'cookie']
+        assert len(cookie_fields) == 1
+
+        _, v = cookie_fields[0]
+        assert v == expected
+
+    def test_cookies_arent_joined_without_normalization(self, frame_factory):
+        """
+        If inbound header normalization is disabled, cookie headers aren't
+        joined.
+        """
+        # This is a moderately varied set of cookie headers: some combined,
+        # some split.
+        cookie_headers = [
+            ('cookie',
+                'username=John Doe; expires=Thu, 18 Dec 2013 12:00:00 UTC'),
+            ('cookie', 'path=1'),
+            ('cookie', 'test1=val1; test2=val2')
+        ]
+
+        config = h2.config.H2Configuration(
+            client_side=True,
+            normalize_inbound_headers=False,
+            header_encoding='utf-8'
+        )
+        c = h2.connection.H2Connection(config=config)
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers, end_stream=True)
+
+        f = frame_factory.build_push_promise_frame(
+            stream_id=1,
+            promised_stream_id=2,
+            headers=self.example_request_headers + cookie_headers
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        e = events[0]
+
+        received_cookies = [(n, v) for n, v in e.headers if n == 'cookie']
+        assert len(received_cookies) == 3
+        assert cookie_headers == received_cookies
+
+
+class TestBasicServer(object):
+    """
+    Basic server-side tests.
+    """
+    example_request_headers = [
+        (u':authority', u'example.com'),
+        (u':path', u'/'),
+        (u':scheme', u'https'),
+        (u':method', u'GET'),
+    ]
+    bytes_example_request_headers = [
+        (b':authority', b'example.com'),
+        (b':path', b'/'),
+        (b':scheme', b'https'),
+        (b':method', b'GET'),
+    ]
+    example_response_headers = [
+        (':status', '200'),
+        ('server', 'hyper-h2/0.1.0')
+    ]
+    server_config = h2.config.H2Configuration(
+        client_side=False, header_encoding='utf-8'
+    )
+
+    def test_ignores_preamble(self):
+        """
+        The preamble does not cause any events or frames to be written.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        preamble = b'PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n'
+
+        events = c.receive_data(preamble)
+        assert not events
+        assert not c.data_to_send()
+
+    @pytest.mark.parametrize("chunk_size", range(1, 24))
+    def test_drip_feed_preamble(self, chunk_size):
+        """
+        The preamble can be sent in in less than a single buffer.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        preamble = b'PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n'
+        events = []
+
+        for i in range(0, len(preamble), chunk_size):
+            events += c.receive_data(preamble[i:i+chunk_size])
+
+        assert not events
+        assert not c.data_to_send()
+
+    def test_initiate_connection_sends_server_preamble(self, frame_factory):
+        """
+        For server-side connections, initiate_connection sends a server
+        preamble.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        expected_settings = frame_factory.build_settings_frame(
+            c.local_settings
+        )
+        expected_data = expected_settings.serialize()
+
+        events = c.initiate_connection()
+        assert not events
+        assert c.data_to_send() == expected_data
+
+    def test_headers_event(self, frame_factory):
+        """
+        When a headers frame is received a RequestReceived event fires.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_headers_frame(self.example_request_headers)
+        data = f.serialize()
+        events = c.receive_data(data)
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.RequestReceived)
+        assert event.stream_id == 1
+        assert event.headers == self.example_request_headers
+
+    def test_headers_event_bytes(self, frame_factory):
+        """
+        When a headers frame is received a RequestReceived event fires with
+        bytes headers if the encoding is set appropriately.
+        """
+        config = h2.config.H2Configuration(
+            client_side=False, header_encoding=False
+        )
+        c = h2.connection.H2Connection(config=config)
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_headers_frame(self.example_request_headers)
+        data = f.serialize()
+        events = c.receive_data(data)
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.RequestReceived)
+        assert event.stream_id == 1
+        assert event.headers == self.bytes_example_request_headers
+
+    def test_data_event(self, frame_factory):
+        """
+        Test that data received on a stream fires a DataReceived event.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+
+        f1 = frame_factory.build_headers_frame(
+            self.example_request_headers, stream_id=3
+        )
+        f2 = frame_factory.build_data_frame(
+            b'some request data',
+            stream_id=3,
+        )
+        data = b''.join(map(lambda f: f.serialize(), [f1, f2]))
+        events = c.receive_data(data)
+
+        assert len(events) == 2
+        event = events[1]
+
+        assert isinstance(event, h2.events.DataReceived)
+        assert event.stream_id == 3
+        assert event.data == b'some request data'
+        assert event.flow_controlled_length == 17
+
+    def test_data_event_with_padding(self, frame_factory):
+        """
+        Test that data received on a stream fires a DataReceived event that
+        accounts for padding.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+
+        f1 = frame_factory.build_headers_frame(
+            self.example_request_headers, stream_id=3
+        )
+        f2 = frame_factory.build_data_frame(
+            b'some request data',
+            stream_id=3,
+            padding_len=20
+        )
+        data = b''.join(map(lambda f: f.serialize(), [f1, f2]))
+        events = c.receive_data(data)
+
+        assert len(events) == 2
+        event = events[1]
+
+        assert isinstance(event, h2.events.DataReceived)
+        assert event.stream_id == 3
+        assert event.data == b'some request data'
+        assert event.flow_controlled_length == 17 + 20 + 1
+
+    def test_receiving_ping_frame(self, frame_factory):
+        """
+        Ping frames should be immediately ACKed.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+
+        ping_data = b'\x01' * 8
+        sent_frame = frame_factory.build_ping_frame(ping_data)
+        expected_frame = frame_factory.build_ping_frame(
+            ping_data, flags=["ACK"]
+        )
+        expected_data = expected_frame.serialize()
+
+        c.clear_outbound_data_buffer()
+        events = c.receive_data(sent_frame.serialize())
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.PingReceived)
+        assert event.ping_data == ping_data
+
+        assert c.data_to_send() == expected_data
+
+    def test_receiving_settings_frame_event(self, frame_factory):
+        """
+        Settings frames should cause a RemoteSettingsChanged event to fire.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_settings_frame(
+            settings=helpers.SAMPLE_SETTINGS
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.RemoteSettingsChanged)
+        assert len(event.changed_settings) == len(helpers.SAMPLE_SETTINGS)
+
+    def test_acknowledging_settings(self, frame_factory):
+        """
+        Acknowledging settings causes appropriate Settings frame to be emitted.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+
+        received_frame = frame_factory.build_settings_frame(
+            settings=helpers.SAMPLE_SETTINGS
+        )
+        expected_frame = frame_factory.build_settings_frame(
+            settings={}, ack=True
+        )
+        expected_data = expected_frame.serialize()
+
+        c.clear_outbound_data_buffer()
+        events = c.receive_data(received_frame.serialize())
+
+        assert len(events) == 1
+        assert c.data_to_send() == expected_data
+
+    def test_close_connection(self, frame_factory):
+        """
+        Closing the connection with no error code emits a GOAWAY frame with
+        error code 0.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        f = frame_factory.build_goaway_frame(last_stream_id=0)
+        expected_data = f.serialize()
+
+        c.clear_outbound_data_buffer()
+        events = c.close_connection()
+
+        assert not events
+        assert c.data_to_send() == expected_data
+
+    @pytest.mark.parametrize("error_code", h2.errors.ErrorCodes)
+    def test_close_connection_with_error_code(self, frame_factory, error_code):
+        """
+        Closing the connection with an error code emits a GOAWAY frame with
+        that error code.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        f = frame_factory.build_goaway_frame(
+            error_code=error_code, last_stream_id=0
+        )
+        expected_data = f.serialize()
+
+        c.clear_outbound_data_buffer()
+        events = c.close_connection(error_code)
+
+        assert not events
+        assert c.data_to_send() == expected_data
+
+    @pytest.mark.parametrize("last_stream_id,output", [
+        (None, 23),
+        (0, 0),
+        (42, 42)
+    ])
+    def test_close_connection_with_last_stream_id(self, frame_factory,
+                                                  last_stream_id, output):
+        """
+        Closing the connection with last_stream_id set emits a GOAWAY frame
+        with that value.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        headers_frame = frame_factory.build_headers_frame(
+            [
+                (':authority', 'example.com'),
+                (':path', '/'),
+                (':scheme', 'https'),
+                (':method', 'GET'),
+            ],
+            stream_id=23)
+        c.receive_data(headers_frame.serialize())
+
+        f = frame_factory.build_goaway_frame(
+            last_stream_id=output
+        )
+        expected_data = f.serialize()
+
+        c.clear_outbound_data_buffer()
+        events = c.close_connection(last_stream_id=last_stream_id)
+
+        assert not events
+        assert c.data_to_send() == expected_data
+
+    @pytest.mark.parametrize("additional_data,output", [
+        (None, b''),
+        (b'', b''),
+        (b'foobar', b'foobar')
+    ])
+    def test_close_connection_with_additional_data(self, frame_factory,
+                                                   additional_data, output):
+        """
+        Closing the connection with additional debug data emits a GOAWAY frame
+        with that data attached.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        f = frame_factory.build_goaway_frame(
+            last_stream_id=0, additional_data=output
+        )
+        expected_data = f.serialize()
+
+        c.clear_outbound_data_buffer()
+        events = c.close_connection(additional_data=additional_data)
+
+        assert not events
+        assert c.data_to_send() == expected_data
+
+    def test_reset_stream(self, frame_factory):
+        """
+        Resetting a stream with no error code emits a RST_STREAM frame with
+        error code 0.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        f = frame_factory.build_headers_frame(self.example_request_headers)
+        c.receive_data(f.serialize())
+        c.clear_outbound_data_buffer()
+
+        expected_frame = frame_factory.build_rst_stream_frame(stream_id=1)
+        expected_data = expected_frame.serialize()
+
+        events = c.reset_stream(stream_id=1)
+
+        assert not events
+        assert c.data_to_send() == expected_data
+
+    @pytest.mark.parametrize("error_code", h2.errors.ErrorCodes)
+    def test_reset_stream_with_error_code(self, frame_factory, error_code):
+        """
+        Resetting a stream with an error code emits a RST_STREAM frame with
+        that error code.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        f = frame_factory.build_headers_frame(
+            self.example_request_headers,
+            stream_id=3
+        )
+        c.receive_data(f.serialize())
+        c.clear_outbound_data_buffer()
+
+        expected_frame = frame_factory.build_rst_stream_frame(
+            stream_id=3, error_code=error_code
+        )
+        expected_data = expected_frame.serialize()
+
+        events = c.reset_stream(stream_id=3, error_code=error_code)
+
+        assert not events
+        assert c.data_to_send() == expected_data
+
+    def test_cannot_reset_nonexistent_stream(self, frame_factory):
+        """
+        Resetting nonexistent streams raises NoSuchStreamError.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        f = frame_factory.build_headers_frame(
+            self.example_request_headers,
+            stream_id=3
+        )
+        c.receive_data(f.serialize())
+
+        with pytest.raises(h2.exceptions.NoSuchStreamError) as e:
+            c.reset_stream(stream_id=1)
+
+        assert e.value.stream_id == 1
+
+        with pytest.raises(h2.exceptions.NoSuchStreamError) as e:
+            c.reset_stream(stream_id=5)
+
+        assert e.value.stream_id == 5
+
+    def test_basic_sending_ping_frame_logic(self, frame_factory):
+        """
+        Sending ping frames serializes a ping frame on stream 0 with
+        approriate opaque data.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        ping_data = b'\x01\x02\x03\x04\x05\x06\x07\x08'
+
+        expected_frame = frame_factory.build_ping_frame(ping_data)
+        expected_data = expected_frame.serialize()
+
+        events = c.ping(ping_data)
+
+        assert not events
+        assert c.data_to_send() == expected_data
+
+    @pytest.mark.parametrize(
+        'opaque_data',
+        [
+            b'',
+            b'\x01\x02\x03\x04\x05\x06\x07',
+            u'abcdefgh',
+            b'too many bytes',
+        ]
+    )
+    def test_ping_frame_opaque_data_must_be_length_8_bytestring(self,
+                                                                frame_factory,
+                                                                opaque_data):
+        """
+        Sending a ping frame only works with 8-byte bytestrings.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+
+        with pytest.raises(ValueError):
+            c.ping(opaque_data)
+
+    def test_receiving_ping_acknowledgement(self, frame_factory):
+        """
+        Receiving a PING acknowledgement fires a PingAckReceived event.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+
+        ping_data = b'\x01\x02\x03\x04\x05\x06\x07\x08'
+
+        f = frame_factory.build_ping_frame(
+            ping_data, flags=['ACK']
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.PingAckReceived)
+        assert isinstance(event, h2.events.PingAcknowledged)  # deprecated
+        assert event.ping_data == ping_data
+
+    def test_stream_ended_remotely(self, frame_factory):
+        """
+        When the remote stream ends with a non-empty data frame a DataReceived
+        event and a StreamEnded event are fired.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+
+        f1 = frame_factory.build_headers_frame(
+            self.example_request_headers, stream_id=3
+        )
+        f2 = frame_factory.build_data_frame(
+            b'some request data',
+            flags=['END_STREAM'],
+            stream_id=3,
+        )
+        data = b''.join(map(lambda f: f.serialize(), [f1, f2]))
+        events = c.receive_data(data)
+
+        assert len(events) == 3
+        data_event = events[1]
+        stream_ended_event = events[2]
+
+        assert isinstance(data_event, h2.events.DataReceived)
+        assert isinstance(stream_ended_event, h2.events.StreamEnded)
+        stream_ended_event.stream_id == 3
+
+    def test_can_push_stream(self, frame_factory):
+        """
+        Pushing a stream causes a PUSH_PROMISE frame to be emitted.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        f = frame_factory.build_headers_frame(
+            self.example_request_headers
+        )
+        c.receive_data(f.serialize())
+
+        frame_factory.refresh_encoder()
+        expected_frame = frame_factory.build_push_promise_frame(
+            stream_id=1,
+            promised_stream_id=2,
+            headers=self.example_request_headers,
+            flags=['END_HEADERS'],
+        )
+
+        c.clear_outbound_data_buffer()
+        c.push_stream(
+            stream_id=1,
+            promised_stream_id=2,
+            request_headers=self.example_request_headers
+        )
+
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_cannot_push_streams_when_disabled(self, frame_factory):
+        """
+        When the remote peer has disabled stream pushing, we should fail.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        f = frame_factory.build_settings_frame(
+            {h2.settings.SettingCodes.ENABLE_PUSH: 0}
+        )
+        c.receive_data(f.serialize())
+
+        f = frame_factory.build_headers_frame(
+            self.example_request_headers
+        )
+        c.receive_data(f.serialize())
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.push_stream(
+                stream_id=1,
+                promised_stream_id=2,
+                request_headers=self.example_request_headers
+            )
+
+    def test_settings_remote_change_header_table_size(self, frame_factory):
+        """
+        Acknowledging a remote HEADER_TABLE_SIZE settings change causes us to
+        change the header table size of our encoder.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+
+        assert c.encoder.header_table_size == 4096
+
+        received_frame = frame_factory.build_settings_frame(
+            {h2.settings.SettingCodes.HEADER_TABLE_SIZE: 80}
+        )
+        c.receive_data(received_frame.serialize())[0]
+
+        assert c.encoder.header_table_size == 80
+
+    def test_settings_local_change_header_table_size(self, frame_factory):
+        """
+        The remote peer acknowledging a local HEADER_TABLE_SIZE settings change
+        does not cause us to change the header table size of our decoder.
+
+        For an explanation of why this test is this way around, see issue #37.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+
+        assert c.decoder.header_table_size == 4096
+
+        expected_frame = frame_factory.build_settings_frame({}, ack=True)
+        c.update_settings(
+            {h2.settings.SettingCodes.HEADER_TABLE_SIZE: 80}
+        )
+        c.receive_data(expected_frame.serialize())
+        c.clear_outbound_data_buffer()
+
+        assert c.decoder.header_table_size == 4096
+
+    def test_restricting_outbound_frame_size_by_settings(self, frame_factory):
+        """
+        The remote peer can shrink the maximum outbound frame size using
+        settings.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_headers_frame(self.example_request_headers)
+        c.receive_data(f.serialize())
+        c.clear_outbound_data_buffer()
+
+        with pytest.raises(h2.exceptions.FrameTooLargeError):
+            c.send_data(1, b'\x01' * 17000)
+
+        received_frame = frame_factory.build_settings_frame(
+            {h2.settings.SettingCodes.MAX_FRAME_SIZE: 17001}
+        )
+        c.receive_data(received_frame.serialize())
+
+        c.send_data(1, b'\x01' * 17000)
+        assert c.data_to_send()
+
+    def test_restricting_inbound_frame_size_by_settings(self, frame_factory):
+        """
+        We throw ProtocolErrors and tear down connections if oversize frames
+        are received.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        h = frame_factory.build_headers_frame(self.example_request_headers)
+        c.receive_data(h.serialize())
+        c.clear_outbound_data_buffer()
+
+        data_frame = frame_factory.build_data_frame(b'\x01' * 17000)
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(data_frame.serialize())
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=1, error_code=h2.errors.ErrorCodes.FRAME_SIZE_ERROR
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_cannot_receive_new_streams_over_limit(self, frame_factory):
+        """
+        When the number of inbound streams exceeds our MAX_CONCURRENT_STREAMS
+        setting, their attempt to open new streams fails.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        c.update_settings(
+            {h2.settings.SettingCodes.MAX_CONCURRENT_STREAMS: 1}
+        )
+        f = frame_factory.build_settings_frame({}, ack=True)
+        c.receive_data(f.serialize())
+
+        f = frame_factory.build_headers_frame(
+            stream_id=1,
+            headers=self.example_request_headers,
+        )
+        c.receive_data(f.serialize())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_headers_frame(
+            stream_id=3,
+            headers=self.example_request_headers,
+        )
+        with pytest.raises(h2.exceptions.TooManyStreamsError):
+            c.receive_data(f.serialize())
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=1, error_code=h2.errors.ErrorCodes.PROTOCOL_ERROR,
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_can_receive_trailers(self, frame_factory):
+        """
+        When two HEADERS blocks are received in the same stream from a
+        client, the second set are trailers.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        f = frame_factory.build_headers_frame(self.example_request_headers)
+        c.receive_data(f.serialize())
+
+        # Send in trailers.
+        trailers = [('content-length', '0')]
+        f = frame_factory.build_headers_frame(
+            trailers,
+            flags=['END_STREAM'],
+        )
+        events = c.receive_data(f.serialize())
+        assert len(events) == 2
+
+        event = events[0]
+        assert isinstance(event, h2.events.TrailersReceived)
+        assert event.headers == trailers
+        assert event.stream_id == 1
+
+    def test_reject_trailers_not_ending_stream(self, frame_factory):
+        """
+        When trailers are received without the END_STREAM flag being present,
+        this is a ProtocolError.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        f = frame_factory.build_headers_frame(self.example_request_headers)
+        c.receive_data(f.serialize())
+
+        # Send in trailers.
+        c.clear_outbound_data_buffer()
+        trailers = [('content-length', '0')]
+        f = frame_factory.build_headers_frame(
+            trailers,
+            flags=[],
+        )
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(f.serialize())
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=1, error_code=h2.errors.ErrorCodes.PROTOCOL_ERROR,
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_can_send_trailers(self, frame_factory):
+        """
+        When a second set of headers are sent, they are properly trailers.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        f = frame_factory.build_headers_frame(self.example_request_headers)
+        c.receive_data(f.serialize())
+
+        # Send headers.
+        c.clear_outbound_data_buffer()
+        c.send_headers(1, self.example_response_headers)
+
+        # Now send trailers.
+        trailers = [('content-length', '0')]
+        c.send_headers(1, trailers, end_stream=True)
+
+        frame_factory.refresh_encoder()
+        f1 = frame_factory.build_headers_frame(
+            self.example_response_headers,
+        )
+        f2 = frame_factory.build_headers_frame(
+            trailers,
+            flags=['END_STREAM'],
+        )
+        assert c.data_to_send() == f1.serialize() + f2.serialize()
+
+    def test_trailers_must_have_end_stream(self, frame_factory):
+        """
+        A set of trailers must carry the END_STREAM flag.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        f = frame_factory.build_headers_frame(self.example_request_headers)
+        c.receive_data(f.serialize())
+
+        # Send headers.
+        c.send_headers(1, self.example_response_headers)
+
+        # Now send trailers.
+        trailers = [('content-length', '0')]
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.send_headers(1, trailers)
+
+    @pytest.mark.parametrize("frame_id", range(12, 256))
+    def test_unknown_frames_are_ignored(self, frame_factory, frame_id):
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_data_frame(data=b'abcdefghtdst')
+        f.type = frame_id
+
+        events = c.receive_data(f.serialize())
+        assert not c.data_to_send()
+        assert len(events) == 1
+        assert isinstance(events[0], h2.events.UnknownFrameReceived)
+        assert isinstance(events[0].frame, hyperframe.frame.ExtensionFrame)
+
+    def test_can_send_goaway_repeatedly(self, frame_factory):
+        """
+        We can send a GOAWAY frame as many times as we like.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        c.close_connection()
+        c.close_connection()
+        c.close_connection()
+
+        f = frame_factory.build_goaway_frame(last_stream_id=0)
+
+        assert c.data_to_send() == (f.serialize() * 3)
+
+    def test_receiving_goaway_frame(self, frame_factory):
+        """
+        Receiving a GOAWAY frame causes a ConnectionTerminated event to be
+        fired and transitions the connection to the CLOSED state, and clears
+        the outbound data buffer.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_goaway_frame(
+            last_stream_id=5, error_code=h2.errors.ErrorCodes.SETTINGS_TIMEOUT
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.ConnectionTerminated)
+        assert event.error_code == h2.errors.ErrorCodes.SETTINGS_TIMEOUT
+        assert isinstance(event.error_code, h2.errors.ErrorCodes)
+        assert event.last_stream_id == 5
+        assert event.additional_data is None
+        assert c.state_machine.state == h2.connection.ConnectionState.CLOSED
+
+        assert not c.data_to_send()
+
+    def test_receiving_multiple_goaway_frames(self, frame_factory):
+        """
+        Multiple GOAWAY frames can be received at once, and are allowed. Each
+        one fires a ConnectionTerminated event.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_goaway_frame(last_stream_id=0)
+        events = c.receive_data(f.serialize() * 3)
+
+        assert len(events) == 3
+        assert all(
+            isinstance(event, h2.events.ConnectionTerminated)
+            for event in events
+        )
+
+    def test_receiving_goaway_frame_with_additional_data(self, frame_factory):
+        """
+        GOAWAY frame can contain additional data,
+        it should be available via ConnectionTerminated event.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        additional_data = b'debug data'
+        f = frame_factory.build_goaway_frame(last_stream_id=0,
+                                             additional_data=additional_data)
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.ConnectionTerminated)
+        assert event.additional_data == additional_data
+
+    def test_receiving_goaway_frame_with_unknown_error(self, frame_factory):
+        """
+        Receiving a GOAWAY frame with an unknown error code behaves exactly the
+        same as receiving one we know about, but the code is reported as an
+        integer instead of as an ErrorCodes.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_goaway_frame(
+            last_stream_id=5, error_code=0xFA
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.ConnectionTerminated)
+        assert event.error_code == 250
+        assert not isinstance(event.error_code, h2.errors.ErrorCodes)
+        assert event.last_stream_id == 5
+        assert event.additional_data is None
+        assert c.state_machine.state == h2.connection.ConnectionState.CLOSED
+
+        assert not c.data_to_send()
+
+    def test_cookies_are_joined(self, frame_factory):
+        """
+        RFC 7540 Section 8.1.2.5 requires that we join multiple Cookie headers
+        in a header block together.
+        """
+        # This is a moderately varied set of cookie headers: some combined,
+        # some split.
+        cookie_headers = [
+            ('cookie',
+                'username=John Doe; expires=Thu, 18 Dec 2013 12:00:00 UTC'),
+            ('cookie', 'path=1'),
+            ('cookie', 'test1=val1; test2=val2')
+        ]
+        expected = (
+            'username=John Doe; expires=Thu, 18 Dec 2013 12:00:00 UTC; '
+            'path=1; test1=val1; test2=val2'
+        )
+
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_headers_frame(
+            self.example_request_headers + cookie_headers
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        e = events[0]
+
+        cookie_fields = [(n, v) for n, v in e.headers if n == 'cookie']
+        assert len(cookie_fields) == 1
+
+        _, v = cookie_fields[0]
+        assert v == expected
+
+    def test_cookies_arent_joined_without_normalization(self, frame_factory):
+        """
+        If inbound header normalization is disabled, cookie headers aren't
+        joined.
+        """
+        # This is a moderately varied set of cookie headers: some combined,
+        # some split.
+        cookie_headers = [
+            ('cookie',
+                'username=John Doe; expires=Thu, 18 Dec 2013 12:00:00 UTC'),
+            ('cookie', 'path=1'),
+            ('cookie', 'test1=val1; test2=val2')
+        ]
+
+        config = h2.config.H2Configuration(
+            client_side=False,
+            normalize_inbound_headers=False,
+            header_encoding='utf-8'
+        )
+        c = h2.connection.H2Connection(config=config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_headers_frame(
+            self.example_request_headers + cookie_headers
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        e = events[0]
+
+        received_cookies = [(n, v) for n, v in e.headers if n == 'cookie']
+        assert len(received_cookies) == 3
+        assert cookie_headers == received_cookies
+
+    def test_stream_repr(self):
+        """
+        Ensure stream string representation is appropriate.
+        """
+        s = h2.stream.H2Stream(4, None, 12, 14)
+        assert repr(s) == "<H2Stream id:4 state:<StreamState.IDLE: 0>>"
+
+
+def sanity_check_data_frame(data_frame,
+                            expected_flow_controlled_length,
+                            expect_padded_flag,
+                            expected_data_frame_pad_length):
+    """
+    ``data_frame`` is a frame of type ``hyperframe.frame.DataFrame``,
+    and the ``flags`` and ``flow_controlled_length`` of ``data_frame``
+    match expectations.
+    """
+
+    assert isinstance(data_frame, hyperframe.frame.DataFrame)
+
+    assert data_frame.flow_controlled_length == expected_flow_controlled_length
+
+    if expect_padded_flag:
+        assert 'PADDED' in data_frame.flags
+    else:
+        assert 'PADDED' not in data_frame.flags
+
+    assert data_frame.pad_length == expected_data_frame_pad_length
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_closed_streams.py b/testing/web-platform/tests/tools/third_party/h2/test/test_closed_streams.py
new file mode 100644
index 0000000000..631a66787a
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_closed_streams.py
@@ -0,0 +1,555 @@
+# -*- coding: utf-8 -*-
+"""
+test_closed_streams
+~~~~~~~~~~~~~~~~~~~
+
+Tests that we handle closed streams correctly.
+"""
+import pytest
+
+import h2.config
+import h2.connection
+import h2.errors
+import h2.events
+import h2.exceptions
+
+
+class TestClosedStreams(object):
+    example_request_headers = [
+        (':authority', 'example.com'),
+        (':path', '/'),
+        (':scheme', 'https'),
+        (':method', 'GET'),
+    ]
+    example_response_headers = [
+        (':status', '200'),
+        ('server', 'fake-serv/0.1.0')
+    ]
+    server_config = h2.config.H2Configuration(client_side=False)
+
+    def test_can_receive_multiple_rst_stream_frames(self, frame_factory):
+        """
+        Multiple RST_STREAM frames can be received, either at once or well
+        after one another. Only the first fires an event.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers, end_stream=True)
+
+        f = frame_factory.build_rst_stream_frame(stream_id=1)
+        events = c.receive_data(f.serialize() * 3)
+
+        # Force an iteration over all the streams to remove them.
+        c.open_outbound_streams
+
+        # Receive more data.
+        events += c.receive_data(f.serialize() * 3)
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.StreamReset)
+
+    def test_receiving_low_stream_id_causes_goaway(self, frame_factory):
+        """
+        The remote peer creating a stream with a lower ID than one we've seen
+        causes a GOAWAY frame.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        c.initiate_connection()
+
+        f = frame_factory.build_headers_frame(
+            self.example_request_headers,
+            stream_id=3,
+        )
+        c.receive_data(f.serialize())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_headers_frame(
+            self.example_request_headers,
+            stream_id=1,
+        )
+
+        with pytest.raises(h2.exceptions.StreamIDTooLowError) as e:
+            c.receive_data(f.serialize())
+
+        assert e.value.stream_id == 1
+        assert e.value.max_stream_id == 3
+
+        f = frame_factory.build_goaway_frame(
+            last_stream_id=3,
+            error_code=h2.errors.ErrorCodes.PROTOCOL_ERROR,
+        )
+        assert c.data_to_send() == f.serialize()
+
+    def test_closed_stream_not_present_in_streams_dict(self, frame_factory):
+        """
+        When streams have been closed, they get removed from the streams
+        dictionary the next time we count the open streams.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        c.initiate_connection()
+
+        f = frame_factory.build_headers_frame(self.example_request_headers)
+        c.receive_data(f.serialize())
+        c.push_stream(1, 2, self.example_request_headers)
+        c.reset_stream(1)
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_rst_stream_frame(stream_id=2)
+        c.receive_data(f.serialize())
+
+        # Force a count of the streams.
+        assert not c.open_outbound_streams
+
+        # The streams dictionary should be empty.
+        assert not c.streams
+
+    def test_receive_rst_stream_on_closed_stream(self, frame_factory):
+        """
+        RST_STREAM frame should be ignored if stream is in a closed state.
+        See RFC 7540 Section 5.1 (closed state)
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+
+        # Client sends request
+        c.send_headers(1, self.example_request_headers)
+
+        # Some time passes and client sends DATA frame and closes stream,
+        # so it is in a half-closed state
+        c.send_data(1, b'some data', end_stream=True)
+
+        # Server received HEADERS frame but DATA frame is still on the way.
+        # Stream is in open state on the server-side. In this state server is
+        # allowed to end stream and reset it - this trick helps immediately
+        # close stream on the server-side.
+        headers_frame = frame_factory.build_headers_frame(
+            [(':status', '200')],
+            flags=['END_STREAM'],
+            stream_id=1,
+        )
+        events = c.receive_data(headers_frame.serialize())
+        assert len(events) == 2
+        response_received, stream_ended = events
+        assert isinstance(response_received, h2.events.ResponseReceived)
+        assert isinstance(stream_ended, h2.events.StreamEnded)
+
+        rst_stream_frame = frame_factory.build_rst_stream_frame(stream_id=1)
+        events = c.receive_data(rst_stream_frame.serialize())
+        assert not events
+
+    def test_receive_window_update_on_closed_stream(self, frame_factory):
+        """
+        WINDOW_UPDATE frame should be ignored if stream is in a closed state.
+        See RFC 7540 Section 5.1 (closed state)
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+
+        # Client sends request
+        c.send_headers(1, self.example_request_headers)
+
+        # Some time passes and client sends DATA frame and closes stream,
+        # so it is in a half-closed state
+        c.send_data(1, b'some data', end_stream=True)
+
+        # Server received HEADERS frame but DATA frame is still on the way.
+        # Stream is in open state on the server-side. In this state server is
+        # allowed to end stream and after that acknowledge received data by
+        # sending WINDOW_UPDATE frames.
+        headers_frame = frame_factory.build_headers_frame(
+            [(':status', '200')],
+            flags=['END_STREAM'],
+            stream_id=1,
+        )
+        events = c.receive_data(headers_frame.serialize())
+        assert len(events) == 2
+        response_received, stream_ended = events
+        assert isinstance(response_received, h2.events.ResponseReceived)
+        assert isinstance(stream_ended, h2.events.StreamEnded)
+
+        window_update_frame = frame_factory.build_window_update_frame(
+            stream_id=1,
+            increment=1,
+        )
+        events = c.receive_data(window_update_frame.serialize())
+        assert not events
+
+
+class TestStreamsClosedByEndStream(object):
+    example_request_headers = [
+        (':authority', 'example.com'),
+        (':path', '/'),
+        (':scheme', 'https'),
+        (':method', 'GET'),
+    ]
+    example_response_headers = [
+        (':status', '200'),
+        ('server', 'fake-serv/0.1.0')
+    ]
+    server_config = h2.config.H2Configuration(client_side=False)
+
+    @pytest.mark.parametrize(
+        "frame",
+        [
+            lambda self, ff: ff.build_headers_frame(
+                self.example_request_headers, flags=['END_STREAM']),
+            lambda self, ff: ff.build_headers_frame(
+                self.example_request_headers),
+        ]
+    )
+    @pytest.mark.parametrize("clear_streams", [True, False])
+    def test_frames_after_recv_end_will_error(self,
+                                              frame_factory,
+                                              frame,
+                                              clear_streams):
+        """
+        A stream that is closed by receiving END_STREAM raises
+        ProtocolError when it receives an unexpected frame.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        c.initiate_connection()
+
+        f = frame_factory.build_headers_frame(
+            self.example_request_headers, flags=['END_STREAM']
+        )
+        c.receive_data(f.serialize())
+        c.send_headers(
+            stream_id=1,
+            headers=self.example_response_headers,
+            end_stream=True
+        )
+
+        if clear_streams:
+            # Call open_inbound_streams to force the connection to clean
+            # closed streams.
+            c.open_inbound_streams
+
+        c.clear_outbound_data_buffer()
+
+        f = frame(self, frame_factory)
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(f.serialize())
+
+        f = frame_factory.build_goaway_frame(
+            last_stream_id=1,
+            error_code=h2.errors.ErrorCodes.STREAM_CLOSED,
+        )
+        assert c.data_to_send() == f.serialize()
+
+    @pytest.mark.parametrize(
+        "frame",
+        [
+            lambda self, ff: ff.build_headers_frame(
+                self.example_response_headers, flags=['END_STREAM']),
+            lambda self, ff: ff.build_headers_frame(
+                self.example_response_headers),
+        ]
+    )
+    @pytest.mark.parametrize("clear_streams", [True, False])
+    def test_frames_after_send_end_will_error(self,
+                                              frame_factory,
+                                              frame,
+                                              clear_streams):
+        """
+        A stream that is closed by sending END_STREAM raises
+        ProtocolError when it receives an unexpected frame.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers,
+                       end_stream=True)
+
+        f = frame_factory.build_headers_frame(
+            self.example_response_headers, flags=['END_STREAM']
+        )
+        c.receive_data(f.serialize())
+
+        if clear_streams:
+            # Call open_outbound_streams to force the connection to clean
+            # closed streams.
+            c.open_outbound_streams
+
+        c.clear_outbound_data_buffer()
+
+        f = frame(self, frame_factory)
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(f.serialize())
+
+        f = frame_factory.build_goaway_frame(
+            last_stream_id=0,
+            error_code=h2.errors.ErrorCodes.STREAM_CLOSED,
+        )
+        assert c.data_to_send() == f.serialize()
+
+    @pytest.mark.parametrize(
+        "frame",
+        [
+            lambda self, ff: ff.build_window_update_frame(1, 1),
+            lambda self, ff: ff.build_rst_stream_frame(1)
+        ]
+    )
+    def test_frames_after_send_end_will_be_ignored(self,
+                                                   frame_factory,
+                                                   frame):
+        """
+        A stream that is closed by sending END_STREAM will raise
+        ProtocolError when received unexpected frame.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        c.initiate_connection()
+
+        f = frame_factory.build_headers_frame(
+            self.example_request_headers, flags=['END_STREAM']
+        )
+        c.receive_data(f.serialize())
+        c.send_headers(
+            stream_id=1,
+            headers=self.example_response_headers,
+            end_stream=True
+        )
+
+        c.clear_outbound_data_buffer()
+
+        f = frame(self, frame_factory)
+        events = c.receive_data(f.serialize())
+
+        assert not events
+
+
+class TestStreamsClosedByRstStream(object):
+    example_request_headers = [
+        (':authority', 'example.com'),
+        (':path', '/'),
+        (':scheme', 'https'),
+        (':method', 'GET'),
+    ]
+    example_response_headers = [
+        (':status', '200'),
+        ('server', 'fake-serv/0.1.0')
+    ]
+    server_config = h2.config.H2Configuration(client_side=False)
+
+    @pytest.mark.parametrize(
+        "frame",
+        [
+            lambda self, ff: ff.build_headers_frame(
+                self.example_request_headers),
+            lambda self, ff: ff.build_headers_frame(
+                self.example_request_headers, flags=['END_STREAM']),
+        ]
+    )
+    def test_resets_further_frames_after_recv_reset(self,
+                                                    frame_factory,
+                                                    frame):
+        """
+        A stream that is closed by receive RST_STREAM can receive further
+        frames: it simply sends RST_STREAM for it, and additionally
+        WINDOW_UPDATE for DATA frames.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        c.initiate_connection()
+
+        header_frame = frame_factory.build_headers_frame(
+            self.example_request_headers, flags=['END_STREAM']
+        )
+        c.receive_data(header_frame.serialize())
+
+        c.send_headers(
+            stream_id=1,
+            headers=self.example_response_headers,
+            end_stream=False
+        )
+
+        rst_frame = frame_factory.build_rst_stream_frame(
+            1, h2.errors.ErrorCodes.STREAM_CLOSED
+        )
+        c.receive_data(rst_frame.serialize())
+        c.clear_outbound_data_buffer()
+
+        f = frame(self, frame_factory)
+        events = c.receive_data(f.serialize())
+
+        rst_frame = frame_factory.build_rst_stream_frame(
+            1, h2.errors.ErrorCodes.STREAM_CLOSED
+        )
+        assert not events
+        assert c.data_to_send() == rst_frame.serialize()
+
+        events = c.receive_data(f.serialize() * 3)
+        assert not events
+        assert c.data_to_send() == rst_frame.serialize() * 3
+
+        # Iterate over the streams to make sure it's gone, then confirm the
+        # behaviour is unchanged.
+        c.open_outbound_streams
+
+        events = c.receive_data(f.serialize() * 3)
+        assert not events
+        assert c.data_to_send() == rst_frame.serialize() * 3
+
+    def test_resets_further_data_frames_after_recv_reset(self,
+                                                         frame_factory):
+        """
+        A stream that is closed by receive RST_STREAM can receive further
+        DATA frames: it simply sends WINDOW_UPDATE for the connection flow
+        window, and RST_STREAM for the stream.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        c.initiate_connection()
+
+        header_frame = frame_factory.build_headers_frame(
+            self.example_request_headers, flags=['END_STREAM']
+        )
+        c.receive_data(header_frame.serialize())
+
+        c.send_headers(
+            stream_id=1,
+            headers=self.example_response_headers,
+            end_stream=False
+        )
+
+        rst_frame = frame_factory.build_rst_stream_frame(
+            1, h2.errors.ErrorCodes.STREAM_CLOSED
+        )
+        c.receive_data(rst_frame.serialize())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_data_frame(
+            data=b'some data'
+        )
+
+        events = c.receive_data(f.serialize())
+        assert not events
+
+        expected = frame_factory.build_rst_stream_frame(
+            stream_id=1,
+            error_code=h2.errors.ErrorCodes.STREAM_CLOSED,
+        ).serialize()
+        assert c.data_to_send() == expected
+
+        events = c.receive_data(f.serialize() * 3)
+        assert not events
+        assert c.data_to_send() == expected * 3
+
+        # Iterate over the streams to make sure it's gone, then confirm the
+        # behaviour is unchanged.
+        c.open_outbound_streams
+
+        events = c.receive_data(f.serialize() * 3)
+        assert not events
+        assert c.data_to_send() == expected * 3
+
+    @pytest.mark.parametrize(
+        "frame",
+        [
+            lambda self, ff: ff.build_headers_frame(
+                self.example_request_headers),
+            lambda self, ff: ff.build_headers_frame(
+                self.example_request_headers, flags=['END_STREAM']),
+        ]
+    )
+    def test_resets_further_frames_after_send_reset(self,
+                                                    frame_factory,
+                                                    frame):
+        """
+        A stream that is closed by sent RST_STREAM can receive further frames:
+        it simply sends RST_STREAM for it.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        c.initiate_connection()
+
+        header_frame = frame_factory.build_headers_frame(
+            self.example_request_headers, flags=['END_STREAM']
+        )
+        c.receive_data(header_frame.serialize())
+
+        c.send_headers(
+            stream_id=1,
+            headers=self.example_response_headers,
+            end_stream=False
+        )
+
+        c.reset_stream(1, h2.errors.ErrorCodes.INTERNAL_ERROR)
+
+        rst_frame = frame_factory.build_rst_stream_frame(
+            1, h2.errors.ErrorCodes.STREAM_CLOSED
+        )
+        c.clear_outbound_data_buffer()
+
+        f = frame(self, frame_factory)
+        events = c.receive_data(f.serialize())
+
+        rst_frame = frame_factory.build_rst_stream_frame(
+            1, h2.errors.ErrorCodes.STREAM_CLOSED
+        )
+        assert not events
+        assert c.data_to_send() == rst_frame.serialize()
+
+        events = c.receive_data(f.serialize() * 3)
+        assert not events
+        assert c.data_to_send() == rst_frame.serialize() * 3
+
+        # Iterate over the streams to make sure it's gone, then confirm the
+        # behaviour is unchanged.
+        c.open_outbound_streams
+
+        events = c.receive_data(f.serialize() * 3)
+        assert not events
+        assert c.data_to_send() == rst_frame.serialize() * 3
+
+    def test_resets_further_data_frames_after_send_reset(self,
+                                                         frame_factory):
+        """
+        A stream that is closed by sent RST_STREAM can receive further
+        data frames: it simply sends WINDOW_UPDATE and RST_STREAM for it.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        c.initiate_connection()
+
+        header_frame = frame_factory.build_headers_frame(
+            self.example_request_headers, flags=['END_STREAM']
+        )
+        c.receive_data(header_frame.serialize())
+
+        c.send_headers(
+            stream_id=1,
+            headers=self.example_response_headers,
+            end_stream=False
+        )
+
+        c.reset_stream(1, h2.errors.ErrorCodes.INTERNAL_ERROR)
+
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_data_frame(
+            data=b'some data'
+        )
+        events = c.receive_data(f.serialize())
+        assert not events
+        expected = frame_factory.build_rst_stream_frame(
+            stream_id=1,
+            error_code=h2.errors.ErrorCodes.STREAM_CLOSED,
+        ).serialize()
+        assert c.data_to_send() == expected
+
+        events = c.receive_data(f.serialize() * 3)
+        assert not events
+        assert c.data_to_send() == expected * 3
+
+        # Iterate over the streams to make sure it's gone, then confirm the
+        # behaviour is unchanged.
+        c.open_outbound_streams
+
+        events = c.receive_data(f.serialize() * 3)
+        assert not events
+        assert c.data_to_send() == expected * 3
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_complex_logic.py b/testing/web-platform/tests/tools/third_party/h2/test/test_complex_logic.py
new file mode 100644
index 0000000000..ff90bb8bf2
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_complex_logic.py
@@ -0,0 +1,586 @@
+# -*- coding: utf-8 -*-
+"""
+test_complex_logic
+~~~~~~~~~~~~~~~~
+
+More complex tests that try to do more.
+
+Certain tests don't really eliminate incorrect behaviour unless they do quite
+a bit. These tests should live here, to keep the pain in once place rather than
+hide it in the other parts of the test suite.
+"""
+import pytest
+
+import h2
+import h2.config
+import h2.connection
+
+
+class TestComplexClient(object):
+    """
+    Complex tests for client-side stacks.
+    """
+    example_request_headers = [
+        (':authority', 'example.com'),
+        (':path', '/'),
+        (':scheme', 'https'),
+        (':method', 'GET'),
+    ]
+    example_response_headers = [
+        (':status', '200'),
+        ('server', 'fake-serv/0.1.0')
+    ]
+
+    def test_correctly_count_server_streams(self, frame_factory):
+        """
+        We correctly count the number of server streams, both inbound and
+        outbound.
+        """
+        # This test makes no sense unless you do both inbound and outbound,
+        # because it's important to confirm that we count them correctly.
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        expected_inbound_streams = expected_outbound_streams = 0
+
+        assert c.open_inbound_streams == expected_inbound_streams
+        assert c.open_outbound_streams == expected_outbound_streams
+
+        for stream_id in range(1, 15, 2):
+            # Open an outbound stream
+            c.send_headers(stream_id, self.example_request_headers)
+            expected_outbound_streams += 1
+            assert c.open_inbound_streams == expected_inbound_streams
+            assert c.open_outbound_streams == expected_outbound_streams
+
+            # Receive a pushed stream (to create an inbound one). This doesn't
+            # open until we also receive headers.
+            f = frame_factory.build_push_promise_frame(
+                stream_id=stream_id,
+                promised_stream_id=stream_id+1,
+                headers=self.example_request_headers,
+            )
+            c.receive_data(f.serialize())
+            assert c.open_inbound_streams == expected_inbound_streams
+            assert c.open_outbound_streams == expected_outbound_streams
+
+            f = frame_factory.build_headers_frame(
+                stream_id=stream_id+1,
+                headers=self.example_response_headers,
+            )
+            c.receive_data(f.serialize())
+            expected_inbound_streams += 1
+            assert c.open_inbound_streams == expected_inbound_streams
+            assert c.open_outbound_streams == expected_outbound_streams
+
+        for stream_id in range(13, 0, -2):
+            # Close an outbound stream.
+            c.end_stream(stream_id)
+
+            # Stream doesn't close until both sides close it.
+            assert c.open_inbound_streams == expected_inbound_streams
+            assert c.open_outbound_streams == expected_outbound_streams
+
+            f = frame_factory.build_headers_frame(
+                stream_id=stream_id,
+                headers=self.example_response_headers,
+                flags=['END_STREAM'],
+            )
+            c.receive_data(f.serialize())
+            expected_outbound_streams -= 1
+            assert c.open_inbound_streams == expected_inbound_streams
+            assert c.open_outbound_streams == expected_outbound_streams
+
+            # Pushed streams can only be closed remotely.
+            f = frame_factory.build_data_frame(
+                stream_id=stream_id+1,
+                data=b'the content',
+                flags=['END_STREAM'],
+            )
+            c.receive_data(f.serialize())
+            expected_inbound_streams -= 1
+            assert c.open_inbound_streams == expected_inbound_streams
+            assert c.open_outbound_streams == expected_outbound_streams
+
+        assert c.open_inbound_streams == 0
+        assert c.open_outbound_streams == 0
+
+
+class TestComplexServer(object):
+    """
+    Complex tests for server-side stacks.
+    """
+    example_request_headers = [
+        (b':authority', b'example.com'),
+        (b':path', b'/'),
+        (b':scheme', b'https'),
+        (b':method', b'GET'),
+    ]
+    example_response_headers = [
+        (b':status', b'200'),
+        (b'server', b'fake-serv/0.1.0')
+    ]
+    server_config = h2.config.H2Configuration(client_side=False)
+
+    def test_correctly_count_server_streams(self, frame_factory):
+        """
+        We correctly count the number of server streams, both inbound and
+        outbound.
+        """
+        # This test makes no sense unless you do both inbound and outbound,
+        # because it's important to confirm that we count them correctly.
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        expected_inbound_streams = expected_outbound_streams = 0
+
+        assert c.open_inbound_streams == expected_inbound_streams
+        assert c.open_outbound_streams == expected_outbound_streams
+
+        for stream_id in range(1, 15, 2):
+            # Receive an inbound stream.
+            f = frame_factory.build_headers_frame(
+                headers=self.example_request_headers,
+                stream_id=stream_id,
+            )
+            c.receive_data(f.serialize())
+            expected_inbound_streams += 1
+            assert c.open_inbound_streams == expected_inbound_streams
+            assert c.open_outbound_streams == expected_outbound_streams
+
+            # Push a stream (to create a outbound one). This doesn't open
+            # until we send our response headers.
+            c.push_stream(stream_id, stream_id+1, self.example_request_headers)
+            assert c.open_inbound_streams == expected_inbound_streams
+            assert c.open_outbound_streams == expected_outbound_streams
+
+            c.send_headers(stream_id+1, self.example_response_headers)
+            expected_outbound_streams += 1
+            assert c.open_inbound_streams == expected_inbound_streams
+            assert c.open_outbound_streams == expected_outbound_streams
+
+        for stream_id in range(13, 0, -2):
+            # Close an inbound stream.
+            f = frame_factory.build_data_frame(
+                data=b'',
+                flags=['END_STREAM'],
+                stream_id=stream_id,
+            )
+            c.receive_data(f.serialize())
+
+            # Stream doesn't close until both sides close it.
+            assert c.open_inbound_streams == expected_inbound_streams
+            assert c.open_outbound_streams == expected_outbound_streams
+
+            c.send_data(stream_id, b'', end_stream=True)
+            expected_inbound_streams -= 1
+            assert c.open_inbound_streams == expected_inbound_streams
+            assert c.open_outbound_streams == expected_outbound_streams
+
+            # Pushed streams, however, we can close ourselves.
+            c.send_data(
+                stream_id=stream_id+1,
+                data=b'',
+                end_stream=True,
+            )
+            expected_outbound_streams -= 1
+            assert c.open_inbound_streams == expected_inbound_streams
+            assert c.open_outbound_streams == expected_outbound_streams
+
+        assert c.open_inbound_streams == 0
+        assert c.open_outbound_streams == 0
+
+
+class TestContinuationFrames(object):
+    """
+    Tests for the relatively complex CONTINUATION frame logic.
+    """
+    example_request_headers = [
+        (b':authority', b'example.com'),
+        (b':path', b'/'),
+        (b':scheme', b'https'),
+        (b':method', b'GET'),
+    ]
+    server_config = h2.config.H2Configuration(client_side=False)
+
+    def _build_continuation_sequence(self, headers, block_size, frame_factory):
+        f = frame_factory.build_headers_frame(headers)
+        header_data = f.data
+        chunks = [
+            header_data[x:x+block_size]
+            for x in range(0, len(header_data), block_size)
+        ]
+        f.data = chunks.pop(0)
+        frames = [
+            frame_factory.build_continuation_frame(c) for c in chunks
+        ]
+        f.flags = {'END_STREAM'}
+        frames[-1].flags.add('END_HEADERS')
+        frames.insert(0, f)
+        return frames
+
+    def test_continuation_frame_basic(self, frame_factory):
+        """
+        Test that we correctly decode a header block split across continuation
+        frames.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        frames = self._build_continuation_sequence(
+            headers=self.example_request_headers,
+            block_size=5,
+            frame_factory=frame_factory,
+        )
+        data = b''.join(f.serialize() for f in frames)
+        events = c.receive_data(data)
+
+        assert len(events) == 2
+        first_event, second_event = events
+
+        assert isinstance(first_event, h2.events.RequestReceived)
+        assert first_event.headers == self.example_request_headers
+        assert first_event.stream_id == 1
+
+        assert isinstance(second_event, h2.events.StreamEnded)
+        assert second_event.stream_id == 1
+
+    @pytest.mark.parametrize('stream_id', [3, 1])
+    def test_continuation_cannot_interleave_headers(self,
+                                                    frame_factory,
+                                                    stream_id):
+        """
+        We cannot interleave a new headers block with a CONTINUATION sequence.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        frames = self._build_continuation_sequence(
+            headers=self.example_request_headers,
+            block_size=5,
+            frame_factory=frame_factory,
+        )
+        assert len(frames) > 2  # This is mostly defensive.
+
+        bogus_frame = frame_factory.build_headers_frame(
+            headers=self.example_request_headers,
+            stream_id=stream_id,
+            flags=['END_STREAM'],
+        )
+        frames.insert(len(frames) - 2, bogus_frame)
+        data = b''.join(f.serialize() for f in frames)
+
+        with pytest.raises(h2.exceptions.ProtocolError) as e:
+            c.receive_data(data)
+
+        assert "invalid frame" in str(e.value).lower()
+
+    def test_continuation_cannot_interleave_data(self, frame_factory):
+        """
+        We cannot interleave a data frame with a CONTINUATION sequence.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        frames = self._build_continuation_sequence(
+            headers=self.example_request_headers,
+            block_size=5,
+            frame_factory=frame_factory,
+        )
+        assert len(frames) > 2  # This is mostly defensive.
+
+        bogus_frame = frame_factory.build_data_frame(
+            data=b'hello',
+            stream_id=1,
+        )
+        frames.insert(len(frames) - 2, bogus_frame)
+        data = b''.join(f.serialize() for f in frames)
+
+        with pytest.raises(h2.exceptions.ProtocolError) as e:
+            c.receive_data(data)
+
+        assert "invalid frame" in str(e.value).lower()
+
+    def test_continuation_cannot_interleave_unknown_frame(self, frame_factory):
+        """
+        We cannot interleave an unknown frame with a CONTINUATION sequence.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        frames = self._build_continuation_sequence(
+            headers=self.example_request_headers,
+            block_size=5,
+            frame_factory=frame_factory,
+        )
+        assert len(frames) > 2  # This is mostly defensive.
+
+        bogus_frame = frame_factory.build_data_frame(
+            data=b'hello',
+            stream_id=1,
+        )
+        bogus_frame.type = 88
+        frames.insert(len(frames) - 2, bogus_frame)
+        data = b''.join(f.serialize() for f in frames)
+
+        with pytest.raises(h2.exceptions.ProtocolError) as e:
+            c.receive_data(data)
+
+        assert "invalid frame" in str(e.value).lower()
+
+    def test_continuation_frame_multiple_blocks(self, frame_factory):
+        """
+        Test that we correctly decode several header blocks split across
+        continuation frames.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        for stream_id in range(1, 7, 2):
+            frames = self._build_continuation_sequence(
+                headers=self.example_request_headers,
+                block_size=2,
+                frame_factory=frame_factory,
+            )
+            for frame in frames:
+                frame.stream_id = stream_id
+
+            data = b''.join(f.serialize() for f in frames)
+            events = c.receive_data(data)
+
+            assert len(events) == 2
+            first_event, second_event = events
+
+            assert isinstance(first_event, h2.events.RequestReceived)
+            assert first_event.headers == self.example_request_headers
+            assert first_event.stream_id == stream_id
+
+            assert isinstance(second_event, h2.events.StreamEnded)
+            assert second_event.stream_id == stream_id
+
+
+class TestContinuationFramesPushPromise(object):
+    """
+    Tests for the relatively complex CONTINUATION frame logic working with
+    PUSH_PROMISE frames.
+    """
+    example_request_headers = [
+        (b':authority', b'example.com'),
+        (b':path', b'/'),
+        (b':scheme', b'https'),
+        (b':method', b'GET'),
+    ]
+    example_response_headers = [
+        (b':status', b'200'),
+        (b'server', b'fake-serv/0.1.0')
+    ]
+
+    def _build_continuation_sequence(self, headers, block_size, frame_factory):
+        f = frame_factory.build_push_promise_frame(
+            stream_id=1, promised_stream_id=2, headers=headers
+        )
+        header_data = f.data
+        chunks = [
+            header_data[x:x+block_size]
+            for x in range(0, len(header_data), block_size)
+        ]
+        f.data = chunks.pop(0)
+        frames = [
+            frame_factory.build_continuation_frame(c) for c in chunks
+        ]
+        f.flags = {'END_STREAM'}
+        frames[-1].flags.add('END_HEADERS')
+        frames.insert(0, f)
+        return frames
+
+    def test_continuation_frame_basic_push_promise(self, frame_factory):
+        """
+        Test that we correctly decode a header block split across continuation
+        frames when that header block is initiated with a PUSH_PROMISE.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+
+        frames = self._build_continuation_sequence(
+            headers=self.example_request_headers,
+            block_size=5,
+            frame_factory=frame_factory,
+        )
+        data = b''.join(f.serialize() for f in frames)
+        events = c.receive_data(data)
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.PushedStreamReceived)
+        assert event.headers == self.example_request_headers
+        assert event.parent_stream_id == 1
+        assert event.pushed_stream_id == 2
+
+    @pytest.mark.parametrize('stream_id', [3, 1, 2])
+    def test_continuation_cannot_interleave_headers_pp(self,
+                                                       frame_factory,
+                                                       stream_id):
+        """
+        We cannot interleave a new headers block with a CONTINUATION sequence
+        when the headers block is based on a PUSH_PROMISE frame.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+
+        frames = self._build_continuation_sequence(
+            headers=self.example_request_headers,
+            block_size=5,
+            frame_factory=frame_factory,
+        )
+        assert len(frames) > 2  # This is mostly defensive.
+
+        bogus_frame = frame_factory.build_headers_frame(
+            headers=self.example_response_headers,
+            stream_id=stream_id,
+            flags=['END_STREAM'],
+        )
+        frames.insert(len(frames) - 2, bogus_frame)
+        data = b''.join(f.serialize() for f in frames)
+
+        with pytest.raises(h2.exceptions.ProtocolError) as e:
+            c.receive_data(data)
+
+        assert "invalid frame" in str(e.value).lower()
+
+    def test_continuation_cannot_interleave_data(self, frame_factory):
+        """
+        We cannot interleave a data frame with a CONTINUATION sequence when
+        that sequence began with a PUSH_PROMISE frame.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+
+        frames = self._build_continuation_sequence(
+            headers=self.example_request_headers,
+            block_size=5,
+            frame_factory=frame_factory,
+        )
+        assert len(frames) > 2  # This is mostly defensive.
+
+        bogus_frame = frame_factory.build_data_frame(
+            data=b'hello',
+            stream_id=1,
+        )
+        frames.insert(len(frames) - 2, bogus_frame)
+        data = b''.join(f.serialize() for f in frames)
+
+        with pytest.raises(h2.exceptions.ProtocolError) as e:
+            c.receive_data(data)
+
+        assert "invalid frame" in str(e.value).lower()
+
+    def test_continuation_cannot_interleave_unknown_frame(self, frame_factory):
+        """
+        We cannot interleave an unknown frame with a CONTINUATION sequence when
+        that sequence began with a PUSH_PROMISE frame.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+
+        frames = self._build_continuation_sequence(
+            headers=self.example_request_headers,
+            block_size=5,
+            frame_factory=frame_factory,
+        )
+        assert len(frames) > 2  # This is mostly defensive.
+
+        bogus_frame = frame_factory.build_data_frame(
+            data=b'hello',
+            stream_id=1,
+        )
+        bogus_frame.type = 88
+        frames.insert(len(frames) - 2, bogus_frame)
+        data = b''.join(f.serialize() for f in frames)
+
+        with pytest.raises(h2.exceptions.ProtocolError) as e:
+            c.receive_data(data)
+
+        assert "invalid frame" in str(e.value).lower()
+
+    @pytest.mark.parametrize('evict', [True, False])
+    def test_stream_remotely_closed_disallows_push_promise(self,
+                                                           evict,
+                                                           frame_factory):
+        """
+        Streams closed normally by the remote peer disallow PUSH_PROMISE
+        frames, and cause a GOAWAY.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(
+            stream_id=1,
+            headers=self.example_request_headers,
+            end_stream=True
+        )
+
+        f = frame_factory.build_headers_frame(
+            stream_id=1,
+            headers=self.example_response_headers,
+            flags=['END_STREAM']
+        )
+        c.receive_data(f.serialize())
+        c.clear_outbound_data_buffer()
+
+        if evict:
+            # This is annoyingly stateful, but enumerating the list of open
+            # streams will force us to flush state.
+            assert not c.open_outbound_streams
+
+        f = frame_factory.build_push_promise_frame(
+            stream_id=1,
+            promised_stream_id=2,
+            headers=self.example_request_headers,
+        )
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(f.serialize())
+
+        f = frame_factory.build_goaway_frame(
+            last_stream_id=0,
+            error_code=h2.errors.ErrorCodes.PROTOCOL_ERROR,
+        )
+        assert c.data_to_send() == f.serialize()
+
+    def test_continuation_frame_multiple_push_promise(self, frame_factory):
+        """
+        Test that we correctly decode  header blocks split across continuation
+        frames when those header block is initiated with a PUSH_PROMISE, for
+        more than one pushed stream.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+
+        for promised_stream_id in range(2, 8, 2):
+            frames = self._build_continuation_sequence(
+                headers=self.example_request_headers,
+                block_size=2,
+                frame_factory=frame_factory,
+            )
+            frames[0].promised_stream_id = promised_stream_id
+            data = b''.join(f.serialize() for f in frames)
+            events = c.receive_data(data)
+
+            assert len(events) == 1
+            event = events[0]
+
+            assert isinstance(event, h2.events.PushedStreamReceived)
+            assert event.headers == self.example_request_headers
+            assert event.parent_stream_id == 1
+            assert event.pushed_stream_id == promised_stream_id
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_config.py b/testing/web-platform/tests/tools/third_party/h2/test/test_config.py
new file mode 100644
index 0000000000..8eb7fdc862
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_config.py
@@ -0,0 +1,130 @@
+# -*- coding: utf-8 -*-
+"""
+test_config
+~~~~~~~~~~~
+
+Test the configuration object.
+"""
+import logging
+import pytest
+
+import h2.config
+
+
+class TestH2Config(object):
+    """
+    Tests of the H2 config object.
+    """
+    def test_defaults(self):
+        """
+        The default values of the HTTP/2 config object are sensible.
+        """
+        config = h2.config.H2Configuration()
+        assert config.client_side
+        assert config.header_encoding is None
+        assert isinstance(config.logger, h2.config.DummyLogger)
+
+    boolean_config_options = [
+        'client_side',
+        'validate_outbound_headers',
+        'normalize_outbound_headers',
+        'validate_inbound_headers',
+        'normalize_inbound_headers',
+    ]
+
+    @pytest.mark.parametrize('option_name', boolean_config_options)
+    @pytest.mark.parametrize('value', [None, 'False', 1])
+    def test_boolean_config_options_reject_non_bools_init(
+        self, option_name, value
+    ):
+        """
+        The boolean config options raise an error if you try to set a value
+        that isn't a boolean via the initializer.
+        """
+        with pytest.raises(ValueError):
+            h2.config.H2Configuration(**{option_name: value})
+
+    @pytest.mark.parametrize('option_name', boolean_config_options)
+    @pytest.mark.parametrize('value', [None, 'False', 1])
+    def test_boolean_config_options_reject_non_bools_attr(
+        self, option_name, value
+    ):
+        """
+        The boolean config options raise an error if you try to set a value
+        that isn't a boolean via attribute setter.
+        """
+        config = h2.config.H2Configuration()
+        with pytest.raises(ValueError):
+            setattr(config, option_name, value)
+
+    @pytest.mark.parametrize('option_name', boolean_config_options)
+    @pytest.mark.parametrize('value', [True, False])
+    def test_boolean_config_option_is_reflected_init(self, option_name, value):
+        """
+        The value of the boolean config options, when set, is reflected
+        in the value via the initializer.
+        """
+        config = h2.config.H2Configuration(**{option_name: value})
+        assert getattr(config, option_name) == value
+
+    @pytest.mark.parametrize('option_name', boolean_config_options)
+    @pytest.mark.parametrize('value', [True, False])
+    def test_boolean_config_option_is_reflected_attr(self, option_name, value):
+        """
+        The value of the boolean config options, when set, is reflected
+        in the value via attribute setter.
+        """
+        config = h2.config.H2Configuration()
+        setattr(config, option_name, value)
+        assert getattr(config, option_name) == value
+
+    @pytest.mark.parametrize('header_encoding', [True, 1, object()])
+    def test_header_encoding_must_be_false_str_none_init(
+        self, header_encoding
+    ):
+        """
+        The value of the ``header_encoding`` setting must be False, a string,
+        or None via the initializer.
+        """
+        with pytest.raises(ValueError):
+            h2.config.H2Configuration(header_encoding=header_encoding)
+
+    @pytest.mark.parametrize('header_encoding', [True, 1, object()])
+    def test_header_encoding_must_be_false_str_none_attr(
+        self, header_encoding
+    ):
+        """
+        The value of the ``header_encoding`` setting must be False, a string,
+        or None via attribute setter.
+        """
+        config = h2.config.H2Configuration()
+        with pytest.raises(ValueError):
+            config.header_encoding = header_encoding
+
+    @pytest.mark.parametrize('header_encoding', [False, 'ascii', None])
+    def test_header_encoding_is_reflected_init(self, header_encoding):
+        """
+        The value of ``header_encoding``, when set, is reflected in the value
+        via the initializer.
+        """
+        config = h2.config.H2Configuration(header_encoding=header_encoding)
+        assert config.header_encoding == header_encoding
+
+    @pytest.mark.parametrize('header_encoding', [False, 'ascii', None])
+    def test_header_encoding_is_reflected_attr(self, header_encoding):
+        """
+        The value of ``header_encoding``, when set, is reflected in the value
+        via the attribute setter.
+        """
+        config = h2.config.H2Configuration()
+        config.header_encoding = header_encoding
+        assert config.header_encoding == header_encoding
+
+    def test_logger_instance_is_reflected(self):
+        """
+        The value of ``logger``, when set, is reflected in the value.
+        """
+        logger = logging.Logger('hyper-h2.test')
+        config = h2.config.H2Configuration()
+        config.logger = logger
+        assert config.logger is logger
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_events.py b/testing/web-platform/tests/tools/third_party/h2/test/test_events.py
new file mode 100644
index 0000000000..a6e8d83790
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_events.py
@@ -0,0 +1,367 @@
+# -*- coding: utf-8 -*-
+"""
+test_events.py
+~~~~~~~~~~~~~~
+
+Specific tests for any function that is logically self-contained as part of
+events.py.
+"""
+import inspect
+import sys
+
+from hypothesis import given
+from hypothesis.strategies import (
+    integers, lists, tuples
+)
+import pytest
+
+import h2.errors
+import h2.events
+import h2.settings
+
+
+# We define a fairly complex Hypothesis strategy here. We want to build a list
+# of two tuples of (Setting, value). For Setting we want to make sure we can
+# handle settings that the rest of hyper knows nothing about, so we want to
+# use integers from 0 to (2**16-1). For values, they're from 0 to (2**32-1).
+# Define that strategy here for clarity.
+SETTINGS_STRATEGY = lists(
+    tuples(
+        integers(min_value=0, max_value=2**16-1),
+        integers(min_value=0, max_value=2**32-1),
+    )
+)
+
+
+class TestRemoteSettingsChanged(object):
+    """
+    Validate the function of the RemoteSettingsChanged event.
+    """
+    @given(SETTINGS_STRATEGY)
+    def test_building_settings_from_scratch(self, settings_list):
+        """
+        Missing old settings are defaulted to None.
+        """
+        settings_dict = dict(settings_list)
+        e = h2.events.RemoteSettingsChanged.from_settings(
+            old_settings={},
+            new_settings=settings_dict,
+        )
+
+        for setting, new_value in settings_dict.items():
+            assert e.changed_settings[setting].setting == setting
+            assert e.changed_settings[setting].original_value is None
+            assert e.changed_settings[setting].new_value == new_value
+
+    @given(SETTINGS_STRATEGY, SETTINGS_STRATEGY)
+    def test_only_reports_changed_settings(self,
+                                           old_settings_list,
+                                           new_settings_list):
+        """
+        Settings that were not changed are not reported.
+        """
+        old_settings_dict = dict(old_settings_list)
+        new_settings_dict = dict(new_settings_list)
+        e = h2.events.RemoteSettingsChanged.from_settings(
+            old_settings=old_settings_dict,
+            new_settings=new_settings_dict,
+        )
+
+        assert len(e.changed_settings) == len(new_settings_dict)
+        assert (
+            sorted(list(e.changed_settings.keys())) ==
+            sorted(list(new_settings_dict.keys()))
+        )
+
+    @given(SETTINGS_STRATEGY, SETTINGS_STRATEGY)
+    def test_correctly_reports_changed_settings(self,
+                                                old_settings_list,
+                                                new_settings_list):
+        """
+        Settings that are changed are correctly reported.
+        """
+        old_settings_dict = dict(old_settings_list)
+        new_settings_dict = dict(new_settings_list)
+        e = h2.events.RemoteSettingsChanged.from_settings(
+            old_settings=old_settings_dict,
+            new_settings=new_settings_dict,
+        )
+
+        for setting, new_value in new_settings_dict.items():
+            original_value = old_settings_dict.get(setting)
+            assert e.changed_settings[setting].setting == setting
+            assert e.changed_settings[setting].original_value == original_value
+            assert e.changed_settings[setting].new_value == new_value
+
+
+class TestEventReprs(object):
+    """
+    Events have useful representations.
+    """
+    example_request_headers = [
+        (':authority', 'example.com'),
+        (':path', '/'),
+        (':scheme', 'https'),
+        (':method', 'GET'),
+    ]
+    example_informational_headers = [
+        (':status', '100'),
+        ('server', 'fake-serv/0.1.0')
+    ]
+    example_response_headers = [
+        (':status', '200'),
+        ('server', 'fake-serv/0.1.0')
+    ]
+
+    def test_requestreceived_repr(self):
+        """
+        RequestReceived has a useful debug representation.
+        """
+        e = h2.events.RequestReceived()
+        e.stream_id = 5
+        e.headers = self.example_request_headers
+
+        assert repr(e) == (
+            "<RequestReceived stream_id:5, headers:["
+            "(':authority', 'example.com'), "
+            "(':path', '/'), "
+            "(':scheme', 'https'), "
+            "(':method', 'GET')]>"
+        )
+
+    def test_responsereceived_repr(self):
+        """
+        ResponseReceived has a useful debug representation.
+        """
+        e = h2.events.ResponseReceived()
+        e.stream_id = 500
+        e.headers = self.example_response_headers
+
+        assert repr(e) == (
+            "<ResponseReceived stream_id:500, headers:["
+            "(':status', '200'), "
+            "('server', 'fake-serv/0.1.0')]>"
+        )
+
+    def test_trailersreceived_repr(self):
+        """
+        TrailersReceived has a useful debug representation.
+        """
+        e = h2.events.TrailersReceived()
+        e.stream_id = 62
+        e.headers = self.example_response_headers
+
+        assert repr(e) == (
+            "<TrailersReceived stream_id:62, headers:["
+            "(':status', '200'), "
+            "('server', 'fake-serv/0.1.0')]>"
+        )
+
+    def test_informationalresponsereceived_repr(self):
+        """
+        InformationalResponseReceived has a useful debug representation.
+        """
+        e = h2.events.InformationalResponseReceived()
+        e.stream_id = 62
+        e.headers = self.example_informational_headers
+
+        assert repr(e) == (
+            "<InformationalResponseReceived stream_id:62, headers:["
+            "(':status', '100'), "
+            "('server', 'fake-serv/0.1.0')]>"
+        )
+
+    def test_datareceived_repr(self):
+        """
+        DataReceived has a useful debug representation.
+        """
+        e = h2.events.DataReceived()
+        e.stream_id = 888
+        e.data = b"abcdefghijklmnopqrstuvwxyz"
+        e.flow_controlled_length = 88
+
+        assert repr(e) == (
+            "<DataReceived stream_id:888, flow_controlled_length:88, "
+            "data:6162636465666768696a6b6c6d6e6f7071727374>"
+        )
+
+    def test_windowupdated_repr(self):
+        """
+        WindowUpdated has a useful debug representation.
+        """
+        e = h2.events.WindowUpdated()
+        e.stream_id = 0
+        e.delta = 2**16
+
+        assert repr(e) == "<WindowUpdated stream_id:0, delta:65536>"
+
+    def test_remotesettingschanged_repr(self):
+        """
+        RemoteSettingsChanged has a useful debug representation.
+        """
+        e = h2.events.RemoteSettingsChanged()
+        e.changed_settings = {
+            h2.settings.SettingCodes.INITIAL_WINDOW_SIZE:
+                h2.settings.ChangedSetting(
+                    h2.settings.SettingCodes.INITIAL_WINDOW_SIZE, 2**16, 2**15
+                ),
+        }
+
+        assert repr(e) == (
+            "<RemoteSettingsChanged changed_settings:{ChangedSetting("
+            "setting=SettingCodes.INITIAL_WINDOW_SIZE, original_value=65536, "
+            "new_value=32768)}>"
+        )
+
+    def test_pingreceived_repr(self):
+        """
+        PingReceived has a useful debug representation.
+        """
+        e = h2.events.PingReceived()
+        e.ping_data = b'abcdefgh'
+
+        assert repr(e) == "<PingReceived ping_data:6162636465666768>"
+
+    def test_pingackreceived_repr(self):
+        """
+        PingAckReceived has a useful debug representation.
+        """
+        e = h2.events.PingAckReceived()
+        e.ping_data = b'abcdefgh'
+
+        assert repr(e) == "<PingAckReceived ping_data:6162636465666768>"
+
+    def test_streamended_repr(self):
+        """
+        StreamEnded has a useful debug representation.
+        """
+        e = h2.events.StreamEnded()
+        e.stream_id = 99
+
+        assert repr(e) == "<StreamEnded stream_id:99>"
+
+    def test_streamreset_repr(self):
+        """
+        StreamEnded has a useful debug representation.
+        """
+        e = h2.events.StreamReset()
+        e.stream_id = 919
+        e.error_code = h2.errors.ErrorCodes.ENHANCE_YOUR_CALM
+        e.remote_reset = False
+
+        assert repr(e) == (
+            "<StreamReset stream_id:919, "
+            "error_code:ErrorCodes.ENHANCE_YOUR_CALM, remote_reset:False>"
+        )
+
+    def test_pushedstreamreceived_repr(self):
+        """
+        PushedStreamReceived has a useful debug representation.
+        """
+        e = h2.events.PushedStreamReceived()
+        e.pushed_stream_id = 50
+        e.parent_stream_id = 11
+        e.headers = self.example_request_headers
+
+        assert repr(e) == (
+            "<PushedStreamReceived pushed_stream_id:50, parent_stream_id:11, "
+            "headers:["
+            "(':authority', 'example.com'), "
+            "(':path', '/'), "
+            "(':scheme', 'https'), "
+            "(':method', 'GET')]>"
+        )
+
+    def test_settingsacknowledged_repr(self):
+        """
+        SettingsAcknowledged has a useful debug representation.
+        """
+        e = h2.events.SettingsAcknowledged()
+        e.changed_settings = {
+            h2.settings.SettingCodes.INITIAL_WINDOW_SIZE:
+                h2.settings.ChangedSetting(
+                    h2.settings.SettingCodes.INITIAL_WINDOW_SIZE, 2**16, 2**15
+                ),
+        }
+
+        assert repr(e) == (
+            "<SettingsAcknowledged changed_settings:{ChangedSetting("
+            "setting=SettingCodes.INITIAL_WINDOW_SIZE, original_value=65536, "
+            "new_value=32768)}>"
+        )
+
+    def test_priorityupdated_repr(self):
+        """
+        PriorityUpdated has a useful debug representation.
+        """
+        e = h2.events.PriorityUpdated()
+        e.stream_id = 87
+        e.weight = 32
+        e.depends_on = 8
+        e.exclusive = True
+
+        assert repr(e) == (
+            "<PriorityUpdated stream_id:87, weight:32, depends_on:8, "
+            "exclusive:True>"
+        )
+
+    @pytest.mark.parametrize("additional_data,data_repr", [
+        (None, "None"),
+        (b'some data', "736f6d652064617461")
+    ])
+    def test_connectionterminated_repr(self, additional_data, data_repr):
+        """
+        ConnectionTerminated has a useful debug representation.
+        """
+        e = h2.events.ConnectionTerminated()
+        e.error_code = h2.errors.ErrorCodes.INADEQUATE_SECURITY
+        e.last_stream_id = 33
+        e.additional_data = additional_data
+
+        assert repr(e) == (
+            "<ConnectionTerminated error_code:ErrorCodes.INADEQUATE_SECURITY, "
+            "last_stream_id:33, additional_data:%s>" % data_repr
+        )
+
+    def test_alternativeserviceavailable_repr(self):
+        """
+        AlternativeServiceAvailable has a useful debug representation.
+        """
+        e = h2.events.AlternativeServiceAvailable()
+        e.origin = b"example.com"
+        e.field_value = b'h2=":8000"; ma=60'
+
+        assert repr(e) == (
+            '<AlternativeServiceAvailable origin:example.com, '
+            'field_value:h2=":8000"; ma=60>'
+        )
+
+    def test_unknownframereceived_repr(self):
+        """
+        UnknownFrameReceived has a useful debug representation.
+        """
+        e = h2.events.UnknownFrameReceived()
+        assert repr(e) == '<UnknownFrameReceived>'
+
+
+def all_events():
+    """
+    Generates all the classes (i.e., events) defined in h2.events.
+    """
+    for _, obj in inspect.getmembers(sys.modules['h2.events']):
+
+        # We are only interested in objects that are defined in h2.events;
+        # objects that are imported from other modules are not of interest.
+        if hasattr(obj, '__module__') and (obj.__module__ != 'h2.events'):
+            continue
+
+        if inspect.isclass(obj):
+            yield obj
+
+
+@pytest.mark.parametrize('event', all_events())
+def test_all_events_subclass_from_event(event):
+    """
+    Every event defined in h2.events subclasses from h2.events.Event.
+    """
+    assert (event is h2.events.Event) or issubclass(event, h2.events.Event)
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_exceptions.py b/testing/web-platform/tests/tools/third_party/h2/test/test_exceptions.py
new file mode 100644
index 0000000000..1890459978
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_exceptions.py
@@ -0,0 +1,15 @@
+# -*- coding: utf-8 -*-
+"""
+test_exceptions
+~~~~~~~~~~~~~~~
+
+Tests that verify logic local to exceptions.
+"""
+import h2.exceptions
+
+
+class TestExceptions(object):
+    def test_stream_id_too_low_prints_properly(self):
+        x = h2.exceptions.StreamIDTooLowError(5, 10)
+
+        assert "StreamIDTooLowError: 5 is lower than 10" == str(x)
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_flow_control_window.py b/testing/web-platform/tests/tools/third_party/h2/test/test_flow_control_window.py
new file mode 100644
index 0000000000..24b345aac3
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_flow_control_window.py
@@ -0,0 +1,952 @@
+# -*- coding: utf-8 -*-
+"""
+test_flow_control
+~~~~~~~~~~~~~~~~~
+
+Tests of the flow control management in h2
+"""
+import pytest
+
+from hypothesis import given
+from hypothesis.strategies import integers
+
+import h2.config
+import h2.connection
+import h2.errors
+import h2.events
+import h2.exceptions
+import h2.settings
+
+
+class TestFlowControl(object):
+    """
+    Tests of the flow control management in the connection objects.
+    """
+    example_request_headers = [
+        (':authority', 'example.com'),
+        (':path', '/'),
+        (':scheme', 'https'),
+        (':method', 'GET'),
+    ]
+    server_config = h2.config.H2Configuration(client_side=False)
+
+    DEFAULT_FLOW_WINDOW = 65535
+
+    def test_flow_control_initializes_properly(self):
+        """
+        The flow control window for a stream should initially be the default
+        flow control value.
+        """
+        c = h2.connection.H2Connection()
+        c.send_headers(1, self.example_request_headers)
+
+        assert c.local_flow_control_window(1) == self.DEFAULT_FLOW_WINDOW
+        assert c.remote_flow_control_window(1) == self.DEFAULT_FLOW_WINDOW
+
+    def test_flow_control_decreases_with_sent_data(self):
+        """
+        When data is sent on a stream, the flow control window should drop.
+        """
+        c = h2.connection.H2Connection()
+        c.send_headers(1, self.example_request_headers)
+        c.send_data(1, b'some data')
+
+        remaining_length = self.DEFAULT_FLOW_WINDOW - len(b'some data')
+        assert (c.local_flow_control_window(1) == remaining_length)
+
+    @pytest.mark.parametrize("pad_length", [5, 0])
+    def test_flow_control_decreases_with_sent_data_with_padding(self,
+                                                                pad_length):
+        """
+        When padded data is sent on a stream, the flow control window drops
+        by the length of the padding plus 1 for the 1-byte padding length
+        field.
+        """
+        c = h2.connection.H2Connection()
+        c.send_headers(1, self.example_request_headers)
+
+        c.send_data(1, b'some data', pad_length=pad_length)
+        remaining_length = (
+            self.DEFAULT_FLOW_WINDOW - len(b'some data') - pad_length - 1
+        )
+        assert c.local_flow_control_window(1) == remaining_length
+
+    def test_flow_control_decreases_with_received_data(self, frame_factory):
+        """
+        When data is received on a stream, the remote flow control window
+        should drop.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        f1 = frame_factory.build_headers_frame(self.example_request_headers)
+        f2 = frame_factory.build_data_frame(b'some data')
+
+        c.receive_data(f1.serialize() + f2.serialize())
+
+        remaining_length = self.DEFAULT_FLOW_WINDOW - len(b'some data')
+        assert (c.remote_flow_control_window(1) == remaining_length)
+
+    def test_flow_control_decreases_with_padded_data(self, frame_factory):
+        """
+        When padded data is received on a stream, the remote flow control
+        window drops by an amount that includes the padding.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        f1 = frame_factory.build_headers_frame(self.example_request_headers)
+        f2 = frame_factory.build_data_frame(b'some data', padding_len=10)
+
+        c.receive_data(f1.serialize() + f2.serialize())
+
+        remaining_length = (
+            self.DEFAULT_FLOW_WINDOW - len(b'some data') - 10 - 1
+        )
+        assert (c.remote_flow_control_window(1) == remaining_length)
+
+    def test_flow_control_is_limited_by_connection(self):
+        """
+        The flow control window is limited by the flow control of the
+        connection.
+        """
+        c = h2.connection.H2Connection()
+        c.send_headers(1, self.example_request_headers)
+        c.send_data(1, b'some data')
+        c.send_headers(3, self.example_request_headers)
+
+        remaining_length = self.DEFAULT_FLOW_WINDOW - len(b'some data')
+        assert (c.local_flow_control_window(3) == remaining_length)
+
+    def test_remote_flow_control_is_limited_by_connection(self, frame_factory):
+        """
+        The remote flow control window is limited by the flow control of the
+        connection.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        f1 = frame_factory.build_headers_frame(self.example_request_headers)
+        f2 = frame_factory.build_data_frame(b'some data')
+        f3 = frame_factory.build_headers_frame(
+            self.example_request_headers,
+            stream_id=3,
+        )
+        c.receive_data(f1.serialize() + f2.serialize() + f3.serialize())
+
+        remaining_length = self.DEFAULT_FLOW_WINDOW - len(b'some data')
+        assert (c.remote_flow_control_window(3) == remaining_length)
+
+    def test_cannot_send_more_data_than_window(self):
+        """
+        Sending more data than the remaining flow control window raises a
+        FlowControlError.
+        """
+        c = h2.connection.H2Connection()
+        c.send_headers(1, self.example_request_headers)
+        c.outbound_flow_control_window = 5
+
+        with pytest.raises(h2.exceptions.FlowControlError):
+            c.send_data(1, b'some data')
+
+    def test_increasing_connection_window_allows_sending(self, frame_factory):
+        """
+        Confirm that sending a WindowUpdate frame on the connection frees
+        up space for further frames.
+        """
+        c = h2.connection.H2Connection()
+        c.send_headers(1, self.example_request_headers)
+        c.outbound_flow_control_window = 5
+
+        with pytest.raises(h2.exceptions.FlowControlError):
+            c.send_data(1, b'some data')
+
+        f = frame_factory.build_window_update_frame(
+            stream_id=0,
+            increment=5,
+        )
+        c.receive_data(f.serialize())
+
+        c.clear_outbound_data_buffer()
+        c.send_data(1, b'some data')
+        assert c.data_to_send()
+
+    def test_increasing_stream_window_allows_sending(self, frame_factory):
+        """
+        Confirm that sending a WindowUpdate frame on the connection frees
+        up space for further frames.
+        """
+        c = h2.connection.H2Connection()
+        c.send_headers(1, self.example_request_headers)
+        c._get_stream_by_id(1).outbound_flow_control_window = 5
+
+        with pytest.raises(h2.exceptions.FlowControlError):
+            c.send_data(1, b'some data')
+
+        f = frame_factory.build_window_update_frame(
+            stream_id=1,
+            increment=5,
+        )
+        c.receive_data(f.serialize())
+
+        c.clear_outbound_data_buffer()
+        c.send_data(1, b'some data')
+        assert c.data_to_send()
+
+    def test_flow_control_shrinks_in_response_to_settings(self, frame_factory):
+        """
+        Acknowledging SETTINGS_INITIAL_WINDOW_SIZE shrinks the flow control
+        window.
+        """
+        c = h2.connection.H2Connection()
+        c.send_headers(1, self.example_request_headers)
+
+        assert c.local_flow_control_window(1) == 65535
+
+        f = frame_factory.build_settings_frame(
+            settings={h2.settings.SettingCodes.INITIAL_WINDOW_SIZE: 1280}
+        )
+        c.receive_data(f.serialize())
+
+        assert c.local_flow_control_window(1) == 1280
+
+    def test_flow_control_grows_in_response_to_settings(self, frame_factory):
+        """
+        Acknowledging SETTINGS_INITIAL_WINDOW_SIZE grows the flow control
+        window.
+        """
+        c = h2.connection.H2Connection()
+        c.send_headers(1, self.example_request_headers)
+
+        # Greatly increase the connection flow control window.
+        f = frame_factory.build_window_update_frame(
+            stream_id=0, increment=128000
+        )
+        c.receive_data(f.serialize())
+
+        # The stream flow control window is the bottleneck here.
+        assert c.local_flow_control_window(1) == 65535
+
+        f = frame_factory.build_settings_frame(
+            settings={h2.settings.SettingCodes.INITIAL_WINDOW_SIZE: 128000}
+        )
+        c.receive_data(f.serialize())
+
+        # The stream window is still the bottleneck, but larger now.
+        assert c.local_flow_control_window(1) == 128000
+
+    def test_flow_control_settings_blocked_by_conn_window(self, frame_factory):
+        """
+        Changing SETTINGS_INITIAL_WINDOW_SIZE does not affect the effective
+        flow control window if the connection window isn't changed.
+        """
+        c = h2.connection.H2Connection()
+        c.send_headers(1, self.example_request_headers)
+
+        assert c.local_flow_control_window(1) == 65535
+
+        f = frame_factory.build_settings_frame(
+            settings={h2.settings.SettingCodes.INITIAL_WINDOW_SIZE: 128000}
+        )
+        c.receive_data(f.serialize())
+
+        assert c.local_flow_control_window(1) == 65535
+
+    def test_new_streams_have_flow_control_per_settings(self, frame_factory):
+        """
+        After a SETTINGS_INITIAL_WINDOW_SIZE change is received, new streams
+        have appropriate new flow control windows.
+        """
+        c = h2.connection.H2Connection()
+
+        f = frame_factory.build_settings_frame(
+            settings={h2.settings.SettingCodes.INITIAL_WINDOW_SIZE: 128000}
+        )
+        c.receive_data(f.serialize())
+
+        # Greatly increase the connection flow control window.
+        f = frame_factory.build_window_update_frame(
+            stream_id=0, increment=128000
+        )
+        c.receive_data(f.serialize())
+
+        c.send_headers(1, self.example_request_headers)
+        assert c.local_flow_control_window(1) == 128000
+
+    def test_window_update_no_stream(self, frame_factory):
+        """
+        WindowUpdate frames received without streams fire an appropriate
+        WindowUpdated event.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_window_update_frame(
+            stream_id=0,
+            increment=5
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.WindowUpdated)
+        assert event.stream_id == 0
+        assert event.delta == 5
+
+    def test_window_update_with_stream(self, frame_factory):
+        """
+        WindowUpdate frames received with streams fire an appropriate
+        WindowUpdated event.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+
+        f1 = frame_factory.build_headers_frame(self.example_request_headers)
+        f2 = frame_factory.build_window_update_frame(
+            stream_id=1,
+            increment=66
+        )
+        data = b''.join(map(lambda f: f.serialize(), [f1, f2]))
+        events = c.receive_data(data)
+
+        assert len(events) == 2
+        event = events[1]
+
+        assert isinstance(event, h2.events.WindowUpdated)
+        assert event.stream_id == 1
+        assert event.delta == 66
+
+    def test_we_can_increment_stream_flow_control(self, frame_factory):
+        """
+        It is possible for the user to increase the flow control window for
+        streams.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers, end_stream=True)
+        c.clear_outbound_data_buffer()
+
+        expected_frame = frame_factory.build_window_update_frame(
+            stream_id=1,
+            increment=5
+        )
+
+        events = c.increment_flow_control_window(increment=5, stream_id=1)
+        assert not events
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_we_can_increment_connection_flow_control(self, frame_factory):
+        """
+        It is possible for the user to increase the flow control window for
+        the entire connection.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers, end_stream=True)
+        c.clear_outbound_data_buffer()
+
+        expected_frame = frame_factory.build_window_update_frame(
+            stream_id=0,
+            increment=5
+        )
+
+        events = c.increment_flow_control_window(increment=5)
+        assert not events
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_we_enforce_our_flow_control_window(self, frame_factory):
+        """
+        The user can set a low flow control window, which leads to connection
+        teardown if violated.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+
+        # Change the flow control window to 80 bytes.
+        c.update_settings(
+            {h2.settings.SettingCodes.INITIAL_WINDOW_SIZE: 80}
+        )
+        f = frame_factory.build_settings_frame({}, ack=True)
+        c.receive_data(f.serialize())
+
+        # Receive a new stream.
+        f = frame_factory.build_headers_frame(self.example_request_headers)
+        c.receive_data(f.serialize())
+
+        # Attempt to violate the flow control window.
+        c.clear_outbound_data_buffer()
+        f = frame_factory.build_data_frame(b'\x01' * 100)
+
+        with pytest.raises(h2.exceptions.FlowControlError):
+            c.receive_data(f.serialize())
+
+        # Verify we tear down appropriately.
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=1,
+            error_code=h2.errors.ErrorCodes.FLOW_CONTROL_ERROR,
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_shrink_remote_flow_control_settings(self, frame_factory):
+        """
+        The remote peer acknowledging our SETTINGS_INITIAL_WINDOW_SIZE shrinks
+        the flow control window.
+        """
+        c = h2.connection.H2Connection()
+        c.send_headers(1, self.example_request_headers)
+
+        assert c.remote_flow_control_window(1) == 65535
+
+        c.update_settings({h2.settings.SettingCodes.INITIAL_WINDOW_SIZE: 1280})
+
+        f = frame_factory.build_settings_frame({}, ack=True)
+        c.receive_data(f.serialize())
+
+        assert c.remote_flow_control_window(1) == 1280
+
+    def test_grow_remote_flow_control_settings(self, frame_factory):
+        """
+        The remote peer acknowledging our SETTINGS_INITIAL_WINDOW_SIZE grows
+        the flow control window.
+        """
+        c = h2.connection.H2Connection()
+        c.send_headers(1, self.example_request_headers)
+
+        # Increase the connection flow control window greatly.
+        c.increment_flow_control_window(increment=128000)
+
+        assert c.remote_flow_control_window(1) == 65535
+
+        c.update_settings(
+            {h2.settings.SettingCodes.INITIAL_WINDOW_SIZE: 128000}
+        )
+        f = frame_factory.build_settings_frame({}, ack=True)
+        c.receive_data(f.serialize())
+
+        assert c.remote_flow_control_window(1) == 128000
+
+    def test_new_streams_have_remote_flow_control(self, frame_factory):
+        """
+        After a SETTINGS_INITIAL_WINDOW_SIZE change is acknowledged by the
+        remote peer, new streams have appropriate new flow control windows.
+        """
+        c = h2.connection.H2Connection()
+
+        c.update_settings(
+            {h2.settings.SettingCodes.INITIAL_WINDOW_SIZE: 128000}
+        )
+        f = frame_factory.build_settings_frame({}, ack=True)
+        c.receive_data(f.serialize())
+
+        # Increase the connection flow control window greatly.
+        c.increment_flow_control_window(increment=128000)
+
+        c.send_headers(1, self.example_request_headers)
+        assert c.remote_flow_control_window(1) == 128000
+
+    @pytest.mark.parametrize(
+        'increment', [0, -15, 2**31]
+    )
+    def test_reject_bad_attempts_to_increment_flow_control(self, increment):
+        """
+        Attempting to increment a flow control increment outside the valid
+        range causes a ValueError to be raised.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers, end_stream=True)
+        c.clear_outbound_data_buffer()
+
+        # Fails both on and off streams.
+        with pytest.raises(ValueError):
+            c.increment_flow_control_window(increment=increment, stream_id=1)
+
+        with pytest.raises(ValueError):
+            c.increment_flow_control_window(increment=increment)
+
+    @pytest.mark.parametrize('stream_id', [0, 1])
+    def test_reject_bad_remote_increments(self, frame_factory, stream_id):
+        """
+        Remote peers attempting to increment flow control outside the valid
+        range cause connection errors of type PROTOCOL_ERROR.
+        """
+        # The only number that can be encoded in a WINDOW_UPDATE frame but
+        # isn't valid is 0.
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers, end_stream=True)
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_window_update_frame(
+            stream_id=stream_id, increment=0
+        )
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(f.serialize())
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=0,
+            error_code=h2.errors.ErrorCodes.PROTOCOL_ERROR,
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_reject_increasing_connection_window_too_far(self, frame_factory):
+        """
+        Attempts by the remote peer to increase the connection flow control
+        window beyond 2**31 - 1 are rejected.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.clear_outbound_data_buffer()
+
+        increment = 2**31 - c.outbound_flow_control_window
+
+        f = frame_factory.build_window_update_frame(
+            stream_id=0, increment=increment
+        )
+
+        with pytest.raises(h2.exceptions.FlowControlError):
+            c.receive_data(f.serialize())
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=0,
+            error_code=h2.errors.ErrorCodes.FLOW_CONTROL_ERROR,
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_reject_increasing_stream_window_too_far(self, frame_factory):
+        """
+        Attempts by the remote peer to increase the stream flow control window
+        beyond 2**31 - 1 are rejected.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers)
+        c.clear_outbound_data_buffer()
+
+        increment = 2**31 - c.outbound_flow_control_window
+
+        f = frame_factory.build_window_update_frame(
+            stream_id=1, increment=increment
+        )
+
+        events = c.receive_data(f.serialize())
+        assert len(events) == 1
+
+        event = events[0]
+        assert isinstance(event, h2.events.StreamReset)
+        assert event.stream_id == 1
+        assert event.error_code == h2.errors.ErrorCodes.FLOW_CONTROL_ERROR
+        assert not event.remote_reset
+
+        expected_frame = frame_factory.build_rst_stream_frame(
+            stream_id=1,
+            error_code=h2.errors.ErrorCodes.FLOW_CONTROL_ERROR,
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_reject_overlarge_conn_window_settings(self, frame_factory):
+        """
+        SETTINGS frames cannot change the size of the connection flow control
+        window.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+
+        # Go one byte smaller than the limit.
+        increment = 2**31 - 1 - c.outbound_flow_control_window
+
+        f = frame_factory.build_window_update_frame(
+            stream_id=0, increment=increment
+        )
+        c.receive_data(f.serialize())
+
+        # Receive an increment to the initial window size.
+        f = frame_factory.build_settings_frame(
+            settings={
+                h2.settings.SettingCodes.INITIAL_WINDOW_SIZE:
+                    self.DEFAULT_FLOW_WINDOW + 1
+            }
+        )
+        c.clear_outbound_data_buffer()
+
+        # No error is encountered.
+        events = c.receive_data(f.serialize())
+        assert len(events) == 1
+        assert isinstance(events[0], h2.events.RemoteSettingsChanged)
+
+        expected_frame = frame_factory.build_settings_frame(
+            settings={},
+            ack=True
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_reject_overlarge_stream_window_settings(self, frame_factory):
+        """
+        Remote attempts to create overlarge stream windows via SETTINGS frames
+        are rejected.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers)
+
+        # Go one byte smaller than the limit.
+        increment = 2**31 - 1 - c.outbound_flow_control_window
+
+        f = frame_factory.build_window_update_frame(
+            stream_id=1, increment=increment
+        )
+        c.receive_data(f.serialize())
+
+        # Receive an increment to the initial window size.
+        f = frame_factory.build_settings_frame(
+            settings={
+                h2.settings.SettingCodes.INITIAL_WINDOW_SIZE:
+                    self.DEFAULT_FLOW_WINDOW + 1
+            }
+        )
+        c.clear_outbound_data_buffer()
+        with pytest.raises(h2.exceptions.FlowControlError):
+            c.receive_data(f.serialize())
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=0,
+            error_code=h2.errors.ErrorCodes.FLOW_CONTROL_ERROR,
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_reject_local_overlarge_increase_connection_window(self):
+        """
+        Local attempts to increase the connection window too far are rejected.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+
+        increment = 2**31 - c.inbound_flow_control_window
+
+        with pytest.raises(h2.exceptions.FlowControlError):
+            c.increment_flow_control_window(increment=increment)
+
+    def test_reject_local_overlarge_increase_stream_window(self):
+        """
+        Local attempts to increase the connection window too far are rejected.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers)
+
+        increment = 2**31 - c.inbound_flow_control_window
+
+        with pytest.raises(h2.exceptions.FlowControlError):
+            c.increment_flow_control_window(increment=increment, stream_id=1)
+
+    def test_send_update_on_closed_streams(self, frame_factory):
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers)
+        c.reset_stream(1)
+
+        c.clear_outbound_data_buffer()
+        c.open_outbound_streams
+        c.open_inbound_streams
+
+        f = frame_factory.build_data_frame(b'some data'*1500)
+        events = c.receive_data(f.serialize()*3)
+        assert not events
+
+        expected = frame_factory.build_rst_stream_frame(
+            stream_id=1,
+            error_code=h2.errors.ErrorCodes.STREAM_CLOSED,
+        ).serialize() * 2 + frame_factory.build_window_update_frame(
+            stream_id=0,
+            increment=40500,
+        ).serialize() + frame_factory.build_rst_stream_frame(
+            stream_id=1,
+            error_code=h2.errors.ErrorCodes.STREAM_CLOSED,
+        ).serialize()
+        assert c.data_to_send() == expected
+
+        f = frame_factory.build_data_frame(b'')
+        events = c.receive_data(f.serialize())
+        assert not events
+
+        expected = frame_factory.build_rst_stream_frame(
+            stream_id=1,
+            error_code=h2.errors.ErrorCodes.STREAM_CLOSED,
+        ).serialize()
+        assert c.data_to_send() == expected
+
+
+class TestAutomaticFlowControl(object):
+    """
+    Tests for the automatic flow control logic.
+    """
+    example_request_headers = [
+        (':authority', 'example.com'),
+        (':path', '/'),
+        (':scheme', 'https'),
+        (':method', 'GET'),
+    ]
+    server_config = h2.config.H2Configuration(client_side=False)
+
+    DEFAULT_FLOW_WINDOW = 65535
+
+    def _setup_connection_and_send_headers(self, frame_factory):
+        """
+        Setup a server-side H2Connection and send a headers frame, and then
+        clear the outbound data buffer. Also increase the maximum frame size.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        c.update_settings(
+            {h2.settings.SettingCodes.MAX_FRAME_SIZE: self.DEFAULT_FLOW_WINDOW}
+        )
+        settings_frame = frame_factory.build_settings_frame(
+            settings={}, ack=True
+        )
+        c.receive_data(settings_frame.serialize())
+        c.clear_outbound_data_buffer()
+
+        headers_frame = frame_factory.build_headers_frame(
+            headers=self.example_request_headers
+        )
+        c.receive_data(headers_frame.serialize())
+        c.clear_outbound_data_buffer()
+        return c
+
+    @given(stream_id=integers(max_value=0))
+    def test_must_acknowledge_for_stream(self, frame_factory, stream_id):
+        """
+        Flow control acknowledgements must be done on a stream ID that is
+        greater than zero.
+        """
+        # We need to refresh the encoder because hypothesis has a problem with
+        # integrating with py.test, meaning that we use the same frame factory
+        # for all tests.
+        # See https://github.com/HypothesisWorks/hypothesis-python/issues/377
+        frame_factory.refresh_encoder()
+
+        # Create a connection in a state that might actually accept
+        # data acknolwedgement.
+        c = self._setup_connection_and_send_headers(frame_factory)
+        data_frame = frame_factory.build_data_frame(
+            b'some data', flags=['END_STREAM']
+        )
+        c.receive_data(data_frame.serialize())
+
+        with pytest.raises(ValueError):
+            c.acknowledge_received_data(
+                acknowledged_size=5, stream_id=stream_id
+            )
+
+    @given(size=integers(max_value=-1))
+    def test_cannot_acknowledge_less_than_zero(self, frame_factory, size):
+        """
+        The user must acknowledge at least 0 bytes.
+        """
+        # We need to refresh the encoder because hypothesis has a problem with
+        # integrating with py.test, meaning that we use the same frame factory
+        # for all tests.
+        # See https://github.com/HypothesisWorks/hypothesis-python/issues/377
+        frame_factory.refresh_encoder()
+
+        # Create a connection in a state that might actually accept
+        # data acknolwedgement.
+        c = self._setup_connection_and_send_headers(frame_factory)
+        data_frame = frame_factory.build_data_frame(
+            b'some data', flags=['END_STREAM']
+        )
+        c.receive_data(data_frame.serialize())
+
+        with pytest.raises(ValueError):
+            c.acknowledge_received_data(acknowledged_size=size, stream_id=1)
+
+    def test_acknowledging_small_chunks_does_nothing(self, frame_factory):
+        """
+        When a small amount of data is received and acknowledged, no window
+        update is emitted.
+        """
+        c = self._setup_connection_and_send_headers(frame_factory)
+
+        data_frame = frame_factory.build_data_frame(
+            b'some data', flags=['END_STREAM']
+        )
+        data_event = c.receive_data(data_frame.serialize())[0]
+
+        c.acknowledge_received_data(
+            data_event.flow_controlled_length, stream_id=1
+        )
+
+        assert not c.data_to_send()
+
+    def test_acknowledging_no_data_does_nothing(self, frame_factory):
+        """
+        If a user accidentally acknowledges no data, nothing happens.
+        """
+        c = self._setup_connection_and_send_headers(frame_factory)
+
+        # Send an empty data frame, just to give the user impetus to ack the
+        # data.
+        data_frame = frame_factory.build_data_frame(b'')
+        c.receive_data(data_frame.serialize())
+
+        c.acknowledge_received_data(0, stream_id=1)
+        assert not c.data_to_send()
+
+    @pytest.mark.parametrize('force_cleanup', (True, False))
+    def test_acknowledging_data_on_closed_stream(self,
+                                                 frame_factory,
+                                                 force_cleanup):
+        """
+        When acknowledging data on a stream that has just been closed, no
+        acknowledgement is given for that stream, only for the connection.
+        """
+        c = self._setup_connection_and_send_headers(frame_factory)
+
+        data_to_send = b'\x00' * self.DEFAULT_FLOW_WINDOW
+        data_frame = frame_factory.build_data_frame(data_to_send)
+        c.receive_data(data_frame.serialize())
+
+        rst_frame = frame_factory.build_rst_stream_frame(
+            stream_id=1
+        )
+        c.receive_data(rst_frame.serialize())
+        c.clear_outbound_data_buffer()
+
+        if force_cleanup:
+            # Check how many streams are open to force the old one to be
+            # cleaned up.
+            assert c.open_outbound_streams == 0
+
+        c.acknowledge_received_data(2048, stream_id=1)
+
+        expected = frame_factory.build_window_update_frame(
+            stream_id=0, increment=2048
+        )
+        assert c.data_to_send() == expected.serialize()
+
+    def test_acknowledging_streams_we_never_saw(self, frame_factory):
+        """
+        If the user acknowledges a stream ID we've never seen, that raises a
+        NoSuchStreamError.
+        """
+        c = self._setup_connection_and_send_headers(frame_factory)
+        c.clear_outbound_data_buffer()
+
+        with pytest.raises(h2.exceptions.NoSuchStreamError):
+            c.acknowledge_received_data(2048, stream_id=101)
+
+    @given(integers(min_value=1025, max_value=DEFAULT_FLOW_WINDOW))
+    def test_acknowledging_1024_bytes_when_empty_increments(self,
+                                                            frame_factory,
+                                                            increment):
+        """
+        If the flow control window is empty and we acknowledge 1024 bytes or
+        more, we will emit a WINDOW_UPDATE frame just to move the connection
+        forward.
+        """
+        # We need to refresh the encoder because hypothesis has a problem with
+        # integrating with py.test, meaning that we use the same frame factory
+        # for all tests.
+        # See https://github.com/HypothesisWorks/hypothesis-python/issues/377
+        frame_factory.refresh_encoder()
+
+        c = self._setup_connection_and_send_headers(frame_factory)
+
+        data_to_send = b'\x00' * self.DEFAULT_FLOW_WINDOW
+        data_frame = frame_factory.build_data_frame(data_to_send)
+        c.receive_data(data_frame.serialize())
+
+        c.acknowledge_received_data(increment, stream_id=1)
+
+        first_expected = frame_factory.build_window_update_frame(
+            stream_id=0, increment=increment
+        )
+        second_expected = frame_factory.build_window_update_frame(
+            stream_id=1, increment=increment
+        )
+        expected_data = b''.join(
+            [first_expected.serialize(), second_expected.serialize()]
+        )
+        assert c.data_to_send() == expected_data
+
+    # This test needs to use a lower cap, because otherwise the algo will
+    # increment the stream window anyway.
+    @given(integers(min_value=1025, max_value=(DEFAULT_FLOW_WINDOW // 4) - 1))
+    def test_connection_only_empty(self, frame_factory, increment):
+        """
+        If the connection flow control window is empty, but the stream flow
+        control windows aren't, and 1024 bytes or more are acknowledged by the
+        user, we increment the connection window only.
+        """
+        # We need to refresh the encoder because hypothesis has a problem with
+        # integrating with py.test, meaning that we use the same frame factory
+        # for all tests.
+        # See https://github.com/HypothesisWorks/hypothesis-python/issues/377
+        frame_factory.refresh_encoder()
+
+        # Here we'll use 4 streams. Set them up.
+        c = self._setup_connection_and_send_headers(frame_factory)
+
+        for stream_id in [3, 5, 7]:
+            f = frame_factory.build_headers_frame(
+                headers=self.example_request_headers, stream_id=stream_id
+            )
+            c.receive_data(f.serialize())
+
+        # Now we send 1/4 of the connection window per stream. Annoyingly,
+        # that's an odd number, so we need to round the last frame up.
+        data_to_send = b'\x00' * (self.DEFAULT_FLOW_WINDOW // 4)
+        for stream_id in [1, 3, 5]:
+            f = frame_factory.build_data_frame(
+                data_to_send, stream_id=stream_id
+            )
+            c.receive_data(f.serialize())
+
+        data_to_send = b'\x00' * c.remote_flow_control_window(7)
+        data_frame = frame_factory.build_data_frame(data_to_send, stream_id=7)
+        c.receive_data(data_frame.serialize())
+
+        # Ok, now the actual test.
+        c.acknowledge_received_data(increment, stream_id=1)
+
+        expected_data = frame_factory.build_window_update_frame(
+            stream_id=0, increment=increment
+        ).serialize()
+        assert c.data_to_send() == expected_data
+
+    @given(integers(min_value=1025, max_value=DEFAULT_FLOW_WINDOW))
+    def test_mixing_update_forms(self, frame_factory, increment):
+        """
+        If the user mixes ackowledging data with manually incrementing windows,
+        we still keep track of what's going on.
+        """
+        # We need to refresh the encoder because hypothesis has a problem with
+        # integrating with py.test, meaning that we use the same frame factory
+        # for all tests.
+        # See https://github.com/HypothesisWorks/hypothesis-python/issues/377
+        frame_factory.refresh_encoder()
+
+        # Empty the flow control window.
+        c = self._setup_connection_and_send_headers(frame_factory)
+        data_to_send = b'\x00' * self.DEFAULT_FLOW_WINDOW
+        data_frame = frame_factory.build_data_frame(data_to_send)
+        c.receive_data(data_frame.serialize())
+
+        # Manually increment the connection flow control window back to fully
+        # open, but leave the stream window closed.
+        c.increment_flow_control_window(
+            stream_id=None, increment=self.DEFAULT_FLOW_WINDOW
+        )
+        c.clear_outbound_data_buffer()
+
+        # Now, acknowledge the receipt of that data. This should cause the
+        # stream window to be widened, but not the connection window, because
+        # it is already open.
+        c.acknowledge_received_data(increment, stream_id=1)
+
+        # We expect to see one window update frame only, for the stream.
+        expected_data = frame_factory.build_window_update_frame(
+            stream_id=1, increment=increment
+        ).serialize()
+        assert c.data_to_send() == expected_data
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_h2_upgrade.py b/testing/web-platform/tests/tools/third_party/h2/test/test_h2_upgrade.py
new file mode 100644
index 0000000000..d63d44f3f7
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_h2_upgrade.py
@@ -0,0 +1,302 @@
+# -*- coding: utf-8 -*-
+"""
+test_h2_upgrade.py
+~~~~~~~~~~~~~~~~~~
+
+This module contains tests that exercise the HTTP Upgrade functionality of
+hyper-h2, ensuring that clients and servers can upgrade their plaintext
+HTTP/1.1 connections to HTTP/2.
+"""
+import base64
+
+import pytest
+
+import h2.config
+import h2.connection
+import h2.errors
+import h2.events
+import h2.exceptions
+
+
+class TestClientUpgrade(object):
+    """
+    Tests of the client-side of the HTTP/2 upgrade dance.
+    """
+    example_request_headers = [
+        (b':authority', b'example.com'),
+        (b':path', b'/'),
+        (b':scheme', b'https'),
+        (b':method', b'GET'),
+    ]
+    example_response_headers = [
+        (b':status', b'200'),
+        (b'server', b'fake-serv/0.1.0')
+    ]
+
+    def test_returns_http2_settings(self, frame_factory):
+        """
+        Calling initiate_upgrade_connection returns a base64url encoded
+        Settings frame with the settings used by the connection.
+        """
+        conn = h2.connection.H2Connection()
+        data = conn.initiate_upgrade_connection()
+
+        # The base64 encoding must not be padded.
+        assert not data.endswith(b'=')
+
+        # However, SETTINGS frames should never need to be padded.
+        decoded_frame = base64.urlsafe_b64decode(data)
+        expected_frame = frame_factory.build_settings_frame(
+            settings=conn.local_settings
+        )
+        assert decoded_frame == expected_frame.serialize_body()
+
+    def test_emits_preamble(self, frame_factory):
+        """
+        Calling initiate_upgrade_connection emits the connection preamble.
+        """
+        conn = h2.connection.H2Connection()
+        conn.initiate_upgrade_connection()
+
+        data = conn.data_to_send()
+        assert data.startswith(frame_factory.preamble())
+
+        data = data[len(frame_factory.preamble()):]
+        expected_frame = frame_factory.build_settings_frame(
+            settings=conn.local_settings
+        )
+        assert data == expected_frame.serialize()
+
+    def test_can_receive_response(self, frame_factory):
+        """
+        After upgrading, we can safely receive a response.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_upgrade_connection()
+        c.clear_outbound_data_buffer()
+
+        f1 = frame_factory.build_headers_frame(
+            stream_id=1,
+            headers=self.example_response_headers,
+        )
+        f2 = frame_factory.build_data_frame(
+            stream_id=1,
+            data=b'some data',
+            flags=['END_STREAM']
+        )
+        events = c.receive_data(f1.serialize() + f2.serialize())
+        assert len(events) == 3
+
+        assert isinstance(events[0], h2.events.ResponseReceived)
+        assert isinstance(events[1], h2.events.DataReceived)
+        assert isinstance(events[2], h2.events.StreamEnded)
+
+        assert events[0].headers == self.example_response_headers
+        assert events[1].data == b'some data'
+        assert all(e.stream_id == 1 for e in events)
+
+        assert not c.data_to_send()
+
+    def test_can_receive_pushed_stream(self, frame_factory):
+        """
+        After upgrading, we can safely receive a pushed stream.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_upgrade_connection()
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_push_promise_frame(
+            stream_id=1,
+            promised_stream_id=2,
+            headers=self.example_request_headers,
+        )
+        events = c.receive_data(f.serialize())
+        assert len(events) == 1
+
+        assert isinstance(events[0], h2.events.PushedStreamReceived)
+        assert events[0].headers == self.example_request_headers
+        assert events[0].parent_stream_id == 1
+        assert events[0].pushed_stream_id == 2
+
+    def test_cannot_send_headers_stream_1(self, frame_factory):
+        """
+        After upgrading, we cannot send headers on stream 1.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_upgrade_connection()
+        c.clear_outbound_data_buffer()
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.send_headers(stream_id=1, headers=self.example_request_headers)
+
+    def test_cannot_send_data_stream_1(self, frame_factory):
+        """
+        After upgrading, we cannot send data on stream 1.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_upgrade_connection()
+        c.clear_outbound_data_buffer()
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.send_data(stream_id=1, data=b'some data')
+
+
+class TestServerUpgrade(object):
+    """
+    Tests of the server-side of the HTTP/2 upgrade dance.
+    """
+    example_request_headers = [
+        (b':authority', b'example.com'),
+        (b':path', b'/'),
+        (b':scheme', b'https'),
+        (b':method', b'GET'),
+    ]
+    example_response_headers = [
+        (b':status', b'200'),
+        (b'server', b'fake-serv/0.1.0')
+    ]
+    server_config = h2.config.H2Configuration(client_side=False)
+
+    def test_returns_nothing(self, frame_factory):
+        """
+        Calling initiate_upgrade_connection returns nothing.
+        """
+        conn = h2.connection.H2Connection(config=self.server_config)
+        curl_header = b"AAMAAABkAAQAAP__"
+        data = conn.initiate_upgrade_connection(curl_header)
+        assert data is None
+
+    def test_emits_preamble(self, frame_factory):
+        """
+        Calling initiate_upgrade_connection emits the connection preamble.
+        """
+        conn = h2.connection.H2Connection(config=self.server_config)
+        conn.initiate_upgrade_connection()
+
+        data = conn.data_to_send()
+        expected_frame = frame_factory.build_settings_frame(
+            settings=conn.local_settings
+        )
+        assert data == expected_frame.serialize()
+
+    def test_can_send_response(self, frame_factory):
+        """
+        After upgrading, we can safely send a response.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_upgrade_connection()
+        c.clear_outbound_data_buffer()
+
+        c.send_headers(stream_id=1, headers=self.example_response_headers)
+        c.send_data(stream_id=1, data=b'some data', end_stream=True)
+
+        f1 = frame_factory.build_headers_frame(
+            stream_id=1,
+            headers=self.example_response_headers,
+        )
+        f2 = frame_factory.build_data_frame(
+            stream_id=1,
+            data=b'some data',
+            flags=['END_STREAM']
+        )
+
+        expected_data = f1.serialize() + f2.serialize()
+        assert c.data_to_send() == expected_data
+
+    def test_can_push_stream(self, frame_factory):
+        """
+        After upgrading, we can safely push a stream.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_upgrade_connection()
+        c.clear_outbound_data_buffer()
+
+        c.push_stream(
+            stream_id=1,
+            promised_stream_id=2,
+            request_headers=self.example_request_headers
+        )
+
+        f = frame_factory.build_push_promise_frame(
+            stream_id=1,
+            promised_stream_id=2,
+            headers=self.example_request_headers,
+        )
+        assert c.data_to_send() == f.serialize()
+
+    def test_cannot_receive_headers_stream_1(self, frame_factory):
+        """
+        After upgrading, we cannot receive headers on stream 1.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_upgrade_connection()
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_headers_frame(
+            stream_id=1,
+            headers=self.example_request_headers,
+        )
+        c.receive_data(f.serialize())
+
+        expected_frame = frame_factory.build_rst_stream_frame(
+            stream_id=1,
+            error_code=h2.errors.ErrorCodes.STREAM_CLOSED,
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_cannot_receive_data_stream_1(self, frame_factory):
+        """
+        After upgrading, we cannot receive data on stream 1.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_upgrade_connection()
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_data_frame(
+            stream_id=1,
+            data=b'some data',
+        )
+        c.receive_data(f.serialize())
+
+        expected = frame_factory.build_rst_stream_frame(
+            stream_id=1,
+            error_code=h2.errors.ErrorCodes.STREAM_CLOSED,
+        ).serialize()
+        assert c.data_to_send() == expected
+
+    def test_client_settings_are_applied(self, frame_factory):
+        """
+        The settings provided by the client are applied and immediately
+        ACK'ed.
+        """
+        server = h2.connection.H2Connection(config=self.server_config)
+        client = h2.connection.H2Connection()
+
+        # As a precaution, let's confirm that the server and client, at the
+        # start of the connection, do not agree on their initial settings
+        # state.
+        assert (
+            client.local_settings != server.remote_settings
+        )
+
+        # Get the client header data and pass it to the server.
+        header_data = client.initiate_upgrade_connection()
+        server.initiate_upgrade_connection(header_data)
+
+        # This gets complex, but here we go.
+        # RFC 7540 § 3.2.1 says that "explicit acknowledgement" of the settings
+        # in the header is "not necessary". That's annoyingly vague, but we
+        # interpret that to mean "should not be sent". So to test that this
+        # worked we need to test that the server has only sent the preamble,
+        # and has not sent a SETTINGS ack, and also that the server has the
+        # correct settings.
+        expected_frame = frame_factory.build_settings_frame(
+            server.local_settings
+        )
+        assert server.data_to_send() == expected_frame.serialize()
+
+        assert (
+            client.local_settings == server.remote_settings
+        )
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_head_request.py b/testing/web-platform/tests/tools/third_party/h2/test/test_head_request.py
new file mode 100644
index 0000000000..ef73007254
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_head_request.py
@@ -0,0 +1,55 @@
+# -*- coding; utf-8 -*-
+"""
+test_head_request
+~~~~~~~~~~~~~~~~~
+"""
+import h2.connection
+import pytest
+
+
+class TestHeadRequest(object):
+    example_request_headers = [
+        (b':authority', b'example.com'),
+        (b':path', b'/'),
+        (b':scheme', b'https'),
+        (b':method', b'HEAD'),
+    ]
+
+    example_response_headers = [
+        (b':status', b'200'),
+        (b'server', b'fake-serv/0.1.0'),
+        (b'content_length', b'1'),
+    ]
+
+    def test_non_zero_content_and_no_body(self, frame_factory):
+
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers, end_stream=True)
+
+        f = frame_factory.build_headers_frame(
+            self.example_response_headers,
+            flags=['END_STREAM']
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 2
+        event = events[0]
+
+        assert isinstance(event, h2.events.ResponseReceived)
+        assert event.stream_id == 1
+        assert event.headers == self.example_response_headers
+
+    def test_reject_non_zero_content_and_body(self, frame_factory):
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers)
+
+        headers = frame_factory.build_headers_frame(
+            self.example_response_headers
+        )
+        data = frame_factory.build_data_frame(data=b'\x01')
+
+        c.receive_data(headers.serialize())
+        with pytest.raises(h2.exceptions.InvalidBodyLengthError):
+            c.receive_data(data.serialize())
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_header_indexing.py b/testing/web-platform/tests/tools/third_party/h2/test/test_header_indexing.py
new file mode 100644
index 0000000000..23fd06f15b
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_header_indexing.py
@@ -0,0 +1,637 @@
+# -*- coding: utf-8 -*-
+"""
+test_header_indexing.py
+~~~~~~~~~~~~~~~~~~~~~~~
+
+This module contains tests that use HPACK header tuples that provide additional
+metadata to the hpack module about how to encode the headers.
+"""
+import pytest
+
+from hpack import HeaderTuple, NeverIndexedHeaderTuple
+
+import h2.config
+import h2.connection
+
+
+def assert_header_blocks_actually_equal(block_a, block_b):
+    """
+    Asserts that two header bocks are really, truly equal, down to the types
+    of their tuples. Doesn't return anything.
+    """
+    assert len(block_a) == len(block_b)
+
+    for a, b in zip(block_a, block_b):
+        assert a == b
+        assert a.__class__ is b.__class__
+
+
+class TestHeaderIndexing(object):
+    """
+    Test that Hyper-h2 can correctly handle never indexed header fields using
+    the appropriate hpack data structures.
+    """
+    example_request_headers = [
+        HeaderTuple(u':authority', u'example.com'),
+        HeaderTuple(u':path', u'/'),
+        HeaderTuple(u':scheme', u'https'),
+        HeaderTuple(u':method', u'GET'),
+    ]
+    bytes_example_request_headers = [
+        HeaderTuple(b':authority', b'example.com'),
+        HeaderTuple(b':path', b'/'),
+        HeaderTuple(b':scheme', b'https'),
+        HeaderTuple(b':method', b'GET'),
+    ]
+
+    extended_request_headers = [
+        HeaderTuple(u':authority', u'example.com'),
+        HeaderTuple(u':path', u'/'),
+        HeaderTuple(u':scheme', u'https'),
+        HeaderTuple(u':method', u'GET'),
+        NeverIndexedHeaderTuple(u'authorization', u'realpassword'),
+    ]
+    bytes_extended_request_headers = [
+        HeaderTuple(b':authority', b'example.com'),
+        HeaderTuple(b':path', b'/'),
+        HeaderTuple(b':scheme', b'https'),
+        HeaderTuple(b':method', b'GET'),
+        NeverIndexedHeaderTuple(b'authorization', b'realpassword'),
+    ]
+
+    example_response_headers = [
+        HeaderTuple(u':status', u'200'),
+        HeaderTuple(u'server', u'fake-serv/0.1.0')
+    ]
+    bytes_example_response_headers = [
+        HeaderTuple(b':status', b'200'),
+        HeaderTuple(b'server', b'fake-serv/0.1.0')
+    ]
+
+    extended_response_headers = [
+        HeaderTuple(u':status', u'200'),
+        HeaderTuple(u'server', u'fake-serv/0.1.0'),
+        NeverIndexedHeaderTuple(u'secure', u'you-bet'),
+    ]
+    bytes_extended_response_headers = [
+        HeaderTuple(b':status', b'200'),
+        HeaderTuple(b'server', b'fake-serv/0.1.0'),
+        NeverIndexedHeaderTuple(b'secure', b'you-bet'),
+    ]
+
+    server_config = h2.config.H2Configuration(client_side=False)
+
+    @pytest.mark.parametrize(
+        'headers', (
+            example_request_headers,
+            bytes_example_request_headers,
+            extended_request_headers,
+            bytes_extended_request_headers,
+        )
+    )
+    def test_sending_header_tuples(self, headers, frame_factory):
+        """
+        Providing HeaderTuple and HeaderTuple subclasses preserves the metadata
+        about indexing.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+
+        # Clear the data, then send headers.
+        c.clear_outbound_data_buffer()
+        c.send_headers(1, headers)
+
+        f = frame_factory.build_headers_frame(headers=headers)
+        assert c.data_to_send() == f.serialize()
+
+    @pytest.mark.parametrize(
+        'headers', (
+            example_request_headers,
+            bytes_example_request_headers,
+            extended_request_headers,
+            bytes_extended_request_headers,
+        )
+    )
+    def test_header_tuples_in_pushes(self, headers, frame_factory):
+        """
+        Providing HeaderTuple and HeaderTuple subclasses to push promises
+        preserves metadata about indexing.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+
+        # We can use normal headers for the request.
+        f = frame_factory.build_headers_frame(
+            self.example_request_headers
+        )
+        c.receive_data(f.serialize())
+
+        frame_factory.refresh_encoder()
+        expected_frame = frame_factory.build_push_promise_frame(
+            stream_id=1,
+            promised_stream_id=2,
+            headers=headers,
+            flags=['END_HEADERS'],
+        )
+
+        c.clear_outbound_data_buffer()
+        c.push_stream(
+            stream_id=1,
+            promised_stream_id=2,
+            request_headers=headers
+        )
+
+        assert c.data_to_send() == expected_frame.serialize()
+
+    @pytest.mark.parametrize(
+        'headers,encoding', (
+            (example_request_headers, 'utf-8'),
+            (bytes_example_request_headers, None),
+            (extended_request_headers, 'utf-8'),
+            (bytes_extended_request_headers, None),
+        )
+    )
+    def test_header_tuples_are_decoded_request(self,
+                                               headers,
+                                               encoding,
+                                               frame_factory):
+        """
+        The indexing status of the header is preserved when emitting
+        RequestReceived events.
+        """
+        config = h2.config.H2Configuration(
+            client_side=False, header_encoding=encoding
+        )
+        c = h2.connection.H2Connection(config=config)
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_headers_frame(headers)
+        data = f.serialize()
+        events = c.receive_data(data)
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.RequestReceived)
+        assert_header_blocks_actually_equal(headers, event.headers)
+
+    @pytest.mark.parametrize(
+        'headers,encoding', (
+            (example_response_headers, 'utf-8'),
+            (bytes_example_response_headers, None),
+            (extended_response_headers, 'utf-8'),
+            (bytes_extended_response_headers, None),
+        )
+    )
+    def test_header_tuples_are_decoded_response(self,
+                                                headers,
+                                                encoding,
+                                                frame_factory):
+        """
+        The indexing status of the header is preserved when emitting
+        ResponseReceived events.
+        """
+        config = h2.config.H2Configuration(
+            header_encoding=encoding
+        )
+        c = h2.connection.H2Connection(config=config)
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+
+        f = frame_factory.build_headers_frame(headers)
+        data = f.serialize()
+        events = c.receive_data(data)
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.ResponseReceived)
+        assert_header_blocks_actually_equal(headers, event.headers)
+
+    @pytest.mark.parametrize(
+        'headers,encoding', (
+            (example_response_headers, 'utf-8'),
+            (bytes_example_response_headers, None),
+            (extended_response_headers, 'utf-8'),
+            (bytes_extended_response_headers, None),
+        )
+    )
+    def test_header_tuples_are_decoded_info_response(self,
+                                                     headers,
+                                                     encoding,
+                                                     frame_factory):
+        """
+        The indexing status of the header is preserved when emitting
+        InformationalResponseReceived events.
+        """
+        # Manipulate the headers to send 100 Continue. We need to copy the list
+        # to avoid breaking the example headers.
+        headers = headers[:]
+        if encoding:
+            headers[0] = HeaderTuple(u':status', u'100')
+        else:
+            headers[0] = HeaderTuple(b':status', b'100')
+
+        config = h2.config.H2Configuration(
+            header_encoding=encoding
+        )
+        c = h2.connection.H2Connection(config=config)
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+
+        f = frame_factory.build_headers_frame(headers)
+        data = f.serialize()
+        events = c.receive_data(data)
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.InformationalResponseReceived)
+        assert_header_blocks_actually_equal(headers, event.headers)
+
+    @pytest.mark.parametrize(
+        'headers,encoding', (
+            (example_response_headers, 'utf-8'),
+            (bytes_example_response_headers, None),
+            (extended_response_headers, 'utf-8'),
+            (bytes_extended_response_headers, None),
+        )
+    )
+    def test_header_tuples_are_decoded_trailers(self,
+                                                headers,
+                                                encoding,
+                                                frame_factory):
+        """
+        The indexing status of the header is preserved when emitting
+        TrailersReceived events.
+        """
+        # Manipulate the headers to remove the status, which shouldn't be in
+        # the trailers. We need to copy the list to avoid breaking the example
+        # headers.
+        headers = headers[1:]
+
+        config = h2.config.H2Configuration(
+            header_encoding=encoding
+        )
+        c = h2.connection.H2Connection(config=config)
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+        f = frame_factory.build_headers_frame(self.example_response_headers)
+        data = f.serialize()
+        c.receive_data(data)
+
+        f = frame_factory.build_headers_frame(headers, flags=['END_STREAM'])
+        data = f.serialize()
+        events = c.receive_data(data)
+
+        assert len(events) == 2
+        event = events[0]
+
+        assert isinstance(event, h2.events.TrailersReceived)
+        assert_header_blocks_actually_equal(headers, event.headers)
+
+    @pytest.mark.parametrize(
+        'headers,encoding', (
+            (example_request_headers, 'utf-8'),
+            (bytes_example_request_headers, None),
+            (extended_request_headers, 'utf-8'),
+            (bytes_extended_request_headers, None),
+        )
+    )
+    def test_header_tuples_are_decoded_push_promise(self,
+                                                    headers,
+                                                    encoding,
+                                                    frame_factory):
+        """
+        The indexing status of the header is preserved when emitting
+        PushedStreamReceived events.
+        """
+        config = h2.config.H2Configuration(
+            header_encoding=encoding
+        )
+        c = h2.connection.H2Connection(config=config)
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+
+        f = frame_factory.build_push_promise_frame(
+            stream_id=1,
+            promised_stream_id=2,
+            headers=headers,
+            flags=['END_HEADERS'],
+        )
+        data = f.serialize()
+        events = c.receive_data(data)
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.PushedStreamReceived)
+        assert_header_blocks_actually_equal(headers, event.headers)
+
+
+class TestSecureHeaders(object):
+    """
+    Certain headers should always be transformed to their never-indexed form.
+    """
+    example_request_headers = [
+        (u':authority', u'example.com'),
+        (u':path', u'/'),
+        (u':scheme', u'https'),
+        (u':method', u'GET'),
+    ]
+    bytes_example_request_headers = [
+        (b':authority', b'example.com'),
+        (b':path', b'/'),
+        (b':scheme', b'https'),
+        (b':method', b'GET'),
+    ]
+    possible_auth_headers = [
+        (u'authorization', u'test'),
+        (u'Authorization', u'test'),
+        (u'authorization', u'really long test'),
+        HeaderTuple(u'authorization', u'test'),
+        HeaderTuple(u'Authorization', u'test'),
+        HeaderTuple(u'authorization', u'really long test'),
+        NeverIndexedHeaderTuple(u'authorization', u'test'),
+        NeverIndexedHeaderTuple(u'Authorization', u'test'),
+        NeverIndexedHeaderTuple(u'authorization', u'really long test'),
+        (b'authorization', b'test'),
+        (b'Authorization', b'test'),
+        (b'authorization', b'really long test'),
+        HeaderTuple(b'authorization', b'test'),
+        HeaderTuple(b'Authorization', b'test'),
+        HeaderTuple(b'authorization', b'really long test'),
+        NeverIndexedHeaderTuple(b'authorization', b'test'),
+        NeverIndexedHeaderTuple(b'Authorization', b'test'),
+        NeverIndexedHeaderTuple(b'authorization', b'really long test'),
+        (u'proxy-authorization', u'test'),
+        (u'Proxy-Authorization', u'test'),
+        (u'proxy-authorization', u'really long test'),
+        HeaderTuple(u'proxy-authorization', u'test'),
+        HeaderTuple(u'Proxy-Authorization', u'test'),
+        HeaderTuple(u'proxy-authorization', u'really long test'),
+        NeverIndexedHeaderTuple(u'proxy-authorization', u'test'),
+        NeverIndexedHeaderTuple(u'Proxy-Authorization', u'test'),
+        NeverIndexedHeaderTuple(u'proxy-authorization', u'really long test'),
+        (b'proxy-authorization', b'test'),
+        (b'Proxy-Authorization', b'test'),
+        (b'proxy-authorization', b'really long test'),
+        HeaderTuple(b'proxy-authorization', b'test'),
+        HeaderTuple(b'Proxy-Authorization', b'test'),
+        HeaderTuple(b'proxy-authorization', b'really long test'),
+        NeverIndexedHeaderTuple(b'proxy-authorization', b'test'),
+        NeverIndexedHeaderTuple(b'Proxy-Authorization', b'test'),
+        NeverIndexedHeaderTuple(b'proxy-authorization', b'really long test'),
+    ]
+    secured_cookie_headers = [
+        (u'cookie', u'short'),
+        (u'Cookie', u'short'),
+        (u'cookie', u'nineteen byte cooki'),
+        HeaderTuple(u'cookie', u'short'),
+        HeaderTuple(u'Cookie', u'short'),
+        HeaderTuple(u'cookie', u'nineteen byte cooki'),
+        NeverIndexedHeaderTuple(u'cookie', u'short'),
+        NeverIndexedHeaderTuple(u'Cookie', u'short'),
+        NeverIndexedHeaderTuple(u'cookie', u'nineteen byte cooki'),
+        NeverIndexedHeaderTuple(u'cookie', u'longer manually secured cookie'),
+        (b'cookie', b'short'),
+        (b'Cookie', b'short'),
+        (b'cookie', b'nineteen byte cooki'),
+        HeaderTuple(b'cookie', b'short'),
+        HeaderTuple(b'Cookie', b'short'),
+        HeaderTuple(b'cookie', b'nineteen byte cooki'),
+        NeverIndexedHeaderTuple(b'cookie', b'short'),
+        NeverIndexedHeaderTuple(b'Cookie', b'short'),
+        NeverIndexedHeaderTuple(b'cookie', b'nineteen byte cooki'),
+        NeverIndexedHeaderTuple(b'cookie', b'longer manually secured cookie'),
+    ]
+    unsecured_cookie_headers = [
+        (u'cookie', u'twenty byte cookie!!'),
+        (u'Cookie', u'twenty byte cookie!!'),
+        (u'cookie', u'substantially longer than 20 byte cookie'),
+        HeaderTuple(u'cookie', u'twenty byte cookie!!'),
+        HeaderTuple(u'cookie', u'twenty byte cookie!!'),
+        HeaderTuple(u'Cookie', u'twenty byte cookie!!'),
+        (b'cookie', b'twenty byte cookie!!'),
+        (b'Cookie', b'twenty byte cookie!!'),
+        (b'cookie', b'substantially longer than 20 byte cookie'),
+        HeaderTuple(b'cookie', b'twenty byte cookie!!'),
+        HeaderTuple(b'cookie', b'twenty byte cookie!!'),
+        HeaderTuple(b'Cookie', b'twenty byte cookie!!'),
+    ]
+
+    server_config = h2.config.H2Configuration(client_side=False)
+
+    @pytest.mark.parametrize(
+        'headers', (example_request_headers, bytes_example_request_headers)
+    )
+    @pytest.mark.parametrize('auth_header', possible_auth_headers)
+    def test_authorization_headers_never_indexed(self,
+                                                 headers,
+                                                 auth_header,
+                                                 frame_factory):
+        """
+        Authorization and Proxy-Authorization headers are always forced to be
+        never-indexed, regardless of their form.
+        """
+        # Regardless of what we send, we expect it to be never indexed.
+        send_headers = headers + [auth_header]
+        expected_headers = headers + [
+            NeverIndexedHeaderTuple(auth_header[0].lower(), auth_header[1])
+        ]
+
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+
+        # Clear the data, then send headers.
+        c.clear_outbound_data_buffer()
+        c.send_headers(1, send_headers)
+
+        f = frame_factory.build_headers_frame(headers=expected_headers)
+        assert c.data_to_send() == f.serialize()
+
+    @pytest.mark.parametrize(
+        'headers', (example_request_headers, bytes_example_request_headers)
+    )
+    @pytest.mark.parametrize('auth_header', possible_auth_headers)
+    def test_authorization_headers_never_indexed_push(self,
+                                                      headers,
+                                                      auth_header,
+                                                      frame_factory):
+        """
+        Authorization and Proxy-Authorization headers are always forced to be
+        never-indexed, regardless of their form, when pushed by a server.
+        """
+        # Regardless of what we send, we expect it to be never indexed.
+        send_headers = headers + [auth_header]
+        expected_headers = headers + [
+            NeverIndexedHeaderTuple(auth_header[0].lower(), auth_header[1])
+        ]
+
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+
+        # We can use normal headers for the request.
+        f = frame_factory.build_headers_frame(
+            self.example_request_headers
+        )
+        c.receive_data(f.serialize())
+
+        frame_factory.refresh_encoder()
+        expected_frame = frame_factory.build_push_promise_frame(
+            stream_id=1,
+            promised_stream_id=2,
+            headers=expected_headers,
+            flags=['END_HEADERS'],
+        )
+
+        c.clear_outbound_data_buffer()
+        c.push_stream(
+            stream_id=1,
+            promised_stream_id=2,
+            request_headers=send_headers
+        )
+
+        assert c.data_to_send() == expected_frame.serialize()
+
+    @pytest.mark.parametrize(
+        'headers', (example_request_headers, bytes_example_request_headers)
+    )
+    @pytest.mark.parametrize('cookie_header', secured_cookie_headers)
+    def test_short_cookie_headers_never_indexed(self,
+                                                headers,
+                                                cookie_header,
+                                                frame_factory):
+        """
+        Short cookie headers, and cookies provided as NeverIndexedHeaderTuple,
+        are never indexed.
+        """
+        # Regardless of what we send, we expect it to be never indexed.
+        send_headers = headers + [cookie_header]
+        expected_headers = headers + [
+            NeverIndexedHeaderTuple(cookie_header[0].lower(), cookie_header[1])
+        ]
+
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+
+        # Clear the data, then send headers.
+        c.clear_outbound_data_buffer()
+        c.send_headers(1, send_headers)
+
+        f = frame_factory.build_headers_frame(headers=expected_headers)
+        assert c.data_to_send() == f.serialize()
+
+    @pytest.mark.parametrize(
+        'headers', (example_request_headers, bytes_example_request_headers)
+    )
+    @pytest.mark.parametrize('cookie_header', secured_cookie_headers)
+    def test_short_cookie_headers_never_indexed_push(self,
+                                                     headers,
+                                                     cookie_header,
+                                                     frame_factory):
+        """
+        Short cookie headers, and cookies provided as NeverIndexedHeaderTuple,
+        are never indexed when pushed by servers.
+        """
+        # Regardless of what we send, we expect it to be never indexed.
+        send_headers = headers + [cookie_header]
+        expected_headers = headers + [
+            NeverIndexedHeaderTuple(cookie_header[0].lower(), cookie_header[1])
+        ]
+
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+
+        # We can use normal headers for the request.
+        f = frame_factory.build_headers_frame(
+            self.example_request_headers
+        )
+        c.receive_data(f.serialize())
+
+        frame_factory.refresh_encoder()
+        expected_frame = frame_factory.build_push_promise_frame(
+            stream_id=1,
+            promised_stream_id=2,
+            headers=expected_headers,
+            flags=['END_HEADERS'],
+        )
+
+        c.clear_outbound_data_buffer()
+        c.push_stream(
+            stream_id=1,
+            promised_stream_id=2,
+            request_headers=send_headers
+        )
+
+        assert c.data_to_send() == expected_frame.serialize()
+
+    @pytest.mark.parametrize(
+        'headers', (example_request_headers, bytes_example_request_headers)
+    )
+    @pytest.mark.parametrize('cookie_header', unsecured_cookie_headers)
+    def test_long_cookie_headers_can_be_indexed(self,
+                                                headers,
+                                                cookie_header,
+                                                frame_factory):
+        """
+        Longer cookie headers can be indexed.
+        """
+        # Regardless of what we send, we expect it to be indexed.
+        send_headers = headers + [cookie_header]
+        expected_headers = headers + [
+            HeaderTuple(cookie_header[0].lower(), cookie_header[1])
+        ]
+
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+
+        # Clear the data, then send headers.
+        c.clear_outbound_data_buffer()
+        c.send_headers(1, send_headers)
+
+        f = frame_factory.build_headers_frame(headers=expected_headers)
+        assert c.data_to_send() == f.serialize()
+
+    @pytest.mark.parametrize(
+        'headers', (example_request_headers, bytes_example_request_headers)
+    )
+    @pytest.mark.parametrize('cookie_header', unsecured_cookie_headers)
+    def test_long_cookie_headers_can_be_indexed_push(self,
+                                                     headers,
+                                                     cookie_header,
+                                                     frame_factory):
+        """
+        Longer cookie headers can be indexed.
+        """
+        # Regardless of what we send, we expect it to be never indexed.
+        send_headers = headers + [cookie_header]
+        expected_headers = headers + [
+            HeaderTuple(cookie_header[0].lower(), cookie_header[1])
+        ]
+
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+
+        # We can use normal headers for the request.
+        f = frame_factory.build_headers_frame(
+            self.example_request_headers
+        )
+        c.receive_data(f.serialize())
+
+        frame_factory.refresh_encoder()
+        expected_frame = frame_factory.build_push_promise_frame(
+            stream_id=1,
+            promised_stream_id=2,
+            headers=expected_headers,
+            flags=['END_HEADERS'],
+        )
+
+        c.clear_outbound_data_buffer()
+        c.push_stream(
+            stream_id=1,
+            promised_stream_id=2,
+            request_headers=send_headers
+        )
+
+        assert c.data_to_send() == expected_frame.serialize()
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_informational_responses.py b/testing/web-platform/tests/tools/third_party/h2/test/test_informational_responses.py
new file mode 100644
index 0000000000..e18c44bcb4
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_informational_responses.py
@@ -0,0 +1,444 @@
+# -*- coding: utf-8 -*-
+"""
+test_informational_responses
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Tests that validate that hyper-h2 correctly handles informational (1XX)
+responses in its state machine.
+"""
+import pytest
+
+import h2.config
+import h2.connection
+import h2.events
+import h2.exceptions
+
+
+class TestReceivingInformationalResponses(object):
+    """
+    Tests for receiving informational responses.
+    """
+    example_request_headers = [
+        (b':authority', b'example.com'),
+        (b':path', b'/'),
+        (b':scheme', b'https'),
+        (b':method', b'GET'),
+        (b'expect', b'100-continue'),
+    ]
+    example_informational_headers = [
+        (b':status', b'100'),
+        (b'server', b'fake-serv/0.1.0')
+    ]
+    example_response_headers = [
+        (b':status', b'200'),
+        (b'server', b'fake-serv/0.1.0')
+    ]
+    example_trailers = [
+        (b'trailer', b'you-bet'),
+    ]
+
+    @pytest.mark.parametrize('end_stream', (True, False))
+    def test_single_informational_response(self, frame_factory, end_stream):
+        """
+        When receiving a informational response, the appropriate event is
+        signaled.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(
+            stream_id=1,
+            headers=self.example_request_headers,
+            end_stream=end_stream
+        )
+
+        f = frame_factory.build_headers_frame(
+            headers=self.example_informational_headers,
+            stream_id=1,
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.InformationalResponseReceived)
+        assert event.headers == self.example_informational_headers
+        assert event.stream_id == 1
+
+    @pytest.mark.parametrize('end_stream', (True, False))
+    def test_receiving_multiple_header_blocks(self, frame_factory, end_stream):
+        """
+        At least three header blocks can be received: informational, headers,
+        trailers.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(
+            stream_id=1,
+            headers=self.example_request_headers,
+            end_stream=end_stream
+        )
+
+        f1 = frame_factory.build_headers_frame(
+            headers=self.example_informational_headers,
+            stream_id=1,
+        )
+        f2 = frame_factory.build_headers_frame(
+            headers=self.example_response_headers,
+            stream_id=1,
+        )
+        f3 = frame_factory.build_headers_frame(
+            headers=self.example_trailers,
+            stream_id=1,
+            flags=['END_STREAM'],
+        )
+        events = c.receive_data(
+            f1.serialize() + f2.serialize() + f3.serialize()
+        )
+
+        assert len(events) == 4
+
+        assert isinstance(events[0], h2.events.InformationalResponseReceived)
+        assert events[0].headers == self.example_informational_headers
+        assert events[0].stream_id == 1
+
+        assert isinstance(events[1], h2.events.ResponseReceived)
+        assert events[1].headers == self.example_response_headers
+        assert events[1].stream_id == 1
+
+        assert isinstance(events[2], h2.events.TrailersReceived)
+        assert events[2].headers == self.example_trailers
+        assert events[2].stream_id == 1
+
+    @pytest.mark.parametrize('end_stream', (True, False))
+    def test_receiving_multiple_informational_responses(self,
+                                                        frame_factory,
+                                                        end_stream):
+        """
+        More than one informational response is allowed.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(
+            stream_id=1,
+            headers=self.example_request_headers,
+            end_stream=end_stream
+        )
+
+        f1 = frame_factory.build_headers_frame(
+            headers=self.example_informational_headers,
+            stream_id=1,
+        )
+        f2 = frame_factory.build_headers_frame(
+            headers=[(':status', '101')],
+            stream_id=1,
+        )
+        events = c.receive_data(f1.serialize() + f2.serialize())
+
+        assert len(events) == 2
+
+        assert isinstance(events[0], h2.events.InformationalResponseReceived)
+        assert events[0].headers == self.example_informational_headers
+        assert events[0].stream_id == 1
+
+        assert isinstance(events[1], h2.events.InformationalResponseReceived)
+        assert events[1].headers == [(b':status', b'101')]
+        assert events[1].stream_id == 1
+
+    @pytest.mark.parametrize('end_stream', (True, False))
+    def test_receive_provisional_response_with_end_stream(self,
+                                                          frame_factory,
+                                                          end_stream):
+        """
+        Receiving provisional responses with END_STREAM set causes
+        ProtocolErrors.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(
+            stream_id=1,
+            headers=self.example_request_headers,
+            end_stream=end_stream
+        )
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_headers_frame(
+            headers=self.example_informational_headers,
+            stream_id=1,
+            flags=['END_STREAM']
+        )
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(f.serialize())
+
+        expected = frame_factory.build_goaway_frame(
+            last_stream_id=0,
+            error_code=1,
+        )
+        assert c.data_to_send() == expected.serialize()
+
+    @pytest.mark.parametrize('end_stream', (True, False))
+    def test_receiving_out_of_order_headers(self, frame_factory, end_stream):
+        """
+        When receiving a informational response after the actual response
+        headers we consider it a ProtocolError and raise it.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(
+            stream_id=1,
+            headers=self.example_request_headers,
+            end_stream=end_stream
+        )
+
+        f1 = frame_factory.build_headers_frame(
+            headers=self.example_response_headers,
+            stream_id=1,
+        )
+        f2 = frame_factory.build_headers_frame(
+            headers=self.example_informational_headers,
+            stream_id=1,
+        )
+        c.receive_data(f1.serialize())
+        c.clear_outbound_data_buffer()
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(f2.serialize())
+
+        expected = frame_factory.build_goaway_frame(
+            last_stream_id=0,
+            error_code=1,
+        )
+        assert c.data_to_send() == expected.serialize()
+
+
+class TestSendingInformationalResponses(object):
+    """
+    Tests for sending informational responses.
+    """
+    example_request_headers = [
+        (b':authority', b'example.com'),
+        (b':path', b'/'),
+        (b':scheme', b'https'),
+        (b':method', b'GET'),
+        (b'expect', b'100-continue'),
+    ]
+    unicode_informational_headers = [
+        (u':status', u'100'),
+        (u'server', u'fake-serv/0.1.0')
+    ]
+    bytes_informational_headers = [
+        (b':status', b'100'),
+        (b'server', b'fake-serv/0.1.0')
+    ]
+    example_response_headers = [
+        (b':status', b'200'),
+        (b'server', b'fake-serv/0.1.0')
+    ]
+    example_trailers = [
+        (b'trailer', b'you-bet'),
+    ]
+    server_config = h2.config.H2Configuration(client_side=False)
+
+    @pytest.mark.parametrize(
+        'hdrs', (unicode_informational_headers, bytes_informational_headers),
+    )
+    @pytest.mark.parametrize('end_stream', (True, False))
+    def test_single_informational_response(self,
+                                           frame_factory,
+                                           hdrs,
+                                           end_stream):
+        """
+        When sending a informational response, the appropriate frames are
+        emitted.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        flags = ['END_STREAM'] if end_stream else []
+        f = frame_factory.build_headers_frame(
+            headers=self.example_request_headers,
+            stream_id=1,
+            flags=flags,
+        )
+        c.receive_data(f.serialize())
+        c.clear_outbound_data_buffer()
+        frame_factory.refresh_encoder()
+
+        c.send_headers(
+            stream_id=1,
+            headers=hdrs
+        )
+
+        f = frame_factory.build_headers_frame(
+            headers=hdrs,
+            stream_id=1,
+        )
+        assert c.data_to_send() == f.serialize()
+
+    @pytest.mark.parametrize(
+        'hdrs', (unicode_informational_headers, bytes_informational_headers),
+    )
+    @pytest.mark.parametrize('end_stream', (True, False))
+    def test_sending_multiple_header_blocks(self,
+                                            frame_factory,
+                                            hdrs,
+                                            end_stream):
+        """
+        At least three header blocks can be sent: informational, headers,
+        trailers.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        flags = ['END_STREAM'] if end_stream else []
+        f = frame_factory.build_headers_frame(
+            headers=self.example_request_headers,
+            stream_id=1,
+            flags=flags,
+        )
+        c.receive_data(f.serialize())
+        c.clear_outbound_data_buffer()
+        frame_factory.refresh_encoder()
+
+        # Send the three header blocks.
+        c.send_headers(
+            stream_id=1,
+            headers=hdrs
+        )
+        c.send_headers(
+            stream_id=1,
+            headers=self.example_response_headers
+        )
+        c.send_headers(
+            stream_id=1,
+            headers=self.example_trailers,
+            end_stream=True
+        )
+
+        # Check that we sent them properly.
+        f1 = frame_factory.build_headers_frame(
+            headers=hdrs,
+            stream_id=1,
+        )
+        f2 = frame_factory.build_headers_frame(
+            headers=self.example_response_headers,
+            stream_id=1,
+        )
+        f3 = frame_factory.build_headers_frame(
+            headers=self.example_trailers,
+            stream_id=1,
+            flags=['END_STREAM']
+        )
+        assert (
+            c.data_to_send() ==
+            f1.serialize() + f2.serialize() + f3.serialize()
+        )
+
+    @pytest.mark.parametrize(
+        'hdrs', (unicode_informational_headers, bytes_informational_headers),
+    )
+    @pytest.mark.parametrize('end_stream', (True, False))
+    def test_sending_multiple_informational_responses(self,
+                                                      frame_factory,
+                                                      hdrs,
+                                                      end_stream):
+        """
+        More than one informational response is allowed.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        flags = ['END_STREAM'] if end_stream else []
+        f = frame_factory.build_headers_frame(
+            headers=self.example_request_headers,
+            stream_id=1,
+            flags=flags,
+        )
+        c.receive_data(f.serialize())
+        c.clear_outbound_data_buffer()
+        frame_factory.refresh_encoder()
+
+        # Send two informational responses.
+        c.send_headers(
+            stream_id=1,
+            headers=hdrs,
+        )
+        c.send_headers(
+            stream_id=1,
+            headers=[(':status', '101')]
+        )
+
+        # Check we sent them both.
+        f1 = frame_factory.build_headers_frame(
+            headers=hdrs,
+            stream_id=1,
+        )
+        f2 = frame_factory.build_headers_frame(
+            headers=[(':status', '101')],
+            stream_id=1,
+        )
+        assert c.data_to_send() == f1.serialize() + f2.serialize()
+
+    @pytest.mark.parametrize(
+        'hdrs', (unicode_informational_headers, bytes_informational_headers),
+    )
+    @pytest.mark.parametrize('end_stream', (True, False))
+    def test_send_provisional_response_with_end_stream(self,
+                                                       frame_factory,
+                                                       hdrs,
+                                                       end_stream):
+        """
+        Sending provisional responses with END_STREAM set causes
+        ProtocolErrors.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        flags = ['END_STREAM'] if end_stream else []
+        f = frame_factory.build_headers_frame(
+            headers=self.example_request_headers,
+            stream_id=1,
+            flags=flags,
+        )
+        c.receive_data(f.serialize())
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.send_headers(
+                stream_id=1,
+                headers=hdrs,
+                end_stream=True,
+            )
+
+    @pytest.mark.parametrize(
+        'hdrs', (unicode_informational_headers, bytes_informational_headers),
+    )
+    @pytest.mark.parametrize('end_stream', (True, False))
+    def test_reject_sending_out_of_order_headers(self,
+                                                 frame_factory,
+                                                 hdrs,
+                                                 end_stream):
+        """
+        When sending an informational response after the actual response
+        headers we consider it a ProtocolError and raise it.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        flags = ['END_STREAM'] if end_stream else []
+        f = frame_factory.build_headers_frame(
+            headers=self.example_request_headers,
+            stream_id=1,
+            flags=flags,
+        )
+        c.receive_data(f.serialize())
+
+        c.send_headers(
+            stream_id=1,
+            headers=self.example_response_headers
+        )
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.send_headers(
+                stream_id=1,
+                headers=hdrs
+            )
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_interacting_stacks.py b/testing/web-platform/tests/tools/third_party/h2/test/test_interacting_stacks.py
new file mode 100644
index 0000000000..90776829c8
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_interacting_stacks.py
@@ -0,0 +1,120 @@
+# -*- coding: utf-8 -*-
+"""
+test_interacting_stacks
+~~~~~~~~~~~~~~~~~~~~~~~
+
+These tests run two entities, a client and a server, in parallel threads. These
+two entities talk to each other, running what amounts to a number of carefully
+controlled simulations of real flows.
+
+This is to ensure that the stack as a whole behaves intelligently in both
+client and server cases.
+
+These tests are long, complex, and somewhat brittle, so they aren't in general
+recommended for writing the majority of test cases. Their purposes is primarily
+to validate that the top-level API of the library behaves as described.
+
+We should also consider writing helper functions to reduce the complexity of
+these tests, so that they can be written more easily, as they are remarkably
+useful.
+"""
+import coroutine_tests
+
+import h2.config
+import h2.connection
+import h2.events
+import h2.settings
+
+
+class TestCommunication(coroutine_tests.CoroutineTestCase):
+    """
+    Test that two communicating state machines can work together.
+    """
+    server_config = h2.config.H2Configuration(client_side=False)
+
+    def test_basic_request_response(self):
+        """
+        A request issued by hyper-h2 can be responded to by hyper-h2.
+        """
+        request_headers = [
+            (b':method', b'GET'),
+            (b':path', b'/'),
+            (b':authority', b'example.com'),
+            (b':scheme', b'https'),
+            (b'user-agent', b'test-client/0.1.0'),
+        ]
+        response_headers = [
+            (b':status', b'204'),
+            (b'server', b'test-server/0.1.0'),
+            (b'content-length', b'0'),
+        ]
+
+        def client():
+            c = h2.connection.H2Connection()
+
+            # Do the handshake. First send the preamble.
+            c.initiate_connection()
+            data = yield c.data_to_send()
+
+            # Next, handle the remote preamble.
+            events = c.receive_data(data)
+            assert len(events) == 2
+            assert isinstance(events[0], h2.events.SettingsAcknowledged)
+            assert isinstance(events[1], h2.events.RemoteSettingsChanged)
+            changed = events[1].changed_settings
+            assert (
+                changed[
+                    h2.settings.SettingCodes.MAX_CONCURRENT_STREAMS
+                ].new_value == 100
+            )
+
+            # Send a request.
+            events = c.send_headers(1, request_headers, end_stream=True)
+            assert not events
+            data = yield c.data_to_send()
+
+            # Validate the response.
+            events = c.receive_data(data)
+            assert len(events) == 2
+            assert isinstance(events[0], h2.events.ResponseReceived)
+            assert events[0].stream_id == 1
+            assert events[0].headers == response_headers
+            assert isinstance(events[1], h2.events.StreamEnded)
+            assert events[1].stream_id == 1
+
+        @self.server
+        def server():
+            c = h2.connection.H2Connection(config=self.server_config)
+
+            # First, read for the preamble.
+            data = yield
+            events = c.receive_data(data)
+            assert len(events) == 1
+            assert isinstance(events[0], h2.events.RemoteSettingsChanged)
+            changed = events[0].changed_settings
+            assert (
+                changed[
+                    h2.settings.SettingCodes.MAX_CONCURRENT_STREAMS
+                ].new_value == 100
+            )
+
+            # Send our preamble back.
+            c.initiate_connection()
+            data = yield c.data_to_send()
+
+            # Listen for the request.
+            events = c.receive_data(data)
+            assert len(events) == 3
+            assert isinstance(events[0], h2.events.SettingsAcknowledged)
+            assert isinstance(events[1], h2.events.RequestReceived)
+            assert events[1].stream_id == 1
+            assert events[1].headers == request_headers
+            assert isinstance(events[2], h2.events.StreamEnded)
+            assert events[2].stream_id == 1
+
+            # Send our response.
+            events = c.send_headers(1, response_headers, end_stream=True)
+            assert not events
+            yield c.data_to_send()
+
+        self.run_until_complete(client(), server())
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_invalid_content_lengths.py b/testing/web-platform/tests/tools/third_party/h2/test/test_invalid_content_lengths.py
new file mode 100644
index 0000000000..fe682fcc27
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_invalid_content_lengths.py
@@ -0,0 +1,136 @@
+# -*- coding: utf-8 -*-
+"""
+test_invalid_content_lengths.py
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This module contains tests that use invalid content lengths, and validates that
+they fail appropriately.
+"""
+import pytest
+
+import h2.config
+import h2.connection
+import h2.errors
+import h2.events
+import h2.exceptions
+
+
+class TestInvalidContentLengths(object):
+    """
+    Hyper-h2 raises Protocol Errors when the content-length sent by a remote
+    peer is not valid.
+    """
+    example_request_headers = [
+        (':authority', 'example.com'),
+        (':path', '/'),
+        (':scheme', 'https'),
+        (':method', 'POST'),
+        ('content-length', '15'),
+    ]
+    example_response_headers = [
+        (':status', '200'),
+        ('server', 'fake-serv/0.1.0')
+    ]
+    server_config = h2.config.H2Configuration(client_side=False)
+
+    def test_too_much_data(self, frame_factory):
+        """
+        Remote peers sending data in excess of content-length causes Protocol
+        Errors.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        headers = frame_factory.build_headers_frame(
+            headers=self.example_request_headers
+        )
+        first_data = frame_factory.build_data_frame(data=b'\x01'*15)
+        c.receive_data(headers.serialize() + first_data.serialize())
+        c.clear_outbound_data_buffer()
+
+        second_data = frame_factory.build_data_frame(data=b'\x01')
+        with pytest.raises(h2.exceptions.InvalidBodyLengthError) as exp:
+            c.receive_data(second_data.serialize())
+
+        assert exp.value.expected_length == 15
+        assert exp.value.actual_length == 16
+        assert str(exp.value) == (
+            "InvalidBodyLengthError: Expected 15 bytes, received 16"
+        )
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=1,
+            error_code=h2.errors.ErrorCodes.PROTOCOL_ERROR,
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_insufficient_data(self, frame_factory):
+        """
+        Remote peers sending less data than content-length causes Protocol
+        Errors.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        headers = frame_factory.build_headers_frame(
+            headers=self.example_request_headers
+        )
+        first_data = frame_factory.build_data_frame(data=b'\x01'*13)
+        c.receive_data(headers.serialize() + first_data.serialize())
+        c.clear_outbound_data_buffer()
+
+        second_data = frame_factory.build_data_frame(
+            data=b'\x01',
+            flags=['END_STREAM'],
+        )
+        with pytest.raises(h2.exceptions.InvalidBodyLengthError) as exp:
+            c.receive_data(second_data.serialize())
+
+        assert exp.value.expected_length == 15
+        assert exp.value.actual_length == 14
+        assert str(exp.value) == (
+            "InvalidBodyLengthError: Expected 15 bytes, received 14"
+        )
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=1,
+            error_code=h2.errors.ErrorCodes.PROTOCOL_ERROR,
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_insufficient_data_empty_frame(self, frame_factory):
+        """
+        Remote peers sending less data than content-length where the last data
+        frame is empty causes Protocol Errors.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        headers = frame_factory.build_headers_frame(
+            headers=self.example_request_headers
+        )
+        first_data = frame_factory.build_data_frame(data=b'\x01'*14)
+        c.receive_data(headers.serialize() + first_data.serialize())
+        c.clear_outbound_data_buffer()
+
+        second_data = frame_factory.build_data_frame(
+            data=b'',
+            flags=['END_STREAM'],
+        )
+        with pytest.raises(h2.exceptions.InvalidBodyLengthError) as exp:
+            c.receive_data(second_data.serialize())
+
+        assert exp.value.expected_length == 15
+        assert exp.value.actual_length == 14
+        assert str(exp.value) == (
+            "InvalidBodyLengthError: Expected 15 bytes, received 14"
+        )
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=1,
+            error_code=h2.errors.ErrorCodes.PROTOCOL_ERROR,
+        )
+        assert c.data_to_send() == expected_frame.serialize()
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_invalid_frame_sequences.py b/testing/web-platform/tests/tools/third_party/h2/test/test_invalid_frame_sequences.py
new file mode 100644
index 0000000000..12b70c4a6b
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_invalid_frame_sequences.py
@@ -0,0 +1,488 @@
+# -*- coding: utf-8 -*-
+"""
+test_invalid_frame_sequences.py
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+This module contains tests that use invalid frame sequences, and validates that
+they fail appropriately.
+"""
+import pytest
+
+import h2.config
+import h2.connection
+import h2.errors
+import h2.events
+import h2.exceptions
+
+
+class TestInvalidFrameSequences(object):
+    """
+    Invalid frame sequences, either sent or received, cause ProtocolErrors to
+    be thrown.
+    """
+    example_request_headers = [
+        (':authority', 'example.com'),
+        (':path', '/'),
+        (':scheme', 'https'),
+        (':method', 'GET'),
+    ]
+    example_response_headers = [
+        (':status', '200'),
+        ('server', 'fake-serv/0.1.0')
+    ]
+    server_config = h2.config.H2Configuration(client_side=False)
+
+    def test_cannot_send_on_closed_stream(self):
+        """
+        When we've closed a stream locally, we cannot send further data.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers, end_stream=True)
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.send_data(1, b'some data')
+
+    def test_missing_preamble_errors(self):
+        """
+        Server side connections require the preamble.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        encoded_headers_frame = (
+            b'\x00\x00\r\x01\x04\x00\x00\x00\x01'
+            b'A\x88/\x91\xd3]\x05\\\x87\xa7\x84\x87\x82'
+        )
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(encoded_headers_frame)
+
+    def test_server_connections_reject_even_streams(self, frame_factory):
+        """
+        Servers do not allow clients to initiate even-numbered streams.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_headers_frame(
+            self.example_request_headers, stream_id=2
+        )
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(f.serialize())
+
+    def test_clients_reject_odd_stream_pushes(self, frame_factory):
+        """
+        Clients do not allow servers to push odd numbered streams.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(1, self.example_request_headers, end_stream=True)
+
+        f = frame_factory.build_push_promise_frame(
+            stream_id=1,
+            headers=self.example_request_headers,
+            promised_stream_id=3
+        )
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(f.serialize())
+
+    def test_can_handle_frames_with_invalid_padding(self, frame_factory):
+        """
+        Frames with invalid padding cause connection teardown.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_headers_frame(self.example_request_headers)
+        c.receive_data(f.serialize())
+        c.clear_outbound_data_buffer()
+
+        invalid_data_frame = (
+            b'\x00\x00\x05\x00\x0b\x00\x00\x00\x01\x06\x54\x65\x73\x74'
+        )
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(invalid_data_frame)
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=1, error_code=1
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_receiving_frames_with_insufficent_size(self, frame_factory):
+        """
+        Frames with not enough data cause connection teardown.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        invalid_window_update_frame = (
+            b'\x00\x00\x03\x08\x00\x00\x00\x00\x00\x00\x00\x02'
+        )
+
+        with pytest.raises(h2.exceptions.FrameDataMissingError):
+            c.receive_data(invalid_window_update_frame)
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=0, error_code=h2.errors.ErrorCodes.FRAME_SIZE_ERROR
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_reject_data_on_closed_streams(self, frame_factory):
+        """
+        When a stream is not open to the remote peer, we reject receiving data
+        frames from them.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_headers_frame(
+            self.example_request_headers,
+            flags=['END_STREAM']
+        )
+        c.receive_data(f.serialize())
+        c.clear_outbound_data_buffer()
+
+        bad_frame = frame_factory.build_data_frame(
+            data=b'some data'
+        )
+        c.receive_data(bad_frame.serialize())
+
+        expected = frame_factory.build_rst_stream_frame(
+            stream_id=1,
+            error_code=h2.errors.ErrorCodes.STREAM_CLOSED,
+        ).serialize()
+        assert c.data_to_send() == expected
+
+    def test_unexpected_continuation_on_closed_stream(self, frame_factory):
+        """
+        CONTINUATION frames received on closed streams cause connection errors
+        of type PROTOCOL_ERROR.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_headers_frame(
+            self.example_request_headers,
+            flags=['END_STREAM']
+        )
+        c.receive_data(f.serialize())
+        c.clear_outbound_data_buffer()
+
+        bad_frame = frame_factory.build_continuation_frame(
+            header_block=b'hello'
+        )
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(bad_frame.serialize())
+
+        expected_frame = frame_factory.build_goaway_frame(
+            error_code=h2.errors.ErrorCodes.PROTOCOL_ERROR,
+            last_stream_id=1
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_prevent_continuation_dos(self, frame_factory):
+        """
+        Receiving too many CONTINUATION frames in one block causes a protocol
+        error.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_headers_frame(
+            self.example_request_headers,
+        )
+        f.flags = {'END_STREAM'}
+        c.receive_data(f.serialize())
+        c.clear_outbound_data_buffer()
+
+        # Send 63 additional frames.
+        for _ in range(0, 63):
+            extra_frame = frame_factory.build_continuation_frame(
+                header_block=b'hello'
+            )
+            c.receive_data(extra_frame.serialize())
+
+        # The final continuation frame should cause a protocol error.
+        extra_frame = frame_factory.build_continuation_frame(
+            header_block=b'hello'
+        )
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(extra_frame.serialize())
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=0,
+            error_code=0x1,
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    # These settings are a bit annoyingly anonymous, but trust me, they're bad.
+    @pytest.mark.parametrize(
+        "settings",
+        [
+            {0x2: 5},
+            {0x4: 2**31},
+            {0x5: 5},
+            {0x5: 2**24},
+        ]
+    )
+    def test_reject_invalid_settings_values(self, frame_factory, settings):
+        """
+        When a SETTINGS frame is received with invalid settings values it
+        causes connection teardown with the appropriate error code.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_settings_frame(settings=settings)
+
+        with pytest.raises(h2.exceptions.InvalidSettingsValueError) as e:
+            c.receive_data(f.serialize())
+
+        assert e.value.error_code == (
+            h2.errors.ErrorCodes.FLOW_CONTROL_ERROR if 0x4 in settings else
+            h2.errors.ErrorCodes.PROTOCOL_ERROR
+        )
+
+    def test_invalid_frame_headers_are_protocol_errors(self, frame_factory):
+        """
+        When invalid frame headers are received they cause ProtocolErrors to be
+        raised.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_headers_frame(
+            headers=self.example_request_headers
+        )
+
+        # Do some annoying bit twiddling here: the stream ID is currently set
+        # to '1', change it to '0'. Grab the first 9 bytes (the frame header),
+        # replace any instances of the byte '\x01', and then graft it onto the
+        # remaining bytes.
+        frame_data = f.serialize()
+        frame_data = frame_data[:9].replace(b'\x01', b'\x00') + frame_data[9:]
+
+        with pytest.raises(h2.exceptions.ProtocolError) as e:
+            c.receive_data(frame_data)
+
+        assert "Stream ID must be non-zero" in str(e.value)
+
+    def test_get_stream_reset_event_on_auto_reset(self, frame_factory):
+        """
+        When hyper-h2 resets a stream automatically, a StreamReset event fires.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_headers_frame(
+            self.example_request_headers,
+            flags=['END_STREAM']
+        )
+        c.receive_data(f.serialize())
+        c.clear_outbound_data_buffer()
+
+        bad_frame = frame_factory.build_data_frame(
+            data=b'some data'
+        )
+        events = c.receive_data(bad_frame.serialize())
+
+        expected = frame_factory.build_rst_stream_frame(
+            stream_id=1,
+            error_code=h2.errors.ErrorCodes.STREAM_CLOSED,
+        ).serialize()
+        assert c.data_to_send() == expected
+
+        assert len(events) == 1
+        event = events[0]
+        assert isinstance(event, h2.events.StreamReset)
+        assert event.stream_id == 1
+        assert event.error_code == h2.errors.ErrorCodes.STREAM_CLOSED
+        assert not event.remote_reset
+
+    def test_one_one_stream_reset(self, frame_factory):
+        """
+        When hyper-h2 resets a stream automatically, a StreamReset event fires,
+        but only for the first reset: the others are silent.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_headers_frame(
+            self.example_request_headers,
+            flags=['END_STREAM']
+        )
+        c.receive_data(f.serialize())
+        c.clear_outbound_data_buffer()
+
+        bad_frame = frame_factory.build_data_frame(
+            data=b'some data'
+        )
+        # Receive 5 frames.
+        events = c.receive_data(bad_frame.serialize() * 5)
+
+        expected = frame_factory.build_rst_stream_frame(
+            stream_id=1,
+            error_code=h2.errors.ErrorCodes.STREAM_CLOSED,
+        ).serialize()
+        assert c.data_to_send() == expected * 5
+
+        assert len(events) == 1
+        event = events[0]
+        assert isinstance(event, h2.events.StreamReset)
+        assert event.stream_id == 1
+        assert event.error_code == h2.errors.ErrorCodes.STREAM_CLOSED
+        assert not event.remote_reset
+
+    @pytest.mark.parametrize('value', ['', 'twelve'])
+    def test_error_on_invalid_content_length(self, frame_factory, value):
+        """
+        When an invalid content-length is received, a ProtocolError is thrown.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_headers_frame(
+            stream_id=1,
+            headers=self.example_request_headers + [('content-length', value)]
+        )
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(f.serialize())
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=1,
+            error_code=h2.errors.ErrorCodes.PROTOCOL_ERROR
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_invalid_header_data_protocol_error(self, frame_factory):
+        """
+        If an invalid header block is received, we raise a ProtocolError.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_headers_frame(
+            stream_id=1,
+            headers=self.example_request_headers
+        )
+        f.data = b'\x00\x00\x00\x00'
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(f.serialize())
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=0,
+            error_code=h2.errors.ErrorCodes.PROTOCOL_ERROR
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_invalid_push_promise_data_protocol_error(self, frame_factory):
+        """
+        If an invalid header block is received on a PUSH_PROMISE, we raise a
+        ProtocolError.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_push_promise_frame(
+            stream_id=1,
+            promised_stream_id=2,
+            headers=self.example_request_headers
+        )
+        f.data = b'\x00\x00\x00\x00'
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(f.serialize())
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=0,
+            error_code=h2.errors.ErrorCodes.PROTOCOL_ERROR
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_cannot_receive_push_on_pushed_stream(self, frame_factory):
+        """
+        If a PUSH_PROMISE frame is received with the parent stream ID being a
+        pushed stream, this is rejected with a PROTOCOL_ERROR.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(
+            stream_id=1,
+            headers=self.example_request_headers,
+            end_stream=True
+        )
+
+        f1 = frame_factory.build_push_promise_frame(
+            stream_id=1,
+            promised_stream_id=2,
+            headers=self.example_request_headers,
+        )
+        f2 = frame_factory.build_headers_frame(
+            stream_id=2,
+            headers=self.example_response_headers,
+        )
+        c.receive_data(f1.serialize() + f2.serialize())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_push_promise_frame(
+            stream_id=2,
+            promised_stream_id=4,
+            headers=self.example_request_headers,
+        )
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(f.serialize())
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=2,
+            error_code=h2.errors.ErrorCodes.PROTOCOL_ERROR
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_cannot_send_push_on_pushed_stream(self, frame_factory):
+        """
+        If a user tries to send a PUSH_PROMISE frame with the parent stream ID
+        being a pushed stream, this is rejected with a PROTOCOL_ERROR.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        f = frame_factory.build_headers_frame(
+            stream_id=1, headers=self.example_request_headers
+        )
+        c.receive_data(f.serialize())
+
+        c.push_stream(
+            stream_id=1,
+            promised_stream_id=2,
+            request_headers=self.example_request_headers
+        )
+        c.send_headers(stream_id=2, headers=self.example_response_headers)
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.push_stream(
+                stream_id=2,
+                promised_stream_id=4,
+                request_headers=self.example_request_headers
+            )
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_invalid_headers.py b/testing/web-platform/tests/tools/third_party/h2/test/test_invalid_headers.py
new file mode 100644
index 0000000000..a379950733
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_invalid_headers.py
@@ -0,0 +1,952 @@
+# -*- coding: utf-8 -*-
+"""
+test_invalid_headers.py
+~~~~~~~~~~~~~~~~~~~~~~~
+
+This module contains tests that use invalid header blocks, and validates that
+they fail appropriately.
+"""
+import itertools
+
+import pytest
+
+import h2.config
+import h2.connection
+import h2.errors
+import h2.events
+import h2.exceptions
+import h2.settings
+import h2.utilities
+
+import hyperframe.frame
+
+from hypothesis import given
+from hypothesis.strategies import binary, lists, tuples
+
+HEADERS_STRATEGY = lists(tuples(binary(min_size=1), binary()))
+
+
+class TestInvalidFrameSequences(object):
+    """
+    Invalid header sequences cause ProtocolErrors to be thrown when received.
+    """
+    base_request_headers = [
+        (':authority', 'example.com'),
+        (':path', '/'),
+        (':scheme', 'https'),
+        (':method', 'GET'),
+        ('user-agent', 'someua/0.0.1'),
+    ]
+    invalid_header_blocks = [
+        base_request_headers + [('Uppercase', 'name')],
+        base_request_headers + [(':late', 'pseudo-header')],
+        [(':path', 'duplicate-pseudo-header')] + base_request_headers,
+        base_request_headers + [('connection', 'close')],
+        base_request_headers + [('proxy-connection', 'close')],
+        base_request_headers + [('keep-alive', 'close')],
+        base_request_headers + [('transfer-encoding', 'gzip')],
+        base_request_headers + [('upgrade', 'super-protocol/1.1')],
+        base_request_headers + [('te', 'chunked')],
+        base_request_headers + [('host', 'notexample.com')],
+        base_request_headers + [(' name', 'name with leading space')],
+        base_request_headers + [('name ', 'name with trailing space')],
+        base_request_headers + [('name', ' value with leading space')],
+        base_request_headers + [('name', 'value with trailing space ')],
+        [header for header in base_request_headers
+         if header[0] != ':authority'],
+        [(':protocol', 'websocket')] + base_request_headers,
+    ]
+    server_config = h2.config.H2Configuration(
+        client_side=False, header_encoding='utf-8'
+    )
+
+    @pytest.mark.parametrize('headers', invalid_header_blocks)
+    def test_headers_event(self, frame_factory, headers):
+        """
+        Test invalid headers are rejected with PROTOCOL_ERROR.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_headers_frame(headers)
+        data = f.serialize()
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(data)
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=1, error_code=h2.errors.ErrorCodes.PROTOCOL_ERROR
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    @pytest.mark.parametrize('headers', invalid_header_blocks)
+    def test_push_promise_event(self, frame_factory, headers):
+        """
+        If a PUSH_PROMISE header frame is received with an invalid header block
+        it is rejected with a PROTOCOL_ERROR.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(
+            stream_id=1, headers=self.base_request_headers, end_stream=True
+        )
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_push_promise_frame(
+            stream_id=1,
+            promised_stream_id=2,
+            headers=headers
+        )
+        data = f.serialize()
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(data)
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=0, error_code=h2.errors.ErrorCodes.PROTOCOL_ERROR
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    @pytest.mark.parametrize('headers', invalid_header_blocks)
+    def test_push_promise_skipping_validation(self, frame_factory, headers):
+        """
+        If we have ``validate_inbound_headers`` disabled, then invalid header
+        blocks in push promise frames are allowed to pass.
+        """
+        config = h2.config.H2Configuration(
+            client_side=True,
+            validate_inbound_headers=False,
+            header_encoding='utf-8'
+        )
+
+        c = h2.connection.H2Connection(config=config)
+        c.initiate_connection()
+        c.send_headers(
+            stream_id=1, headers=self.base_request_headers, end_stream=True
+        )
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_push_promise_frame(
+            stream_id=1,
+            promised_stream_id=2,
+            headers=headers
+        )
+        data = f.serialize()
+
+        events = c.receive_data(data)
+        assert len(events) == 1
+        pp_event = events[0]
+        assert pp_event.headers == headers
+
+    @pytest.mark.parametrize('headers', invalid_header_blocks)
+    def test_headers_event_skipping_validation(self, frame_factory, headers):
+        """
+        If we have ``validate_inbound_headers`` disabled, then all of these
+        invalid header blocks are allowed to pass.
+        """
+        config = h2.config.H2Configuration(
+            client_side=False,
+            validate_inbound_headers=False,
+            header_encoding='utf-8'
+        )
+
+        c = h2.connection.H2Connection(config=config)
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_headers_frame(headers)
+        data = f.serialize()
+
+        events = c.receive_data(data)
+        assert len(events) == 1
+        request_event = events[0]
+        assert request_event.headers == headers
+
+    def test_transfer_encoding_trailers_is_valid(self, frame_factory):
+        """
+        Transfer-Encoding trailers is allowed by the filter.
+        """
+        headers = (
+            self.base_request_headers + [('te', 'trailers')]
+        )
+
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_headers_frame(headers)
+        data = f.serialize()
+
+        events = c.receive_data(data)
+        assert len(events) == 1
+        request_event = events[0]
+        assert request_event.headers == headers
+
+    def test_pseudo_headers_rejected_in_trailer(self, frame_factory):
+        """
+        Ensure we reject pseudo headers included in trailers
+        """
+        trailers = [(':path', '/'), ('extra', 'value')]
+
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        header_frame = frame_factory.build_headers_frame(
+            self.base_request_headers
+        )
+        trailer_frame = frame_factory.build_headers_frame(
+            trailers, flags=["END_STREAM"]
+        )
+        head = header_frame.serialize()
+        trailer = trailer_frame.serialize()
+
+        c.receive_data(head)
+        # Raise exception if pseudo header in trailer
+        with pytest.raises(h2.exceptions.ProtocolError) as e:
+            c.receive_data(trailer)
+        assert "pseudo-header in trailer" in str(e.value)
+
+        # Test appropriate response frame is generated
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=1, error_code=h2.errors.ErrorCodes.PROTOCOL_ERROR
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+
+class TestSendingInvalidFrameSequences(object):
+    """
+    Trying to send invalid header sequences cause ProtocolErrors to
+    be thrown.
+    """
+    base_request_headers = [
+        (':authority', 'example.com'),
+        (':path', '/'),
+        (':scheme', 'https'),
+        (':method', 'GET'),
+        ('user-agent', 'someua/0.0.1'),
+    ]
+    invalid_header_blocks = [
+        base_request_headers + [(':late', 'pseudo-header')],
+        [(':path', 'duplicate-pseudo-header')] + base_request_headers,
+        base_request_headers + [('te', 'chunked')],
+        base_request_headers + [('host', 'notexample.com')],
+        [header for header in base_request_headers
+         if header[0] != ':authority'],
+    ]
+    strippable_header_blocks = [
+        base_request_headers + [('connection', 'close')],
+        base_request_headers + [('proxy-connection', 'close')],
+        base_request_headers + [('keep-alive', 'close')],
+        base_request_headers + [('transfer-encoding', 'gzip')],
+        base_request_headers + [('upgrade', 'super-protocol/1.1')]
+    ]
+    all_header_blocks = invalid_header_blocks + strippable_header_blocks
+
+    server_config = h2.config.H2Configuration(client_side=False)
+
+    @pytest.mark.parametrize('headers', invalid_header_blocks)
+    def test_headers_event(self, frame_factory, headers):
+        """
+        Test sending invalid headers raise a ProtocolError.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+
+        # Clear the data, then try to send headers.
+        c.clear_outbound_data_buffer()
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.send_headers(1, headers)
+
+    @pytest.mark.parametrize('headers', invalid_header_blocks)
+    def test_send_push_promise(self, frame_factory, headers):
+        """
+        Sending invalid headers in a push promise raises a ProtocolError.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        header_frame = frame_factory.build_headers_frame(
+            self.base_request_headers
+        )
+        c.receive_data(header_frame.serialize())
+
+        # Clear the data, then try to send a push promise.
+        c.clear_outbound_data_buffer()
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.push_stream(
+                stream_id=1, promised_stream_id=2, request_headers=headers
+            )
+
+    @pytest.mark.parametrize('headers', all_header_blocks)
+    def test_headers_event_skipping_validation(self, frame_factory, headers):
+        """
+        If we have ``validate_outbound_headers`` disabled, then all of these
+        invalid header blocks are allowed to pass.
+        """
+        config = h2.config.H2Configuration(
+            validate_outbound_headers=False
+        )
+
+        c = h2.connection.H2Connection(config=config)
+        c.initiate_connection()
+
+        # Clear the data, then send headers.
+        c.clear_outbound_data_buffer()
+        c.send_headers(1, headers)
+
+        # Ensure headers are still normalized.
+        norm_headers = h2.utilities.normalize_outbound_headers(headers, None)
+        f = frame_factory.build_headers_frame(norm_headers)
+        assert c.data_to_send() == f.serialize()
+
+    @pytest.mark.parametrize('headers', all_header_blocks)
+    def test_push_promise_skipping_validation(self, frame_factory, headers):
+        """
+        If we have ``validate_outbound_headers`` disabled, then all of these
+        invalid header blocks are allowed to pass.
+        """
+        config = h2.config.H2Configuration(
+            client_side=False,
+            validate_outbound_headers=False,
+        )
+
+        c = h2.connection.H2Connection(config=config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        header_frame = frame_factory.build_headers_frame(
+            self.base_request_headers
+        )
+        c.receive_data(header_frame.serialize())
+
+        # Create push promise frame with normalized headers.
+        frame_factory.refresh_encoder()
+        norm_headers = h2.utilities.normalize_outbound_headers(headers, None)
+        pp_frame = frame_factory.build_push_promise_frame(
+            stream_id=1, promised_stream_id=2, headers=norm_headers
+        )
+
+        # Clear the data, then send a push promise.
+        c.clear_outbound_data_buffer()
+        c.push_stream(
+            stream_id=1, promised_stream_id=2, request_headers=headers
+        )
+        assert c.data_to_send() == pp_frame.serialize()
+
+    @pytest.mark.parametrize('headers', all_header_blocks)
+    def test_headers_event_skip_normalization(self, frame_factory, headers):
+        """
+        If we have ``normalize_outbound_headers`` disabled, then all of these
+        invalid header blocks are sent through unmodified.
+        """
+        config = h2.config.H2Configuration(
+            validate_outbound_headers=False,
+            normalize_outbound_headers=False
+        )
+
+        c = h2.connection.H2Connection(config=config)
+        c.initiate_connection()
+
+        f = frame_factory.build_headers_frame(
+            headers,
+            stream_id=1,
+        )
+
+        # Clear the data, then send headers.
+        c.clear_outbound_data_buffer()
+        c.send_headers(1, headers)
+        assert c.data_to_send() == f.serialize()
+
+    @pytest.mark.parametrize('headers', all_header_blocks)
+    def test_push_promise_skip_normalization(self, frame_factory, headers):
+        """
+        If we have ``normalize_outbound_headers`` disabled, then all of these
+        invalid header blocks are allowed to pass unmodified.
+        """
+        config = h2.config.H2Configuration(
+            client_side=False,
+            validate_outbound_headers=False,
+            normalize_outbound_headers=False,
+        )
+
+        c = h2.connection.H2Connection(config=config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        header_frame = frame_factory.build_headers_frame(
+            self.base_request_headers
+        )
+        c.receive_data(header_frame.serialize())
+
+        frame_factory.refresh_encoder()
+        pp_frame = frame_factory.build_push_promise_frame(
+            stream_id=1, promised_stream_id=2, headers=headers
+        )
+
+        # Clear the data, then send a push promise.
+        c.clear_outbound_data_buffer()
+        c.push_stream(
+            stream_id=1, promised_stream_id=2, request_headers=headers
+        )
+        assert c.data_to_send() == pp_frame.serialize()
+
+    @pytest.mark.parametrize('headers', strippable_header_blocks)
+    def test_strippable_headers(self, frame_factory, headers):
+        """
+        Test connection related headers are removed before sending.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+
+        # Clear the data, then try to send headers.
+        c.clear_outbound_data_buffer()
+        c.send_headers(1, headers)
+
+        f = frame_factory.build_headers_frame(self.base_request_headers)
+        assert c.data_to_send() == f.serialize()
+
+
+class TestFilter(object):
+    """
+    Test the filter function directly.
+
+    These tests exists to confirm the behaviour of the filter function in a
+    wide range of scenarios. Many of these scenarios may not be legal for
+    HTTP/2 and so may never hit the function, but it's worth validating that it
+    behaves as expected anyway.
+    """
+    validation_functions = [
+        h2.utilities.validate_headers,
+        h2.utilities.validate_outbound_headers
+    ]
+
+    hdr_validation_combos = [
+        h2.utilities.HeaderValidationFlags(
+            is_client, is_trailer, is_response_header, is_push_promise
+        )
+        for is_client, is_trailer, is_response_header, is_push_promise in (
+            itertools.product([True, False], repeat=4)
+        )
+    ]
+
+    hdr_validation_response_headers = [
+        flags for flags in hdr_validation_combos
+        if flags.is_response_header
+    ]
+
+    hdr_validation_request_headers_no_trailer = [
+        flags for flags in hdr_validation_combos
+        if not (flags.is_trailer or flags.is_response_header)
+    ]
+
+    invalid_request_header_blocks_bytes = (
+        # First, missing :method
+        (
+            (b':authority', b'google.com'),
+            (b':path', b'/'),
+            (b':scheme', b'https'),
+        ),
+        # Next, missing :path
+        (
+            (b':authority', b'google.com'),
+            (b':method', b'GET'),
+            (b':scheme', b'https'),
+        ),
+        # Next, missing :scheme
+        (
+            (b':authority', b'google.com'),
+            (b':method', b'GET'),
+            (b':path', b'/'),
+        ),
+        # Finally, path present but empty.
+        (
+            (b':authority', b'google.com'),
+            (b':method', b'GET'),
+            (b':scheme', b'https'),
+            (b':path', b''),
+        ),
+    )
+    invalid_request_header_blocks_unicode = (
+        # First, missing :method
+        (
+            (u':authority', u'google.com'),
+            (u':path', u'/'),
+            (u':scheme', u'https'),
+        ),
+        # Next, missing :path
+        (
+            (u':authority', u'google.com'),
+            (u':method', u'GET'),
+            (u':scheme', u'https'),
+        ),
+        # Next, missing :scheme
+        (
+            (u':authority', u'google.com'),
+            (u':method', u'GET'),
+            (u':path', u'/'),
+        ),
+        # Finally, path present but empty.
+        (
+            (u':authority', u'google.com'),
+            (u':method', u'GET'),
+            (u':scheme', u'https'),
+            (u':path', u''),
+        ),
+    )
+
+    # All headers that are forbidden from either request or response blocks.
+    forbidden_request_headers_bytes = (b':status',)
+    forbidden_request_headers_unicode = (u':status',)
+    forbidden_response_headers_bytes = (
+        b':path', b':scheme', b':authority', b':method'
+    )
+    forbidden_response_headers_unicode = (
+        u':path', u':scheme', u':authority', u':method'
+    )
+
+    @pytest.mark.parametrize('validation_function', validation_functions)
+    @pytest.mark.parametrize('hdr_validation_flags', hdr_validation_combos)
+    @given(headers=HEADERS_STRATEGY)
+    def test_range_of_acceptable_outputs(self,
+                                         headers,
+                                         validation_function,
+                                         hdr_validation_flags):
+        """
+        The header validation functions either return the data unchanged
+        or throw a ProtocolError.
+        """
+        try:
+            assert headers == list(validation_function(
+                headers, hdr_validation_flags))
+        except h2.exceptions.ProtocolError:
+            assert True
+
+    @pytest.mark.parametrize('hdr_validation_flags', hdr_validation_combos)
+    def test_invalid_pseudo_headers(self, hdr_validation_flags):
+        headers = [(b':custom', b'value')]
+        with pytest.raises(h2.exceptions.ProtocolError):
+            list(h2.utilities.validate_headers(headers, hdr_validation_flags))
+
+    @pytest.mark.parametrize('validation_function', validation_functions)
+    @pytest.mark.parametrize(
+        'hdr_validation_flags', hdr_validation_request_headers_no_trailer
+    )
+    def test_matching_authority_host_headers(self,
+                                             validation_function,
+                                             hdr_validation_flags):
+        """
+        If a header block has :authority and Host headers and they match,
+        the headers should pass through unchanged.
+        """
+        headers = [
+            (b':authority', b'example.com'),
+            (b':path', b'/'),
+            (b':scheme', b'https'),
+            (b':method', b'GET'),
+            (b'host', b'example.com'),
+        ]
+        assert headers == list(h2.utilities.validate_headers(
+            headers, hdr_validation_flags
+        ))
+
+    @pytest.mark.parametrize(
+        'hdr_validation_flags', hdr_validation_response_headers
+    )
+    def test_response_header_without_status(self, hdr_validation_flags):
+        headers = [(b'content-length', b'42')]
+        with pytest.raises(h2.exceptions.ProtocolError):
+            list(h2.utilities.validate_headers(headers, hdr_validation_flags))
+
+    @pytest.mark.parametrize(
+        'hdr_validation_flags', hdr_validation_request_headers_no_trailer
+    )
+    @pytest.mark.parametrize(
+        'header_block',
+        (
+            invalid_request_header_blocks_bytes +
+            invalid_request_header_blocks_unicode
+        )
+    )
+    def test_outbound_req_header_missing_pseudo_headers(self,
+                                                        hdr_validation_flags,
+                                                        header_block):
+        with pytest.raises(h2.exceptions.ProtocolError):
+            list(
+                h2.utilities.validate_outbound_headers(
+                    header_block, hdr_validation_flags
+                )
+            )
+
+    @pytest.mark.parametrize(
+        'hdr_validation_flags', hdr_validation_request_headers_no_trailer
+    )
+    @pytest.mark.parametrize(
+        'header_block', invalid_request_header_blocks_bytes
+    )
+    def test_inbound_req_header_missing_pseudo_headers(self,
+                                                       hdr_validation_flags,
+                                                       header_block):
+        with pytest.raises(h2.exceptions.ProtocolError):
+            list(
+                h2.utilities.validate_headers(
+                    header_block, hdr_validation_flags
+                )
+            )
+
+    @pytest.mark.parametrize(
+        'hdr_validation_flags', hdr_validation_request_headers_no_trailer
+    )
+    @pytest.mark.parametrize(
+        'invalid_header',
+        forbidden_request_headers_bytes + forbidden_request_headers_unicode
+    )
+    def test_outbound_req_header_extra_pseudo_headers(self,
+                                                      hdr_validation_flags,
+                                                      invalid_header):
+        """
+        Outbound request header blocks containing the forbidden request headers
+        fail validation.
+        """
+        headers = [
+            (b':path', b'/'),
+            (b':scheme', b'https'),
+            (b':authority', b'google.com'),
+            (b':method', b'GET'),
+        ]
+        headers.append((invalid_header, b'some value'))
+        with pytest.raises(h2.exceptions.ProtocolError):
+            list(
+                h2.utilities.validate_outbound_headers(
+                    headers, hdr_validation_flags
+                )
+            )
+
+    @pytest.mark.parametrize(
+        'hdr_validation_flags', hdr_validation_request_headers_no_trailer
+    )
+    @pytest.mark.parametrize(
+        'invalid_header',
+        forbidden_request_headers_bytes
+    )
+    def test_inbound_req_header_extra_pseudo_headers(self,
+                                                     hdr_validation_flags,
+                                                     invalid_header):
+        """
+        Inbound request header blocks containing the forbidden request headers
+        fail validation.
+        """
+        headers = [
+            (b':path', b'/'),
+            (b':scheme', b'https'),
+            (b':authority', b'google.com'),
+            (b':method', b'GET'),
+        ]
+        headers.append((invalid_header, b'some value'))
+        with pytest.raises(h2.exceptions.ProtocolError):
+            list(h2.utilities.validate_headers(headers, hdr_validation_flags))
+
+    @pytest.mark.parametrize(
+        'hdr_validation_flags', hdr_validation_response_headers
+    )
+    @pytest.mark.parametrize(
+        'invalid_header',
+        forbidden_response_headers_bytes + forbidden_response_headers_unicode
+    )
+    def test_outbound_resp_header_extra_pseudo_headers(self,
+                                                       hdr_validation_flags,
+                                                       invalid_header):
+        """
+        Outbound response header blocks containing the forbidden response
+        headers fail validation.
+        """
+        headers = [(b':status', b'200')]
+        headers.append((invalid_header, b'some value'))
+        with pytest.raises(h2.exceptions.ProtocolError):
+            list(
+                h2.utilities.validate_outbound_headers(
+                    headers, hdr_validation_flags
+                )
+            )
+
+    @pytest.mark.parametrize(
+        'hdr_validation_flags', hdr_validation_response_headers
+    )
+    @pytest.mark.parametrize(
+        'invalid_header',
+        forbidden_response_headers_bytes
+    )
+    def test_inbound_resp_header_extra_pseudo_headers(self,
+                                                      hdr_validation_flags,
+                                                      invalid_header):
+        """
+        Inbound response header blocks containing the forbidden response
+        headers fail validation.
+        """
+        headers = [(b':status', b'200')]
+        headers.append((invalid_header, b'some value'))
+        with pytest.raises(h2.exceptions.ProtocolError):
+            list(h2.utilities.validate_headers(headers, hdr_validation_flags))
+
+
+class TestOversizedHeaders(object):
+    """
+    Tests that oversized header blocks are correctly rejected. This replicates
+    the "HPACK Bomb" attack, and confirms that we're resistant against it.
+    """
+    request_header_block = [
+        (b':method', b'GET'),
+        (b':authority', b'example.com'),
+        (b':scheme', b'https'),
+        (b':path', b'/'),
+    ]
+
+    response_header_block = [
+        (b':status', b'200'),
+    ]
+
+    # The first header block contains a single header that fills the header
+    # table. To do that, we'll give it a single-character header name and a
+    # 4063 byte header value. This will make it exactly the size of the header
+    # table. It must come last, so that it evicts all other headers.
+    # This block must be appended to either a request or response block.
+    first_header_block = [
+        (b'a', b'a' * 4063),
+    ]
+
+    # The second header "block" is actually a custom HEADERS frame body that
+    # simply repeatedly refers to the first entry for 16kB. Each byte has the
+    # high bit set (0x80), and then uses the remaining 7 bits to encode the
+    # number 62 (0x3e), leading to a repeat of the byte 0xbe.
+    second_header_block = b'\xbe' * 2**14
+
+    server_config = h2.config.H2Configuration(client_side=False)
+
+    def test_hpack_bomb_request(self, frame_factory):
+        """
+        A HPACK bomb request causes the connection to be torn down with the
+        error code ENHANCE_YOUR_CALM.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_headers_frame(
+            self.request_header_block + self.first_header_block
+        )
+        data = f.serialize()
+        c.receive_data(data)
+
+        # Build the attack payload.
+        attack_frame = hyperframe.frame.HeadersFrame(stream_id=3)
+        attack_frame.data = self.second_header_block
+        attack_frame.flags.add('END_HEADERS')
+        data = attack_frame.serialize()
+
+        with pytest.raises(h2.exceptions.DenialOfServiceError):
+            c.receive_data(data)
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=1, error_code=h2.errors.ErrorCodes.ENHANCE_YOUR_CALM
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_hpack_bomb_response(self, frame_factory):
+        """
+        A HPACK bomb response causes the connection to be torn down with the
+        error code ENHANCE_YOUR_CALM.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(
+            stream_id=1, headers=self.request_header_block
+        )
+        c.send_headers(
+            stream_id=3, headers=self.request_header_block
+        )
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_headers_frame(
+            self.response_header_block + self.first_header_block
+        )
+        data = f.serialize()
+        c.receive_data(data)
+
+        # Build the attack payload.
+        attack_frame = hyperframe.frame.HeadersFrame(stream_id=3)
+        attack_frame.data = self.second_header_block
+        attack_frame.flags.add('END_HEADERS')
+        data = attack_frame.serialize()
+
+        with pytest.raises(h2.exceptions.DenialOfServiceError):
+            c.receive_data(data)
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=0, error_code=h2.errors.ErrorCodes.ENHANCE_YOUR_CALM
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_hpack_bomb_push(self, frame_factory):
+        """
+        A HPACK bomb push causes the connection to be torn down with the
+        error code ENHANCE_YOUR_CALM.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(
+            stream_id=1, headers=self.request_header_block
+        )
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_headers_frame(
+            self.response_header_block + self.first_header_block
+        )
+        data = f.serialize()
+        c.receive_data(data)
+
+        # Build the attack payload. We need to shrink it by four bytes because
+        # the promised_stream_id consumes four bytes of body.
+        attack_frame = hyperframe.frame.PushPromiseFrame(stream_id=3)
+        attack_frame.promised_stream_id = 2
+        attack_frame.data = self.second_header_block[:-4]
+        attack_frame.flags.add('END_HEADERS')
+        data = attack_frame.serialize()
+
+        with pytest.raises(h2.exceptions.DenialOfServiceError):
+            c.receive_data(data)
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=0, error_code=h2.errors.ErrorCodes.ENHANCE_YOUR_CALM
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_reject_headers_when_list_size_shrunk(self, frame_factory):
+        """
+        When we've shrunk the header list size, we reject new header blocks
+        that violate the new size.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        # Receive the first request, which causes no problem.
+        f = frame_factory.build_headers_frame(
+            stream_id=1,
+            headers=self.request_header_block
+        )
+        data = f.serialize()
+        c.receive_data(data)
+
+        # Now, send a settings change. It's un-ACKed at this time. A new
+        # request arrives, also without incident.
+        c.update_settings({h2.settings.SettingCodes.MAX_HEADER_LIST_SIZE: 50})
+        c.clear_outbound_data_buffer()
+        f = frame_factory.build_headers_frame(
+            stream_id=3,
+            headers=self.request_header_block
+        )
+        data = f.serialize()
+        c.receive_data(data)
+
+        # We get a SETTINGS ACK.
+        f = frame_factory.build_settings_frame({}, ack=True)
+        data = f.serialize()
+        c.receive_data(data)
+
+        # Now a third request comes in. This explodes.
+        f = frame_factory.build_headers_frame(
+            stream_id=5,
+            headers=self.request_header_block
+        )
+        data = f.serialize()
+
+        with pytest.raises(h2.exceptions.DenialOfServiceError):
+            c.receive_data(data)
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=3, error_code=h2.errors.ErrorCodes.ENHANCE_YOUR_CALM
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_reject_headers_when_table_size_shrunk(self, frame_factory):
+        """
+        When we've shrunk the header table size, we reject header blocks that
+        do not respect the change.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        # Receive the first request, which causes no problem.
+        f = frame_factory.build_headers_frame(
+            stream_id=1,
+            headers=self.request_header_block
+        )
+        data = f.serialize()
+        c.receive_data(data)
+
+        # Now, send a settings change. It's un-ACKed at this time. A new
+        # request arrives, also without incident.
+        c.update_settings({h2.settings.SettingCodes.HEADER_TABLE_SIZE: 128})
+        c.clear_outbound_data_buffer()
+        f = frame_factory.build_headers_frame(
+            stream_id=3,
+            headers=self.request_header_block
+        )
+        data = f.serialize()
+        c.receive_data(data)
+
+        # We get a SETTINGS ACK.
+        f = frame_factory.build_settings_frame({}, ack=True)
+        data = f.serialize()
+        c.receive_data(data)
+
+        # Now a third request comes in. This explodes, as it does not contain
+        # a dynamic table size update.
+        f = frame_factory.build_headers_frame(
+            stream_id=5,
+            headers=self.request_header_block
+        )
+        data = f.serialize()
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(data)
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=3, error_code=h2.errors.ErrorCodes.PROTOCOL_ERROR
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    def test_reject_headers_exceeding_table_size(self, frame_factory):
+        """
+        When the remote peer sends a dynamic table size update that exceeds our
+        setting, we reject it.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        # Receive the first request, which causes no problem.
+        f = frame_factory.build_headers_frame(
+            stream_id=1,
+            headers=self.request_header_block
+        )
+        data = f.serialize()
+        c.receive_data(data)
+
+        # Now a second request comes in that sets the table size too high.
+        # This explodes.
+        frame_factory.change_table_size(c.local_settings.header_table_size + 1)
+        f = frame_factory.build_headers_frame(
+            stream_id=5,
+            headers=self.request_header_block
+        )
+        data = f.serialize()
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(data)
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=1, error_code=h2.errors.ErrorCodes.PROTOCOL_ERROR
+        )
+        assert c.data_to_send() == expected_frame.serialize()
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_priority.py b/testing/web-platform/tests/tools/third_party/h2/test/test_priority.py
new file mode 100644
index 0000000000..cbc7332253
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_priority.py
@@ -0,0 +1,358 @@
+# -*- coding: utf-8 -*-
+"""
+test_priority
+~~~~~~~~~~~~~
+
+Test the priority logic of Hyper-h2.
+"""
+import pytest
+
+import h2.config
+import h2.connection
+import h2.errors
+import h2.events
+import h2.exceptions
+import h2.stream
+
+
+class TestPriority(object):
+    """
+    Basic priority tests.
+    """
+    example_request_headers = [
+        (':authority', 'example.com'),
+        (':path', '/'),
+        (':scheme', 'https'),
+        (':method', 'GET'),
+    ]
+    example_response_headers = [
+        (':status', '200'),
+        ('server', 'pytest-h2'),
+    ]
+    server_config = h2.config.H2Configuration(client_side=False)
+
+    def test_receiving_priority_emits_priority_update(self, frame_factory):
+        """
+        Receiving a priority frame emits a PriorityUpdated event.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_priority_frame(
+            stream_id=1,
+            weight=255,
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        assert not c.data_to_send()
+
+        event = events[0]
+        assert isinstance(event, h2.events.PriorityUpdated)
+        assert event.stream_id == 1
+        assert event.depends_on == 0
+        assert event.weight == 256
+        assert event.exclusive is False
+
+    def test_headers_with_priority_info(self, frame_factory):
+        """
+        Receiving a HEADERS frame with priority information on it emits a
+        PriorityUpdated event.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_headers_frame(
+            headers=self.example_request_headers,
+            stream_id=3,
+            flags=['PRIORITY'],
+            stream_weight=15,
+            depends_on=1,
+            exclusive=True,
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 2
+        assert not c.data_to_send()
+
+        event = events[1]
+        assert isinstance(event, h2.events.PriorityUpdated)
+        assert event.stream_id == 3
+        assert event.depends_on == 1
+        assert event.weight == 16
+        assert event.exclusive is True
+
+    def test_streams_may_not_depend_on_themselves(self, frame_factory):
+        """
+        A stream adjusted to depend on itself causes a Protocol Error.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_headers_frame(
+            headers=self.example_request_headers,
+            stream_id=3,
+            flags=['PRIORITY'],
+            stream_weight=15,
+            depends_on=1,
+            exclusive=True,
+        )
+        c.receive_data(f.serialize())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_priority_frame(
+            stream_id=3,
+            depends_on=3,
+            weight=15
+        )
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.receive_data(f.serialize())
+
+        expected_frame = frame_factory.build_goaway_frame(
+            last_stream_id=3,
+            error_code=h2.errors.ErrorCodes.PROTOCOL_ERROR,
+        )
+        assert c.data_to_send() == expected_frame.serialize()
+
+    @pytest.mark.parametrize(
+        'depends_on,weight,exclusive',
+        [
+            (0, 256, False),
+            (3, 128, False),
+            (3, 128, True),
+        ]
+    )
+    def test_can_prioritize_stream(self, depends_on, weight, exclusive,
+                                   frame_factory):
+        """
+        hyper-h2 can emit priority frames.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+
+        c.send_headers(headers=self.example_request_headers, stream_id=1)
+        c.send_headers(headers=self.example_request_headers, stream_id=3)
+        c.clear_outbound_data_buffer()
+
+        c.prioritize(
+            stream_id=1,
+            depends_on=depends_on,
+            weight=weight,
+            exclusive=exclusive
+        )
+
+        f = frame_factory.build_priority_frame(
+            stream_id=1,
+            weight=weight - 1,
+            depends_on=depends_on,
+            exclusive=exclusive,
+        )
+        assert c.data_to_send() == f.serialize()
+
+    @pytest.mark.parametrize(
+        'depends_on,weight,exclusive',
+        [
+            (0, 256, False),
+            (1, 128, False),
+            (1, 128, True),
+        ]
+    )
+    def test_emit_headers_with_priority_info(self, depends_on, weight,
+                                             exclusive, frame_factory):
+        """
+        It is possible to send a headers frame with priority information on
+        it.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.clear_outbound_data_buffer()
+
+        c.send_headers(
+            headers=self.example_request_headers,
+            stream_id=3,
+            priority_weight=weight,
+            priority_depends_on=depends_on,
+            priority_exclusive=exclusive,
+        )
+
+        f = frame_factory.build_headers_frame(
+            headers=self.example_request_headers,
+            stream_id=3,
+            flags=['PRIORITY'],
+            stream_weight=weight - 1,
+            depends_on=depends_on,
+            exclusive=exclusive,
+        )
+        assert c.data_to_send() == f.serialize()
+
+    def test_may_not_prioritize_stream_to_depend_on_self(self, frame_factory):
+        """
+        A stream adjusted to depend on itself causes a Protocol Error.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        c.send_headers(
+            headers=self.example_request_headers,
+            stream_id=3,
+            priority_weight=255,
+            priority_depends_on=0,
+            priority_exclusive=False,
+        )
+        c.clear_outbound_data_buffer()
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.prioritize(
+                stream_id=3,
+                depends_on=3,
+            )
+
+        assert not c.data_to_send()
+
+    def test_may_not_initially_set_stream_depend_on_self(self, frame_factory):
+        """
+        A stream that starts by depending on itself causes a Protocol Error.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.send_headers(
+                headers=self.example_request_headers,
+                stream_id=3,
+                priority_depends_on=3,
+            )
+
+        assert not c.data_to_send()
+
+    @pytest.mark.parametrize('weight', [0, -15, 257])
+    def test_prioritize_requires_valid_weight(self, weight):
+        """
+        A call to prioritize with an invalid weight causes a ProtocolError.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.clear_outbound_data_buffer()
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.prioritize(stream_id=1, weight=weight)
+
+        assert not c.data_to_send()
+
+    @pytest.mark.parametrize('weight', [0, -15, 257])
+    def test_send_headers_requires_valid_weight(self, weight):
+        """
+        A call to send_headers with an invalid weight causes a ProtocolError.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.clear_outbound_data_buffer()
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.send_headers(
+                stream_id=1,
+                headers=self.example_request_headers,
+                priority_weight=weight
+            )
+
+        assert not c.data_to_send()
+
+    def test_prioritize_defaults(self, frame_factory):
+        """
+        When prioritize() is called with no explicit arguments, it emits a
+        weight of 16, depending on stream zero non-exclusively.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.clear_outbound_data_buffer()
+
+        c.prioritize(stream_id=1)
+
+        f = frame_factory.build_priority_frame(
+            stream_id=1,
+            weight=15,
+            depends_on=0,
+            exclusive=False,
+        )
+        assert c.data_to_send() == f.serialize()
+
+    @pytest.mark.parametrize(
+        'priority_kwargs',
+        [
+            {'priority_weight': 16},
+            {'priority_depends_on': 0},
+            {'priority_exclusive': False},
+        ]
+    )
+    def test_send_headers_defaults(self, priority_kwargs, frame_factory):
+        """
+        When send_headers() is called with only one explicit argument, it emits
+        default values for everything else.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.clear_outbound_data_buffer()
+
+        c.send_headers(
+            stream_id=1,
+            headers=self.example_request_headers,
+            **priority_kwargs
+        )
+
+        f = frame_factory.build_headers_frame(
+            headers=self.example_request_headers,
+            stream_id=1,
+            flags=['PRIORITY'],
+            stream_weight=15,
+            depends_on=0,
+            exclusive=False,
+        )
+        assert c.data_to_send() == f.serialize()
+
+    def test_servers_cannot_prioritize(self, frame_factory):
+        """
+        Server stacks are not allowed to call ``prioritize()``.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_headers_frame(
+            stream_id=1,
+            headers=self.example_request_headers,
+        )
+        c.receive_data(f.serialize())
+
+        with pytest.raises(h2.exceptions.RFC1122Error):
+            c.prioritize(stream_id=1)
+
+    def test_servers_cannot_prioritize_with_headers(self, frame_factory):
+        """
+        Server stacks are not allowed to prioritize on headers either.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_headers_frame(
+            stream_id=1,
+            headers=self.example_request_headers,
+        )
+        c.receive_data(f.serialize())
+
+        with pytest.raises(h2.exceptions.RFC1122Error):
+            c.send_headers(
+                stream_id=1,
+                headers=self.example_response_headers,
+                priority_weight=16,
+            )
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_related_events.py b/testing/web-platform/tests/tools/third_party/h2/test/test_related_events.py
new file mode 100644
index 0000000000..eb6b878905
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_related_events.py
@@ -0,0 +1,370 @@
+# -*- coding: utf-8 -*-
+"""
+test_related_events.py
+~~~~~~~~~~~~~~~~~~~~~~
+
+Specific tests to validate the "related events" logic used by certain events
+inside hyper-h2.
+"""
+import h2.config
+import h2.connection
+import h2.events
+
+
+class TestRelatedEvents(object):
+    """
+    Related events correlate all those events that happen on a single frame.
+    """
+    example_request_headers = [
+        (':authority', 'example.com'),
+        (':path', '/'),
+        (':scheme', 'https'),
+        (':method', 'GET'),
+    ]
+
+    example_response_headers = [
+        (':status', '200'),
+        ('server', 'fake-serv/0.1.0')
+    ]
+
+    informational_response_headers = [
+        (':status', '100'),
+        ('server', 'fake-serv/0.1.0')
+    ]
+
+    example_trailers = [
+        ('another', 'field'),
+    ]
+
+    server_config = h2.config.H2Configuration(client_side=False)
+
+    def test_request_received_related_all(self, frame_factory):
+        """
+        RequestReceived has two possible related events: PriorityUpdated and
+        StreamEnded, all fired when a single HEADERS frame is received.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        input_frame = frame_factory.build_headers_frame(
+            headers=self.example_request_headers,
+            flags=['END_STREAM', 'PRIORITY'],
+            stream_weight=15,
+            depends_on=0,
+            exclusive=False,
+        )
+        events = c.receive_data(input_frame.serialize())
+
+        assert len(events) == 3
+        base_event = events[0]
+        other_events = events[1:]
+
+        assert base_event.stream_ended in other_events
+        assert isinstance(base_event.stream_ended, h2.events.StreamEnded)
+        assert base_event.priority_updated in other_events
+        assert isinstance(
+            base_event.priority_updated, h2.events.PriorityUpdated
+        )
+
+    def test_request_received_related_priority(self, frame_factory):
+        """
+        RequestReceived can be related to PriorityUpdated.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        input_frame = frame_factory.build_headers_frame(
+            headers=self.example_request_headers,
+            flags=['PRIORITY'],
+            stream_weight=15,
+            depends_on=0,
+            exclusive=False,
+        )
+        events = c.receive_data(input_frame.serialize())
+
+        assert len(events) == 2
+        base_event = events[0]
+        priority_updated_event = events[1]
+
+        assert base_event.priority_updated is priority_updated_event
+        assert base_event.stream_ended is None
+        assert isinstance(
+            base_event.priority_updated, h2.events.PriorityUpdated
+        )
+
+    def test_request_received_related_stream_ended(self, frame_factory):
+        """
+        RequestReceived can be related to StreamEnded.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        input_frame = frame_factory.build_headers_frame(
+            headers=self.example_request_headers,
+            flags=['END_STREAM'],
+        )
+        events = c.receive_data(input_frame.serialize())
+
+        assert len(events) == 2
+        base_event = events[0]
+        stream_ended_event = events[1]
+
+        assert base_event.stream_ended is stream_ended_event
+        assert base_event.priority_updated is None
+        assert isinstance(base_event.stream_ended, h2.events.StreamEnded)
+
+    def test_response_received_related_nothing(self, frame_factory):
+        """
+        ResponseReceived is ordinarily related to no events.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+
+        input_frame = frame_factory.build_headers_frame(
+            headers=self.example_response_headers,
+        )
+        events = c.receive_data(input_frame.serialize())
+
+        assert len(events) == 1
+        base_event = events[0]
+
+        assert base_event.stream_ended is None
+        assert base_event.priority_updated is None
+
+    def test_response_received_related_all(self, frame_factory):
+        """
+        ResponseReceived has two possible related events: PriorityUpdated and
+        StreamEnded, all fired when a single HEADERS frame is received.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+
+        input_frame = frame_factory.build_headers_frame(
+            headers=self.example_response_headers,
+            flags=['END_STREAM', 'PRIORITY'],
+            stream_weight=15,
+            depends_on=0,
+            exclusive=False,
+        )
+        events = c.receive_data(input_frame.serialize())
+
+        assert len(events) == 3
+        base_event = events[0]
+        other_events = events[1:]
+
+        assert base_event.stream_ended in other_events
+        assert isinstance(base_event.stream_ended, h2.events.StreamEnded)
+        assert base_event.priority_updated in other_events
+        assert isinstance(
+            base_event.priority_updated, h2.events.PriorityUpdated
+        )
+
+    def test_response_received_related_priority(self, frame_factory):
+        """
+        ResponseReceived can be related to PriorityUpdated.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+
+        input_frame = frame_factory.build_headers_frame(
+            headers=self.example_response_headers,
+            flags=['PRIORITY'],
+            stream_weight=15,
+            depends_on=0,
+            exclusive=False,
+        )
+        events = c.receive_data(input_frame.serialize())
+
+        assert len(events) == 2
+        base_event = events[0]
+        priority_updated_event = events[1]
+
+        assert base_event.priority_updated is priority_updated_event
+        assert base_event.stream_ended is None
+        assert isinstance(
+            base_event.priority_updated, h2.events.PriorityUpdated
+        )
+
+    def test_response_received_related_stream_ended(self, frame_factory):
+        """
+        ResponseReceived can be related to StreamEnded.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+
+        input_frame = frame_factory.build_headers_frame(
+            headers=self.example_response_headers,
+            flags=['END_STREAM'],
+        )
+        events = c.receive_data(input_frame.serialize())
+
+        assert len(events) == 2
+        base_event = events[0]
+        stream_ended_event = events[1]
+
+        assert base_event.stream_ended is stream_ended_event
+        assert base_event.priority_updated is None
+        assert isinstance(base_event.stream_ended, h2.events.StreamEnded)
+
+    def test_trailers_received_related_all(self, frame_factory):
+        """
+        TrailersReceived has two possible related events: PriorityUpdated and
+        StreamEnded, all fired when a single HEADERS frame is received.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+
+        f = frame_factory.build_headers_frame(
+            headers=self.example_response_headers,
+        )
+        c.receive_data(f.serialize())
+
+        input_frame = frame_factory.build_headers_frame(
+            headers=self.example_trailers,
+            flags=['END_STREAM', 'PRIORITY'],
+            stream_weight=15,
+            depends_on=0,
+            exclusive=False,
+        )
+        events = c.receive_data(input_frame.serialize())
+
+        assert len(events) == 3
+        base_event = events[0]
+        other_events = events[1:]
+
+        assert base_event.stream_ended in other_events
+        assert isinstance(base_event.stream_ended, h2.events.StreamEnded)
+        assert base_event.priority_updated in other_events
+        assert isinstance(
+            base_event.priority_updated, h2.events.PriorityUpdated
+        )
+
+    def test_trailers_received_related_stream_ended(self, frame_factory):
+        """
+        TrailersReceived can be related to StreamEnded by itself.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+
+        f = frame_factory.build_headers_frame(
+            headers=self.example_response_headers,
+        )
+        c.receive_data(f.serialize())
+
+        input_frame = frame_factory.build_headers_frame(
+            headers=self.example_trailers,
+            flags=['END_STREAM'],
+        )
+        events = c.receive_data(input_frame.serialize())
+
+        assert len(events) == 2
+        base_event = events[0]
+        stream_ended_event = events[1]
+
+        assert base_event.stream_ended is stream_ended_event
+        assert base_event.priority_updated is None
+        assert isinstance(base_event.stream_ended, h2.events.StreamEnded)
+
+    def test_informational_response_related_nothing(self, frame_factory):
+        """
+        InformationalResponseReceived in the standard case is related to
+        nothing.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+
+        input_frame = frame_factory.build_headers_frame(
+            headers=self.informational_response_headers,
+        )
+        events = c.receive_data(input_frame.serialize())
+
+        assert len(events) == 1
+        base_event = events[0]
+
+        assert base_event.priority_updated is None
+
+    def test_informational_response_received_related_all(self, frame_factory):
+        """
+        InformationalResponseReceived has one possible related event:
+        PriorityUpdated, fired when a single HEADERS frame is received.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+
+        input_frame = frame_factory.build_headers_frame(
+            headers=self.informational_response_headers,
+            flags=['PRIORITY'],
+            stream_weight=15,
+            depends_on=0,
+            exclusive=False,
+        )
+        events = c.receive_data(input_frame.serialize())
+
+        assert len(events) == 2
+        base_event = events[0]
+        priority_updated_event = events[1]
+
+        assert base_event.priority_updated is priority_updated_event
+        assert isinstance(
+            base_event.priority_updated, h2.events.PriorityUpdated
+        )
+
+    def test_data_received_normally_relates_to_nothing(self, frame_factory):
+        """
+        A plain DATA frame leads to DataReceieved with no related events.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+
+        f = frame_factory.build_headers_frame(
+            headers=self.example_response_headers,
+        )
+        c.receive_data(f.serialize())
+
+        input_frame = frame_factory.build_data_frame(
+            data=b'some data',
+        )
+        events = c.receive_data(input_frame.serialize())
+
+        assert len(events) == 1
+        base_event = events[0]
+
+        assert base_event.stream_ended is None
+
+    def test_data_received_related_stream_ended(self, frame_factory):
+        """
+        DataReceived can be related to StreamEnded by itself.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+
+        f = frame_factory.build_headers_frame(
+            headers=self.example_response_headers,
+        )
+        c.receive_data(f.serialize())
+
+        input_frame = frame_factory.build_data_frame(
+            data=b'some data',
+            flags=['END_STREAM'],
+        )
+        events = c.receive_data(input_frame.serialize())
+
+        assert len(events) == 2
+        base_event = events[0]
+        stream_ended_event = events[1]
+
+        assert base_event.stream_ended is stream_ended_event
+        assert isinstance(base_event.stream_ended, h2.events.StreamEnded)
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_rfc7838.py b/testing/web-platform/tests/tools/third_party/h2/test/test_rfc7838.py
new file mode 100644
index 0000000000..d7704e2345
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_rfc7838.py
@@ -0,0 +1,447 @@
+# -*- coding: utf-8 -*-
+"""
+test_rfc7838
+~~~~~~~~~~~~
+
+Test the RFC 7838 ALTSVC support.
+"""
+import pytest
+
+import h2.config
+import h2.connection
+import h2.events
+import h2.exceptions
+
+
+class TestRFC7838Client(object):
+    """
+    Tests that the client supports receiving the RFC 7838 AltSvc frame.
+    """
+    example_request_headers = [
+        (':authority', 'example.com'),
+        (':path', '/'),
+        (':scheme', 'https'),
+        (':method', 'GET'),
+    ]
+    example_response_headers = [
+        (u':status', u'200'),
+        (u'server', u'fake-serv/0.1.0')
+    ]
+
+    def test_receiving_altsvc_stream_zero(self, frame_factory):
+        """
+        An ALTSVC frame received on stream zero correctly transposes all the
+        fields from the frames.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_alt_svc_frame(
+            stream_id=0, origin=b"example.com", field=b'h2=":8000"; ma=60'
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.AlternativeServiceAvailable)
+        assert event.origin == b"example.com"
+        assert event.field_value == b'h2=":8000"; ma=60'
+
+        # No data gets sent.
+        assert not c.data_to_send()
+
+    def test_receiving_altsvc_stream_zero_no_origin(self, frame_factory):
+        """
+        An ALTSVC frame received on stream zero without an origin field is
+        ignored.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_alt_svc_frame(
+            stream_id=0, origin=b"", field=b'h2=":8000"; ma=60'
+        )
+        events = c.receive_data(f.serialize())
+
+        assert not events
+        assert not c.data_to_send()
+
+    def test_receiving_altsvc_on_stream(self, frame_factory):
+        """
+        An ALTSVC frame received on a stream correctly transposes all the
+        fields from the frame and attaches the expected origin.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_alt_svc_frame(
+            stream_id=1, origin=b"", field=b'h2=":8000"; ma=60'
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.AlternativeServiceAvailable)
+        assert event.origin == b"example.com"
+        assert event.field_value == b'h2=":8000"; ma=60'
+
+        # No data gets sent.
+        assert not c.data_to_send()
+
+    def test_receiving_altsvc_on_stream_with_origin(self, frame_factory):
+        """
+        An ALTSVC frame received on a stream with an origin field present gets
+        ignored.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_alt_svc_frame(
+            stream_id=1, origin=b"example.com", field=b'h2=":8000"; ma=60'
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 0
+        assert not c.data_to_send()
+
+    def test_receiving_altsvc_on_stream_not_yet_opened(self, frame_factory):
+        """
+        When an ALTSVC frame is received on a stream the client hasn't yet
+        opened, the frame is ignored.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.clear_outbound_data_buffer()
+
+        # We'll test this twice, once on a client-initiated stream ID and once
+        # on a server initiated one.
+        f1 = frame_factory.build_alt_svc_frame(
+            stream_id=1, origin=b"", field=b'h2=":8000"; ma=60'
+        )
+        f2 = frame_factory.build_alt_svc_frame(
+            stream_id=2, origin=b"", field=b'h2=":8000"; ma=60'
+        )
+        events = c.receive_data(f1.serialize() + f2.serialize())
+
+        assert len(events) == 0
+        assert not c.data_to_send()
+
+    def test_receiving_altsvc_before_sending_headers(self, frame_factory):
+        """
+        When an ALTSVC frame is received but the client hasn't sent headers yet
+        it gets ignored.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+
+        # We need to create the idle stream. We have to do it by calling
+        # a private API. While this can't naturally happen in hyper-h2 (we
+        # don't currently have a mechanism by which this could occur), it could
+        # happen in the future and we defend against it.
+        c._begin_new_stream(
+            stream_id=1, allowed_ids=h2.connection.AllowedStreamIDs.ODD
+        )
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_alt_svc_frame(
+            stream_id=1, origin=b"", field=b'h2=":8000"; ma=60'
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 0
+        assert not c.data_to_send()
+
+    def test_receiving_altsvc_after_receiving_headers(self, frame_factory):
+        """
+        When an ALTSVC frame is received but the server has already sent
+        headers it gets ignored.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+
+        f = frame_factory.build_headers_frame(
+            headers=self.example_response_headers
+        )
+        c.receive_data(f.serialize())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_alt_svc_frame(
+            stream_id=1, origin=b"", field=b'h2=":8000"; ma=60'
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 0
+        assert not c.data_to_send()
+
+    def test_receiving_altsvc_on_closed_stream(self, frame_factory):
+        """
+        When an ALTSVC frame is received on a closed stream, we ignore it.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(
+            stream_id=1, headers=self.example_request_headers, end_stream=True
+        )
+
+        f = frame_factory.build_headers_frame(
+            headers=self.example_response_headers,
+            flags=['END_STREAM'],
+        )
+        c.receive_data(f.serialize())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_alt_svc_frame(
+            stream_id=1, origin=b"", field=b'h2=":8000"; ma=60'
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 0
+        assert not c.data_to_send()
+
+    def test_receiving_altsvc_on_pushed_stream(self, frame_factory):
+        """
+        When an ALTSVC frame is received on a stream that the server pushed,
+        the frame is accepted.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+
+        f = frame_factory.build_push_promise_frame(
+            stream_id=1,
+            promised_stream_id=2,
+            headers=self.example_request_headers
+        )
+        c.receive_data(f.serialize())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_alt_svc_frame(
+            stream_id=2, origin=b"", field=b'h2=":8000"; ma=60'
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 1
+        event = events[0]
+
+        assert isinstance(event, h2.events.AlternativeServiceAvailable)
+        assert event.origin == b"example.com"
+        assert event.field_value == b'h2=":8000"; ma=60'
+
+        # No data gets sent.
+        assert not c.data_to_send()
+
+    def test_cannot_send_explicit_alternative_service(self, frame_factory):
+        """
+        A client cannot send an explicit alternative service.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+        c.clear_outbound_data_buffer()
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.advertise_alternative_service(
+                field_value=b'h2=":8000"; ma=60',
+                origin=b"example.com",
+            )
+
+    def test_cannot_send_implicit_alternative_service(self, frame_factory):
+        """
+        A client cannot send an implicit alternative service.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+        c.clear_outbound_data_buffer()
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.advertise_alternative_service(
+                field_value=b'h2=":8000"; ma=60',
+                stream_id=1,
+            )
+
+
+class TestRFC7838Server(object):
+    """
+    Tests that the server supports sending the RFC 7838 AltSvc frame.
+    """
+    example_request_headers = [
+        (':authority', 'example.com'),
+        (':path', '/'),
+        (':scheme', 'https'),
+        (':method', 'GET'),
+    ]
+    example_response_headers = [
+        (u':status', u'200'),
+        (u'server', u'fake-serv/0.1.0')
+    ]
+
+    server_config = h2.config.H2Configuration(client_side=False)
+
+    def test_receiving_altsvc_as_server_stream_zero(self, frame_factory):
+        """
+        When an ALTSVC frame is received on stream zero and we are a server,
+        we ignore it.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_alt_svc_frame(
+            stream_id=0, origin=b"example.com", field=b'h2=":8000"; ma=60'
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 0
+        assert not c.data_to_send()
+
+    def test_receiving_altsvc_as_server_on_stream(self, frame_factory):
+        """
+        When an ALTSVC frame is received on a stream and we are a server, we
+        ignore it.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_headers_frame(
+            headers=self.example_request_headers
+        )
+        c.receive_data(f.serialize())
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_alt_svc_frame(
+            stream_id=1, origin=b"", field=b'h2=":8000"; ma=60'
+        )
+        events = c.receive_data(f.serialize())
+
+        assert len(events) == 0
+        assert not c.data_to_send()
+
+    def test_sending_explicit_alternative_service(self, frame_factory):
+        """
+        A server can send an explicit alternative service.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        c.advertise_alternative_service(
+            field_value=b'h2=":8000"; ma=60',
+            origin=b"example.com",
+        )
+
+        f = frame_factory.build_alt_svc_frame(
+            stream_id=0, origin=b"example.com", field=b'h2=":8000"; ma=60'
+        )
+        assert c.data_to_send() == f.serialize()
+
+    def test_sending_implicit_alternative_service(self, frame_factory):
+        """
+        A server can send an implicit alternative service.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_headers_frame(
+            headers=self.example_request_headers
+        )
+        c.receive_data(f.serialize())
+        c.clear_outbound_data_buffer()
+
+        c.advertise_alternative_service(
+            field_value=b'h2=":8000"; ma=60',
+            stream_id=1,
+        )
+
+        f = frame_factory.build_alt_svc_frame(
+            stream_id=1, origin=b"", field=b'h2=":8000"; ma=60'
+        )
+        assert c.data_to_send() == f.serialize()
+
+    def test_no_implicit_alternative_service_before_headers(self,
+                                                            frame_factory):
+        """
+        If headers haven't been received yet, the server forbids sending an
+        implicit alternative service.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        c.clear_outbound_data_buffer()
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.advertise_alternative_service(
+                field_value=b'h2=":8000"; ma=60',
+                stream_id=1,
+            )
+
+    def test_no_implicit_alternative_service_after_response(self,
+                                                            frame_factory):
+        """
+        If the server has sent response headers, hyper-h2 forbids sending an
+        implicit alternative service.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        f = frame_factory.build_headers_frame(
+            headers=self.example_request_headers
+        )
+        c.receive_data(f.serialize())
+        c.send_headers(stream_id=1, headers=self.example_response_headers)
+        c.clear_outbound_data_buffer()
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            c.advertise_alternative_service(
+                field_value=b'h2=":8000"; ma=60',
+                stream_id=1,
+            )
+
+    def test_cannot_provide_origin_and_stream_id(self, frame_factory):
+        """
+        The user cannot provide both the origin and stream_id arguments when
+        advertising alternative services.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        f = frame_factory.build_headers_frame(
+            headers=self.example_request_headers
+        )
+        c.receive_data(f.serialize())
+
+        with pytest.raises(ValueError):
+            c.advertise_alternative_service(
+                field_value=b'h2=":8000"; ma=60',
+                origin=b"example.com",
+                stream_id=1,
+            )
+
+    def test_cannot_provide_unicode_altsvc_field(self, frame_factory):
+        """
+        The user cannot provide the field value for alternative services as a
+        unicode string.
+        """
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+
+        with pytest.raises(ValueError):
+            c.advertise_alternative_service(
+                field_value=u'h2=":8000"; ma=60',
+                origin=b"example.com",
+            )
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_settings.py b/testing/web-platform/tests/tools/third_party/h2/test/test_settings.py
new file mode 100644
index 0000000000..d19f93a7c2
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_settings.py
@@ -0,0 +1,470 @@
+# -*- coding: utf-8 -*-
+"""
+test_settings
+~~~~~~~~~~~~~
+
+Test the Settings object.
+"""
+import pytest
+
+import h2.errors
+import h2.exceptions
+import h2.settings
+
+from hypothesis import given, assume
+from hypothesis.strategies import (
+    integers, booleans, fixed_dictionaries, builds
+)
+
+
+class TestSettings(object):
+    """
+    Test the Settings object behaves as expected.
+    """
+    def test_settings_defaults_client(self):
+        """
+        The Settings object begins with the appropriate defaults for clients.
+        """
+        s = h2.settings.Settings(client=True)
+
+        assert s[h2.settings.SettingCodes.HEADER_TABLE_SIZE] == 4096
+        assert s[h2.settings.SettingCodes.ENABLE_PUSH] == 1
+        assert s[h2.settings.SettingCodes.INITIAL_WINDOW_SIZE] == 65535
+        assert s[h2.settings.SettingCodes.MAX_FRAME_SIZE] == 16384
+        assert s[h2.settings.SettingCodes.ENABLE_CONNECT_PROTOCOL] == 0
+
+    def test_settings_defaults_server(self):
+        """
+        The Settings object begins with the appropriate defaults for servers.
+        """
+        s = h2.settings.Settings(client=False)
+
+        assert s[h2.settings.SettingCodes.HEADER_TABLE_SIZE] == 4096
+        assert s[h2.settings.SettingCodes.ENABLE_PUSH] == 0
+        assert s[h2.settings.SettingCodes.INITIAL_WINDOW_SIZE] == 65535
+        assert s[h2.settings.SettingCodes.MAX_FRAME_SIZE] == 16384
+        assert s[h2.settings.SettingCodes.ENABLE_CONNECT_PROTOCOL] == 0
+
+    @pytest.mark.parametrize('client', [True, False])
+    def test_can_set_initial_values(self, client):
+        """
+        The Settings object can be provided initial values that override the
+        defaults.
+        """
+        overrides = {
+            h2.settings.SettingCodes.HEADER_TABLE_SIZE: 8080,
+            h2.settings.SettingCodes.MAX_FRAME_SIZE: 16388,
+            h2.settings.SettingCodes.MAX_CONCURRENT_STREAMS: 100,
+            h2.settings.SettingCodes.MAX_HEADER_LIST_SIZE: 2**16,
+            h2.settings.SettingCodes.ENABLE_CONNECT_PROTOCOL: 1,
+        }
+        s = h2.settings.Settings(client=client, initial_values=overrides)
+
+        assert s[h2.settings.SettingCodes.HEADER_TABLE_SIZE] == 8080
+        assert s[h2.settings.SettingCodes.ENABLE_PUSH] == bool(client)
+        assert s[h2.settings.SettingCodes.INITIAL_WINDOW_SIZE] == 65535
+        assert s[h2.settings.SettingCodes.MAX_FRAME_SIZE] == 16388
+        assert s[h2.settings.SettingCodes.MAX_CONCURRENT_STREAMS] == 100
+        assert s[h2.settings.SettingCodes.MAX_HEADER_LIST_SIZE] == 2**16
+        assert s[h2.settings.SettingCodes.ENABLE_CONNECT_PROTOCOL] == 1
+
+    @pytest.mark.parametrize(
+        'setting,value',
+        [
+            (h2.settings.SettingCodes.ENABLE_PUSH, 2),
+            (h2.settings.SettingCodes.ENABLE_PUSH, -1),
+            (h2.settings.SettingCodes.INITIAL_WINDOW_SIZE, -1),
+            (h2.settings.SettingCodes.INITIAL_WINDOW_SIZE, 2**34),
+            (h2.settings.SettingCodes.MAX_FRAME_SIZE, 1),
+            (h2.settings.SettingCodes.MAX_FRAME_SIZE, 2**30),
+            (h2.settings.SettingCodes.MAX_HEADER_LIST_SIZE, -1),
+            (h2.settings.SettingCodes.ENABLE_CONNECT_PROTOCOL, -1),
+        ]
+    )
+    def test_cannot_set_invalid_initial_values(self, setting, value):
+        """
+        The Settings object can be provided initial values that override the
+        defaults.
+        """
+        overrides = {setting: value}
+
+        with pytest.raises(h2.exceptions.InvalidSettingsValueError):
+            h2.settings.Settings(initial_values=overrides)
+
+    def test_applying_value_doesnt_take_effect_immediately(self):
+        """
+        When a value is applied to the settings object, it doesn't immediately
+        take effect.
+        """
+        s = h2.settings.Settings(client=True)
+        s[h2.settings.SettingCodes.HEADER_TABLE_SIZE] == 8000
+
+        assert s[h2.settings.SettingCodes.HEADER_TABLE_SIZE] == 4096
+
+    def test_acknowledging_values(self):
+        """
+        When we acknowledge settings, the values change.
+        """
+        s = h2.settings.Settings(client=True)
+        old_settings = dict(s)
+
+        new_settings = {
+            h2.settings.SettingCodes.HEADER_TABLE_SIZE: 4000,
+            h2.settings.SettingCodes.ENABLE_PUSH: 0,
+            h2.settings.SettingCodes.INITIAL_WINDOW_SIZE: 60,
+            h2.settings.SettingCodes.MAX_FRAME_SIZE: 16385,
+            h2.settings.SettingCodes.ENABLE_CONNECT_PROTOCOL: 1,
+        }
+        s.update(new_settings)
+
+        assert dict(s) == old_settings
+        s.acknowledge()
+        assert dict(s) == new_settings
+
+    def test_acknowledging_returns_the_changed_settings(self):
+        """
+        Acknowledging settings returns the changes.
+        """
+        s = h2.settings.Settings(client=True)
+        s[h2.settings.SettingCodes.HEADER_TABLE_SIZE] = 8000
+        s[h2.settings.SettingCodes.ENABLE_PUSH] = 0
+
+        changes = s.acknowledge()
+        assert len(changes) == 2
+
+        table_size_change = (
+            changes[h2.settings.SettingCodes.HEADER_TABLE_SIZE]
+        )
+        push_change = changes[h2.settings.SettingCodes.ENABLE_PUSH]
+
+        assert table_size_change.setting == (
+            h2.settings.SettingCodes.HEADER_TABLE_SIZE
+        )
+        assert table_size_change.original_value == 4096
+        assert table_size_change.new_value == 8000
+
+        assert push_change.setting == h2.settings.SettingCodes.ENABLE_PUSH
+        assert push_change.original_value == 1
+        assert push_change.new_value == 0
+
+    def test_acknowledging_only_returns_changed_settings(self):
+        """
+        Acknowledging settings does not return unchanged settings.
+        """
+        s = h2.settings.Settings(client=True)
+        s[h2.settings.SettingCodes.INITIAL_WINDOW_SIZE] = 70
+
+        changes = s.acknowledge()
+        assert len(changes) == 1
+        assert list(changes.keys()) == [
+            h2.settings.SettingCodes.INITIAL_WINDOW_SIZE
+        ]
+
+    def test_deleting_values_deletes_all_of_them(self):
+        """
+        When we delete a key we lose all state about it.
+        """
+        s = h2.settings.Settings(client=True)
+        s[h2.settings.SettingCodes.HEADER_TABLE_SIZE] == 8000
+
+        del s[h2.settings.SettingCodes.HEADER_TABLE_SIZE]
+
+        with pytest.raises(KeyError):
+            s[h2.settings.SettingCodes.HEADER_TABLE_SIZE]
+
+    def test_length_correctly_reported(self):
+        """
+        Length is related only to the number of keys.
+        """
+        s = h2.settings.Settings(client=True)
+        assert len(s) == 5
+
+        s[h2.settings.SettingCodes.HEADER_TABLE_SIZE] == 8000
+        assert len(s) == 5
+
+        s.acknowledge()
+        assert len(s) == 5
+
+        del s[h2.settings.SettingCodes.HEADER_TABLE_SIZE]
+        assert len(s) == 4
+
+    def test_new_values_work(self):
+        """
+        New values initially don't appear
+        """
+        s = h2.settings.Settings(client=True)
+        s[80] = 81
+
+        with pytest.raises(KeyError):
+            s[80]
+
+    def test_new_values_follow_basic_acknowledgement_rules(self):
+        """
+        A new value properly appears when acknowledged.
+        """
+        s = h2.settings.Settings(client=True)
+        s[80] = 81
+        changed_settings = s.acknowledge()
+
+        assert s[80] == 81
+        assert len(changed_settings) == 1
+
+        changed = changed_settings[80]
+        assert changed.setting == 80
+        assert changed.original_value is None
+        assert changed.new_value == 81
+
+    def test_single_values_arent_affected_by_acknowledgement(self):
+        """
+        When acknowledged, unchanged settings remain unchanged.
+        """
+        s = h2.settings.Settings(client=True)
+        assert s[h2.settings.SettingCodes.HEADER_TABLE_SIZE] == 4096
+
+        s.acknowledge()
+        assert s[h2.settings.SettingCodes.HEADER_TABLE_SIZE] == 4096
+
+    def test_settings_getters(self):
+        """
+        Getters exist for well-known settings.
+        """
+        s = h2.settings.Settings(client=True)
+
+        assert s.header_table_size == (
+            s[h2.settings.SettingCodes.HEADER_TABLE_SIZE]
+        )
+        assert s.enable_push == s[h2.settings.SettingCodes.ENABLE_PUSH]
+        assert s.initial_window_size == (
+            s[h2.settings.SettingCodes.INITIAL_WINDOW_SIZE]
+        )
+        assert s.max_frame_size == s[h2.settings.SettingCodes.MAX_FRAME_SIZE]
+        assert s.max_concurrent_streams == 2**32 + 1  # A sensible default.
+        assert s.max_header_list_size is None
+        assert s.enable_connect_protocol == s[
+            h2.settings.SettingCodes.ENABLE_CONNECT_PROTOCOL
+        ]
+
+    def test_settings_setters(self):
+        """
+        Setters exist for well-known settings.
+        """
+        s = h2.settings.Settings(client=True)
+
+        s.header_table_size = 0
+        s.enable_push = 1
+        s.initial_window_size = 2
+        s.max_frame_size = 16385
+        s.max_concurrent_streams = 4
+        s.max_header_list_size = 2**16
+        s.enable_connect_protocol = 1
+
+        s.acknowledge()
+        assert s[h2.settings.SettingCodes.HEADER_TABLE_SIZE] == 0
+        assert s[h2.settings.SettingCodes.ENABLE_PUSH] == 1
+        assert s[h2.settings.SettingCodes.INITIAL_WINDOW_SIZE] == 2
+        assert s[h2.settings.SettingCodes.MAX_FRAME_SIZE] == 16385
+        assert s[h2.settings.SettingCodes.MAX_CONCURRENT_STREAMS] == 4
+        assert s[h2.settings.SettingCodes.MAX_HEADER_LIST_SIZE] == 2**16
+        assert s[h2.settings.SettingCodes.ENABLE_CONNECT_PROTOCOL] == 1
+
+    @given(integers())
+    def test_cannot_set_invalid_values_for_enable_push(self, val):
+        """
+        SETTINGS_ENABLE_PUSH only allows two values: 0, 1.
+        """
+        assume(val not in (0, 1))
+        s = h2.settings.Settings()
+
+        with pytest.raises(h2.exceptions.InvalidSettingsValueError) as e:
+            s.enable_push = val
+
+        s.acknowledge()
+        assert e.value.error_code == h2.errors.ErrorCodes.PROTOCOL_ERROR
+        assert s.enable_push == 1
+
+        with pytest.raises(h2.exceptions.InvalidSettingsValueError) as e:
+            s[h2.settings.SettingCodes.ENABLE_PUSH] = val
+
+        s.acknowledge()
+        assert e.value.error_code == h2.errors.ErrorCodes.PROTOCOL_ERROR
+        assert s[h2.settings.SettingCodes.ENABLE_PUSH] == 1
+
+    @given(integers())
+    def test_cannot_set_invalid_vals_for_initial_window_size(self, val):
+        """
+        SETTINGS_INITIAL_WINDOW_SIZE only allows values between 0 and 2**32 - 1
+        inclusive.
+        """
+        s = h2.settings.Settings()
+
+        if 0 <= val <= 2**31 - 1:
+            s.initial_window_size = val
+            s.acknowledge()
+            assert s.initial_window_size == val
+        else:
+            with pytest.raises(h2.exceptions.InvalidSettingsValueError) as e:
+                s.initial_window_size = val
+
+            s.acknowledge()
+            assert (
+                e.value.error_code == h2.errors.ErrorCodes.FLOW_CONTROL_ERROR
+            )
+            assert s.initial_window_size == 65535
+
+            with pytest.raises(h2.exceptions.InvalidSettingsValueError) as e:
+                s[h2.settings.SettingCodes.INITIAL_WINDOW_SIZE] = val
+
+            s.acknowledge()
+            assert (
+                e.value.error_code == h2.errors.ErrorCodes.FLOW_CONTROL_ERROR
+            )
+            assert s[h2.settings.SettingCodes.INITIAL_WINDOW_SIZE] == 65535
+
+    @given(integers())
+    def test_cannot_set_invalid_values_for_max_frame_size(self, val):
+        """
+        SETTINGS_MAX_FRAME_SIZE only allows values between 2**14 and 2**24 - 1.
+        """
+        s = h2.settings.Settings()
+
+        if 2**14 <= val <= 2**24 - 1:
+            s.max_frame_size = val
+            s.acknowledge()
+            assert s.max_frame_size == val
+        else:
+            with pytest.raises(h2.exceptions.InvalidSettingsValueError) as e:
+                s.max_frame_size = val
+
+            s.acknowledge()
+            assert e.value.error_code == h2.errors.ErrorCodes.PROTOCOL_ERROR
+            assert s.max_frame_size == 16384
+
+            with pytest.raises(h2.exceptions.InvalidSettingsValueError) as e:
+                s[h2.settings.SettingCodes.MAX_FRAME_SIZE] = val
+
+            s.acknowledge()
+            assert e.value.error_code == h2.errors.ErrorCodes.PROTOCOL_ERROR
+            assert s[h2.settings.SettingCodes.MAX_FRAME_SIZE] == 16384
+
+    @given(integers())
+    def test_cannot_set_invalid_values_for_max_header_list_size(self, val):
+        """
+        SETTINGS_MAX_HEADER_LIST_SIZE only allows non-negative values.
+        """
+        s = h2.settings.Settings()
+
+        if val >= 0:
+            s.max_header_list_size = val
+            s.acknowledge()
+            assert s.max_header_list_size == val
+        else:
+            with pytest.raises(h2.exceptions.InvalidSettingsValueError) as e:
+                s.max_header_list_size = val
+
+            s.acknowledge()
+            assert e.value.error_code == h2.errors.ErrorCodes.PROTOCOL_ERROR
+            assert s.max_header_list_size is None
+
+            with pytest.raises(h2.exceptions.InvalidSettingsValueError) as e:
+                s[h2.settings.SettingCodes.MAX_HEADER_LIST_SIZE] = val
+
+            s.acknowledge()
+            assert e.value.error_code == h2.errors.ErrorCodes.PROTOCOL_ERROR
+
+            with pytest.raises(KeyError):
+                s[h2.settings.SettingCodes.MAX_HEADER_LIST_SIZE]
+
+    @given(integers())
+    def test_cannot_set_invalid_values_for_enable_connect_protocol(self, val):
+        """
+        SETTINGS_ENABLE_CONNECT_PROTOCOL only allows two values: 0, 1.
+        """
+        assume(val not in (0, 1))
+        s = h2.settings.Settings()
+
+        with pytest.raises(h2.exceptions.InvalidSettingsValueError) as e:
+            s.enable_connect_protocol = val
+
+        s.acknowledge()
+        assert e.value.error_code == h2.errors.ErrorCodes.PROTOCOL_ERROR
+        assert s.enable_connect_protocol == 0
+
+        with pytest.raises(h2.exceptions.InvalidSettingsValueError) as e:
+            s[h2.settings.SettingCodes.ENABLE_CONNECT_PROTOCOL] = val
+
+        s.acknowledge()
+        assert e.value.error_code == h2.errors.ErrorCodes.PROTOCOL_ERROR
+        assert s[h2.settings.SettingCodes.ENABLE_CONNECT_PROTOCOL] == 0
+
+
+class TestSettingsEquality(object):
+    """
+    A class defining tests for the standard implementation of == and != .
+    """
+
+    SettingsStrategy = builds(
+        h2.settings.Settings,
+        client=booleans(),
+        initial_values=fixed_dictionaries({
+            h2.settings.SettingCodes.HEADER_TABLE_SIZE:
+                integers(0, 2**32 - 1),
+            h2.settings.SettingCodes.ENABLE_PUSH: integers(0, 1),
+            h2.settings.SettingCodes.INITIAL_WINDOW_SIZE:
+                integers(0, 2**31 - 1),
+            h2.settings.SettingCodes.MAX_FRAME_SIZE:
+                integers(2**14, 2**24 - 1),
+            h2.settings.SettingCodes.MAX_CONCURRENT_STREAMS:
+                integers(0, 2**32 - 1),
+            h2.settings.SettingCodes.MAX_HEADER_LIST_SIZE:
+                integers(0, 2**32 - 1),
+        })
+    )
+
+    @given(settings=SettingsStrategy)
+    def test_equality_reflexive(self, settings):
+        """
+        An object compares equal to itself using the == operator and the !=
+        operator.
+        """
+        assert (settings == settings)
+        assert not (settings != settings)
+
+    @given(settings=SettingsStrategy, o_settings=SettingsStrategy)
+    def test_equality_multiple(self, settings, o_settings):
+        """
+        Two objects compare themselves using the == operator and the !=
+        operator.
+        """
+        if settings == o_settings:
+            assert settings == o_settings
+            assert not (settings != o_settings)
+        else:
+            assert settings != o_settings
+            assert not (settings == o_settings)
+
+    @given(settings=SettingsStrategy)
+    def test_another_type_equality(self, settings):
+        """
+        The object does not compare equal to an object of an unrelated type
+        (which does not implement the comparison) using the == operator.
+        """
+        obj = object()
+        assert (settings != obj)
+        assert not (settings == obj)
+
+    @given(settings=SettingsStrategy)
+    def test_delegated_eq(self, settings):
+        """
+        The result of comparison is delegated to the right-hand operand if
+        it is of an unrelated type.
+        """
+        class Delegate(object):
+            def __eq__(self, other):
+                return [self]
+
+            def __ne__(self, other):
+                return [self]
+
+        delg = Delegate()
+        assert (settings == delg) == [delg]
+        assert (settings != delg) == [delg]
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_state_machines.py b/testing/web-platform/tests/tools/third_party/h2/test/test_state_machines.py
new file mode 100644
index 0000000000..034ae909d2
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_state_machines.py
@@ -0,0 +1,163 @@
+# -*- coding: utf-8 -*-
+"""
+test_state_machines
+~~~~~~~~~~~~~~~~~~~
+
+These tests validate the state machines directly. Writing meaningful tests for
+this case can be tricky, so the majority of these tests use Hypothesis to try
+to talk about general behaviours rather than specific cases.
+"""
+import pytest
+
+import h2.connection
+import h2.exceptions
+import h2.stream
+
+from hypothesis import given
+from hypothesis.strategies import sampled_from
+
+
+class TestConnectionStateMachine(object):
+    """
+    Tests of the connection state machine.
+    """
+    @given(state=sampled_from(h2.connection.ConnectionState),
+           input_=sampled_from(h2.connection.ConnectionInputs))
+    def test_state_transitions(self, state, input_):
+        c = h2.connection.H2ConnectionStateMachine()
+        c.state = state
+
+        try:
+            c.process_input(input_)
+        except h2.exceptions.ProtocolError:
+            assert c.state == h2.connection.ConnectionState.CLOSED
+        else:
+            assert c.state in h2.connection.ConnectionState
+
+    def test_state_machine_only_allows_connection_states(self):
+        """
+        The Connection state machine only allows ConnectionState inputs.
+        """
+        c = h2.connection.H2ConnectionStateMachine()
+
+        with pytest.raises(ValueError):
+            c.process_input(1)
+
+    @pytest.mark.parametrize(
+        "state",
+        (
+            s for s in h2.connection.ConnectionState
+            if s != h2.connection.ConnectionState.CLOSED
+        ),
+    )
+    @pytest.mark.parametrize(
+        "input_",
+        [
+            h2.connection.ConnectionInputs.RECV_PRIORITY,
+            h2.connection.ConnectionInputs.SEND_PRIORITY
+        ]
+    )
+    def test_priority_frames_allowed_in_all_states(self, state, input_):
+        """
+        Priority frames can be sent/received in all connection states except
+        closed.
+        """
+        c = h2.connection.H2ConnectionStateMachine()
+        c.state = state
+
+        c.process_input(input_)
+
+
+class TestStreamStateMachine(object):
+    """
+    Tests of the stream state machine.
+    """
+    @given(state=sampled_from(h2.stream.StreamState),
+           input_=sampled_from(h2.stream.StreamInputs))
+    def test_state_transitions(self, state, input_):
+        s = h2.stream.H2StreamStateMachine(stream_id=1)
+        s.state = state
+
+        try:
+            s.process_input(input_)
+        except h2.exceptions.StreamClosedError:
+            # This can only happen for streams that started in the closed
+            # state OR where the input was RECV_DATA and the state was not
+            # OPEN or HALF_CLOSED_LOCAL OR where the state was
+            # HALF_CLOSED_REMOTE and a frame was received.
+            if state == h2.stream.StreamState.CLOSED:
+                assert s.state == h2.stream.StreamState.CLOSED
+            elif input_ == h2.stream.StreamInputs.RECV_DATA:
+                assert s.state == h2.stream.StreamState.CLOSED
+                assert state not in (
+                    h2.stream.StreamState.OPEN,
+                    h2.stream.StreamState.HALF_CLOSED_LOCAL,
+                )
+            elif state == h2.stream.StreamState.HALF_CLOSED_REMOTE:
+                assert input_ in (
+                    h2.stream.StreamInputs.RECV_HEADERS,
+                    h2.stream.StreamInputs.RECV_PUSH_PROMISE,
+                    h2.stream.StreamInputs.RECV_DATA,
+                    h2.stream.StreamInputs.RECV_CONTINUATION,
+                )
+        except h2.exceptions.ProtocolError:
+            assert s.state == h2.stream.StreamState.CLOSED
+        else:
+            assert s.state in h2.stream.StreamState
+
+    def test_state_machine_only_allows_stream_states(self):
+        """
+        The Stream state machine only allows StreamState inputs.
+        """
+        s = h2.stream.H2StreamStateMachine(stream_id=1)
+
+        with pytest.raises(ValueError):
+            s.process_input(1)
+
+    def test_stream_state_machine_forbids_pushes_on_server_streams(self):
+        """
+        Streams where this peer is a server do not allow receiving pushed
+        frames.
+        """
+        s = h2.stream.H2StreamStateMachine(stream_id=1)
+        s.process_input(h2.stream.StreamInputs.RECV_HEADERS)
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            s.process_input(h2.stream.StreamInputs.RECV_PUSH_PROMISE)
+
+    def test_stream_state_machine_forbids_sending_pushes_from_clients(self):
+        """
+        Streams where this peer is a client do not allow sending pushed frames.
+        """
+        s = h2.stream.H2StreamStateMachine(stream_id=1)
+        s.process_input(h2.stream.StreamInputs.SEND_HEADERS)
+
+        with pytest.raises(h2.exceptions.ProtocolError):
+            s.process_input(h2.stream.StreamInputs.SEND_PUSH_PROMISE)
+
+    @pytest.mark.parametrize(
+        "input_",
+        [
+            h2.stream.StreamInputs.SEND_HEADERS,
+            h2.stream.StreamInputs.SEND_PUSH_PROMISE,
+            h2.stream.StreamInputs.SEND_RST_STREAM,
+            h2.stream.StreamInputs.SEND_DATA,
+            h2.stream.StreamInputs.SEND_WINDOW_UPDATE,
+            h2.stream.StreamInputs.SEND_END_STREAM,
+        ]
+    )
+    def test_cannot_send_on_closed_streams(self, input_):
+        """
+        Sending anything but a PRIORITY frame is forbidden on closed streams.
+        """
+        c = h2.stream.H2StreamStateMachine(stream_id=1)
+        c.state = h2.stream.StreamState.CLOSED
+
+        expected_error = (
+            h2.exceptions.ProtocolError
+            if input_ == h2.stream.StreamInputs.SEND_PUSH_PROMISE
+            else h2.exceptions.StreamClosedError
+        )
+
+        with pytest.raises(expected_error):
+            c.process_input(input_)
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_stream_reset.py b/testing/web-platform/tests/tools/third_party/h2/test/test_stream_reset.py
new file mode 100644
index 0000000000..778445515f
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_stream_reset.py
@@ -0,0 +1,137 @@
+# -*- coding: utf-8 -*-
+"""
+test_stream_reset
+~~~~~~~~~~~~~~~~~
+
+More complex tests that exercise stream resetting functionality to validate
+that connection state is appropriately maintained.
+
+Specifically, these tests validate that streams that have been reset accurately
+keep track of connection-level state.
+"""
+import pytest
+
+import h2.connection
+import h2.errors
+import h2.events
+
+
+class TestStreamReset(object):
+    """
+    Tests for resetting streams.
+    """
+    example_request_headers = [
+        (b':authority', b'example.com'),
+        (b':path', b'/'),
+        (b':scheme', b'https'),
+        (b':method', b'GET'),
+    ]
+    example_response_headers = [
+        (b':status', b'200'),
+        (b'server', b'fake-serv/0.1.0'),
+        (b'content-length', b'0')
+    ]
+
+    def test_reset_stream_keeps_header_state_correct(self, frame_factory):
+        """
+        A stream that has been reset still affects the header decoder.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+        c.reset_stream(stream_id=1)
+        c.send_headers(stream_id=3, headers=self.example_request_headers)
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_headers_frame(
+            headers=self.example_response_headers, stream_id=1
+        )
+        rst_frame = frame_factory.build_rst_stream_frame(
+            1, h2.errors.ErrorCodes.STREAM_CLOSED
+        )
+        events = c.receive_data(f.serialize())
+        assert not events
+        assert c.data_to_send() == rst_frame.serialize()
+
+        # This works because the header state should be intact from the headers
+        # frame that was send on stream 1, so they should decode cleanly.
+        f = frame_factory.build_headers_frame(
+            headers=self.example_response_headers, stream_id=3
+        )
+        event = c.receive_data(f.serialize())[0]
+
+        assert isinstance(event, h2.events.ResponseReceived)
+        assert event.stream_id == 3
+        assert event.headers == self.example_response_headers
+
+    @pytest.mark.parametrize('close_id,other_id', [(1, 3), (3, 1)])
+    def test_reset_stream_keeps_flow_control_correct(self,
+                                                     close_id,
+                                                     other_id,
+                                                     frame_factory):
+        """
+        A stream that has been reset does not affect the connection flow
+        control window.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+        c.send_headers(stream_id=3, headers=self.example_request_headers)
+
+        # Record the initial window size.
+        initial_window = c.remote_flow_control_window(stream_id=other_id)
+
+        f = frame_factory.build_headers_frame(
+            headers=self.example_response_headers, stream_id=close_id
+        )
+        c.receive_data(f.serialize())
+        c.reset_stream(stream_id=close_id)
+        c.clear_outbound_data_buffer()
+
+        f = frame_factory.build_data_frame(
+            data=b'some data',
+            stream_id=close_id
+        )
+        c.receive_data(f.serialize())
+
+        expected = frame_factory.build_rst_stream_frame(
+            stream_id=close_id,
+            error_code=h2.errors.ErrorCodes.STREAM_CLOSED,
+        ).serialize()
+        assert c.data_to_send() == expected
+
+        new_window = c.remote_flow_control_window(stream_id=other_id)
+        assert initial_window - len(b'some data') == new_window
+
+    @pytest.mark.parametrize('clear_streams', [True, False])
+    def test_reset_stream_automatically_resets_pushed_streams(self,
+                                                              frame_factory,
+                                                              clear_streams):
+        """
+        Resetting a stream causes RST_STREAM frames to be automatically emitted
+        to close any streams pushed after the reset.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        c.send_headers(stream_id=1, headers=self.example_request_headers)
+        c.reset_stream(stream_id=1)
+        c.clear_outbound_data_buffer()
+
+        if clear_streams:
+            # Call open_outbound_streams to force the connection to clean
+            # closed streams.
+            c.open_outbound_streams
+
+        f = frame_factory.build_push_promise_frame(
+            stream_id=1,
+            promised_stream_id=2,
+            headers=self.example_request_headers,
+        )
+        events = c.receive_data(f.serialize())
+        assert not events
+
+        f = frame_factory.build_rst_stream_frame(
+            stream_id=2,
+            error_code=h2.errors.ErrorCodes.REFUSED_STREAM,
+        )
+        assert c.data_to_send() == f.serialize()
diff --git a/testing/web-platform/tests/tools/third_party/h2/test/test_utility_functions.py b/testing/web-platform/tests/tools/third_party/h2/test/test_utility_functions.py
new file mode 100644
index 0000000000..4cb0b2ae60
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test/test_utility_functions.py
@@ -0,0 +1,226 @@
+# -*- coding: utf-8 -*-
+"""
+test_utility_functions
+~~~~~~~~~~~~~~~~~~~~~~
+
+Tests for the various utility functions provided by hyper-h2.
+"""
+import pytest
+
+import h2.config
+import h2.connection
+import h2.errors
+import h2.events
+import h2.exceptions
+from h2.utilities import SizeLimitDict, extract_method_header
+
+# These tests require a non-list-returning range function.
+try:
+    range = xrange
+except NameError:
+    range = range
+
+
+class TestGetNextAvailableStreamID(object):
+    """
+    Tests for the ``H2Connection.get_next_available_stream_id`` method.
+    """
+    example_request_headers = [
+        (':authority', 'example.com'),
+        (':path', '/'),
+        (':scheme', 'https'),
+        (':method', 'GET'),
+    ]
+    example_response_headers = [
+        (':status', '200'),
+        ('server', 'fake-serv/0.1.0')
+    ]
+    server_config = h2.config.H2Configuration(client_side=False)
+
+    def test_returns_correct_sequence_for_clients(self, frame_factory):
+        """
+        For a client connection, the correct sequence of stream IDs is
+        returned.
+        """
+        # Running the exhaustive version of this test (all 1 billion available
+        # stream IDs) is too painful. For that reason, we validate that the
+        # original sequence is right for the first few thousand, and then just
+        # check that it terminates properly.
+        #
+        # Make sure that the streams get cleaned up: 8k streams floating
+        # around would make this test memory-hard, and it's not supposed to be
+        # a test of how much RAM your machine has.
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+        initial_sequence = range(1, 2**13, 2)
+
+        for expected_stream_id in initial_sequence:
+            stream_id = c.get_next_available_stream_id()
+            assert stream_id == expected_stream_id
+
+            c.send_headers(
+                stream_id=stream_id,
+                headers=self.example_request_headers,
+                end_stream=True
+            )
+            f = frame_factory.build_headers_frame(
+                headers=self.example_response_headers,
+                stream_id=stream_id,
+                flags=['END_STREAM'],
+            )
+            c.receive_data(f.serialize())
+            c.clear_outbound_data_buffer()
+
+        # Jump up to the last available stream ID. Don't clean up the stream
+        # here because who cares about one stream.
+        last_client_id = 2**31 - 1
+        c.send_headers(
+            stream_id=last_client_id,
+            headers=self.example_request_headers,
+            end_stream=True
+        )
+
+        with pytest.raises(h2.exceptions.NoAvailableStreamIDError):
+            c.get_next_available_stream_id()
+
+    def test_returns_correct_sequence_for_servers(self, frame_factory):
+        """
+        For a server connection, the correct sequence of stream IDs is
+        returned.
+        """
+        # Running the exhaustive version of this test (all 1 billion available
+        # stream IDs) is too painful. For that reason, we validate that the
+        # original sequence is right for the first few thousand, and then just
+        # check that it terminates properly.
+        #
+        # Make sure that the streams get cleaned up: 8k streams floating
+        # around would make this test memory-hard, and it's not supposed to be
+        # a test of how much RAM your machine has.
+        c = h2.connection.H2Connection(config=self.server_config)
+        c.initiate_connection()
+        c.receive_data(frame_factory.preamble())
+        f = frame_factory.build_headers_frame(
+            headers=self.example_request_headers
+        )
+        c.receive_data(f.serialize())
+
+        initial_sequence = range(2, 2**13, 2)
+
+        for expected_stream_id in initial_sequence:
+            stream_id = c.get_next_available_stream_id()
+            assert stream_id == expected_stream_id
+
+            c.push_stream(
+                stream_id=1,
+                promised_stream_id=stream_id,
+                request_headers=self.example_request_headers
+            )
+            c.send_headers(
+                stream_id=stream_id,
+                headers=self.example_response_headers,
+                end_stream=True
+            )
+            c.clear_outbound_data_buffer()
+
+        # Jump up to the last available stream ID. Don't clean up the stream
+        # here because who cares about one stream.
+        last_server_id = 2**31 - 2
+        c.push_stream(
+            stream_id=1,
+            promised_stream_id=last_server_id,
+            request_headers=self.example_request_headers,
+        )
+
+        with pytest.raises(h2.exceptions.NoAvailableStreamIDError):
+            c.get_next_available_stream_id()
+
+    def test_does_not_increment_without_stream_send(self):
+        """
+        If a new stream isn't actually created, the next stream ID doesn't
+        change.
+        """
+        c = h2.connection.H2Connection()
+        c.initiate_connection()
+
+        first_stream_id = c.get_next_available_stream_id()
+        second_stream_id = c.get_next_available_stream_id()
+
+        assert first_stream_id == second_stream_id
+
+        c.send_headers(
+            stream_id=first_stream_id,
+            headers=self.example_request_headers
+        )
+
+        third_stream_id = c.get_next_available_stream_id()
+        assert third_stream_id == (first_stream_id + 2)
+
+
+class TestExtractHeader(object):
+
+    example_request_headers = [
+            (u':authority', u'example.com'),
+            (u':path', u'/'),
+            (u':scheme', u'https'),
+            (u':method', u'GET'),
+    ]
+    example_headers_with_bytes = [
+            (b':authority', b'example.com'),
+            (b':path', b'/'),
+            (b':scheme', b'https'),
+            (b':method', b'GET'),
+    ]
+
+    @pytest.mark.parametrize(
+        'headers', [example_request_headers, example_headers_with_bytes]
+    )
+    def test_extract_header_method(self, headers):
+        assert extract_method_header(headers) == b'GET'
+
+
+def test_size_limit_dict_limit():
+    dct = SizeLimitDict(size_limit=2)
+
+    dct[1] = 1
+    dct[2] = 2
+
+    assert len(dct) == 2
+    assert dct[1] == 1
+    assert dct[2] == 2
+
+    dct[3] = 3
+
+    assert len(dct) == 2
+    assert dct[2] == 2
+    assert dct[3] == 3
+    assert 1 not in dct
+
+
+def test_size_limit_dict_limit_init():
+    initial_dct = {
+        1: 1,
+        2: 2,
+        3: 3,
+    }
+
+    dct = SizeLimitDict(initial_dct, size_limit=2)
+
+    assert len(dct) == 2
+
+
+def test_size_limit_dict_no_limit():
+    dct = SizeLimitDict(size_limit=None)
+
+    dct[1] = 1
+    dct[2] = 2
+
+    assert len(dct) == 2
+    assert dct[1] == 1
+    assert dct[2] == 2
+
+    dct[3] = 3
+
+    assert len(dct) == 3
+    assert dct[1] == 1
+    assert dct[2] == 2
+    assert dct[3] == 3
diff --git a/testing/web-platform/tests/tools/third_party/h2/test_requirements.txt b/testing/web-platform/tests/tools/third_party/h2/test_requirements.txt
new file mode 100644
index 0000000000..e0eefa28ac
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/test_requirements.txt
@@ -0,0 +1,5 @@
+pytest==4.6.5  # rq.filter: < 5
+pytest-cov==2.8.1
+pytest-xdist==1.31.0
+coverage==4.5.4
+hypothesis
diff --git a/testing/web-platform/tests/tools/third_party/h2/tox.ini b/testing/web-platform/tests/tools/third_party/h2/tox.ini
new file mode 100644
index 0000000000..971f9a07e9
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/tox.ini
@@ -0,0 +1,48 @@
+[tox]
+envlist = py27, py34, py35, py36, py37, py38, pypy, lint, packaging, docs
+
+[testenv]
+deps= -r{toxinidir}/test_requirements.txt
+commands=
+    coverage run -m py.test {posargs}
+    coverage report
+
+[testenv:pypy]
+# temporarily disable coverage testing on PyPy due to performance problems
+commands= py.test {posargs}
+
+[testenv:lint]
+basepython=python3.7
+deps = flake8==3.7.8
+commands = flake8 --max-complexity 10 h2 test
+
+[testenv:docs]
+basepython=python3.7
+deps = sphinx==2.2.0
+changedir = {toxinidir}/docs
+whitelist_externals = rm
+commands =
+    rm -rf build
+    sphinx-build -nW -b html -d build/doctrees source build/html
+
+[testenv:graphs]
+basepython=python2.7
+deps = graphviz==0.13
+commands =
+    python visualizer/visualize.py -i docs/source/_static
+
+[testenv:packaging]
+basepython=python3.7
+deps =
+    check-manifest==0.39
+    readme-renderer==24.0
+commands =
+    check-manifest
+    python setup.py check --metadata --restructuredtext --strict
+
+[testenv:h2spec]
+basepython=python3.6
+deps = twisted[tls]==19.7.0
+whitelist_externals = {toxinidir}/test/h2spectest.sh
+commands =
+    {toxinidir}/test/h2spectest.sh
diff --git a/testing/web-platform/tests/tools/third_party/h2/utils/backport.sh b/testing/web-platform/tests/tools/third_party/h2/utils/backport.sh
new file mode 100755
index 0000000000..273c1479b2
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/utils/backport.sh
@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+# This script is invoked as follows: the first argument is the target branch
+# for the backport. All following arguments are considered the "commit spec",
+# and will be passed to cherry-pick.
+
+TARGET_BRANCH="$1"
+PR_BRANCH="backport-${TARGET_BRANCH}"
+COMMIT_SPEC="${@:2}"
+
+if ! git checkout "$TARGET_BRANCH"; then
+    echo "Failed to checkout $TARGET_BRANCH"
+    exit 1
+fi
+
+if ! git pull --ff-only; then
+    echo "Unable to update $TARGET_BRANCH"
+    exit 2
+fi
+
+if ! git checkout -b "$PR_BRANCH"; then
+    echo "Failed to open new branch $PR_BRANCH"
+    exit 3
+fi
+
+if ! git cherry-pick -x $COMMIT_SPEC; then
+    echo "Cherry-pick failed. Please fix up manually."
+else
+    echo "Clean backport. Add changelog and open PR."
+fi
+
diff --git a/testing/web-platform/tests/tools/third_party/h2/visualizer/NOTICES.visualizer b/testing/web-platform/tests/tools/third_party/h2/visualizer/NOTICES.visualizer
new file mode 100644
index 0000000000..202ca64e17
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/visualizer/NOTICES.visualizer
@@ -0,0 +1,24 @@
+This module contains code inspired by and borrowed from Automat. That code was
+made available under the following license:
+
+Copyright (c) 2014
+Rackspace
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/testing/web-platform/tests/tools/third_party/h2/visualizer/visualize.py b/testing/web-platform/tests/tools/third_party/h2/visualizer/visualize.py
new file mode 100644
index 0000000000..1fd3f179cb
--- /dev/null
+++ b/testing/web-platform/tests/tools/third_party/h2/visualizer/visualize.py
@@ -0,0 +1,252 @@
+# -*- coding: utf-8 -*-
+"""
+State Machine Visualizer
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+This code provides a module that can use graphviz to visualise the state
+machines included in hyper-h2. These visualisations can be used as part of the
+documentation of hyper-h2, and as a reference material to understand how the
+state machines function.
+
+The code in this module is heavily inspired by code in Automat, which can be
+found here: https://github.com/glyph/automat. For details on the licensing of
+Automat, please see the NOTICES.visualizer file in this folder.
+
+This module is very deliberately not shipped with the rest of hyper-h2. This is
+because it is of minimal value to users who are installing hyper-h2: its use
+is only really for the developers of hyper-h2.
+"""
+from __future__ import print_function
+import argparse
+import collections
+import sys
+
+import graphviz
+import graphviz.files
+
+import h2.connection
+import h2.stream
+
+
+StateMachine = collections.namedtuple(
+    'StateMachine', ['fqdn', 'machine', 'states', 'inputs', 'transitions']
+)
+
+
+# This is all the state machines we currently know about and will render.
+# If any new state machines are added, they should be inserted here.
+STATE_MACHINES = [
+    StateMachine(
+        fqdn='h2.connection.H2ConnectionStateMachine',
+        machine=h2.connection.H2ConnectionStateMachine,
+        states=h2.connection.ConnectionState,
+        inputs=h2.connection.ConnectionInputs,
+        transitions=h2.connection.H2ConnectionStateMachine._transitions,
+    ),
+    StateMachine(
+        fqdn='h2.stream.H2StreamStateMachine',
+        machine=h2.stream.H2StreamStateMachine,
+        states=h2.stream.StreamState,
+        inputs=h2.stream.StreamInputs,
+        transitions=h2.stream._transitions,
+    ),
+]
+
+
+def quote(s):
+    return '"{}"'.format(s.replace('"', r'\"'))
+
+
+def html(s):
+    return '<{}>'.format(s)
+
+
+def element(name, *children, **attrs):
+    """
+    Construct a string from the HTML element description.
+    """
+    formatted_attributes = ' '.join(
+        '{}={}'.format(key, quote(str(value)))
+        for key, value in sorted(attrs.items())
+    )
+    formatted_children = ''.join(children)
+    return u'<{name} {attrs}>{children}</{name}>'.format(
+        name=name,
+        attrs=formatted_attributes,
+        children=formatted_children
+    )
+
+
+def row_for_output(event, side_effect):
+    """
+    Given an output tuple (an event and its side effect), generates a table row
+    from it.
+    """
+    point_size = {'point-size': '9'}
+    event_cell = element(
+        "td",
+        element("font", enum_member_name(event), **point_size)
+    )
+    side_effect_name = (
+        function_name(side_effect) if side_effect is not None else "None"
+    )
+    side_effect_cell = element(
+        "td",
+        element("font", side_effect_name, **point_size)
+    )
+    return element("tr", event_cell, side_effect_cell)
+
+
+def table_maker(initial_state, final_state, outputs, port):
+    """
+    Construct an HTML table to label a state transition.
+    """
+    header = "{} -&gt; {}".format(
+        enum_member_name(initial_state), enum_member_name(final_state)
+    )
+    header_row = element(
+        "tr",
+        element(
+            "td",
+            element(
+                "font",
+                header,
+                face="menlo-italic"
+            ),
+            port=port,
+            colspan="2",
+        )
+    )
+    rows = [header_row]
+    rows.extend(row_for_output(*output) for output in outputs)
+    return element("table", *rows)
+
+
+def enum_member_name(state):
+    """
+    All enum member names have the form <EnumClassName>.<EnumMemberName>. For
+    our rendering we only want the member name, so we take their representation
+    and split it.
+    """
+    return str(state).split('.', 1)[1]
+
+
+def function_name(func):
+    """
+    Given a side-effect function, return its string name.
+    """
+    return func.__name__
+
+
+def build_digraph(state_machine):
+    """
+    Produce a L{graphviz.Digraph} object from a state machine.
+    """
+    digraph = graphviz.Digraph(node_attr={'fontname': 'Menlo'},
+                               edge_attr={'fontname': 'Menlo'},
+                               graph_attr={'dpi': '200'})
+
+    # First, add the states as nodes.
+    seen_first_state = False
+    for state in state_machine.states:
+        if not seen_first_state:
+            state_shape = "bold"
+            font_name = "Menlo-Bold"
+        else:
+            state_shape = ""
+            font_name = "Menlo"
+        digraph.node(enum_member_name(state),
+                     fontame=font_name,
+                     shape="ellipse",
+                     style=state_shape,
+                     color="blue")
+        seen_first_state = True
+
+    # We frequently have vary many inputs that all trigger the same state
+    # transition, and only differ in terms of their input and side-effect. It
+    # would be polite to say that graphviz does not handle this very well. So
+    # instead we *collapse* the state transitions all into the one edge, and
+    # then provide a label that displays a table of all the inputs and their
+    # associated side effects.
+    transitions = collections.defaultdict(list)
+    for transition in state_machine.transitions.items():
+        initial_state, event = transition[0]
+        side_effect, final_state = transition[1]
+        transition_key = (initial_state, final_state)
+        transitions[transition_key].append((event, side_effect))
+
+    for n, (transition_key, outputs) in enumerate(transitions.items()):
+        this_transition = "t{}".format(n)
+        initial_state, final_state = transition_key
+
+        port = "tableport"
+        table = table_maker(
+            initial_state=initial_state,
+            final_state=final_state,
+            outputs=outputs,
+            port=port
+        )
+
+        digraph.node(this_transition,
+                     label=html(table), margin="0.2", shape="none")
+
+        digraph.edge(enum_member_name(initial_state),
+                     '{}:{}:w'.format(this_transition, port),
+                     arrowhead="none")
+        digraph.edge('{}:{}:e'.format(this_transition, port),
+                     enum_member_name(final_state))
+
+    return digraph
+
+
+def main():
+    """
+    Renders all the state machines in hyper-h2 into images.
+    """
+    program_name = sys.argv[0]
+    argv = sys.argv[1:]
+
+    description = """
+    Visualize hyper-h2 state machines as graphs.
+    """
+    epilog = """
+    You must have the graphviz tool suite installed.  Please visit
+    http://www.graphviz.org for more information.
+    """
+
+    argument_parser = argparse.ArgumentParser(
+        prog=program_name,
+        description=description,
+        epilog=epilog
+    )
+    argument_parser.add_argument(
+        '--image-directory',
+        '-i',
+        help="Where to write out image files.",
+        default=".h2_visualize"
+    )
+    argument_parser.add_argument(
+        '--view',
+        '-v',
+        help="View rendered graphs with default image viewer",
+        default=False,
+        action="store_true"
+    )
+    args = argument_parser.parse_args(argv)
+
+    for state_machine in STATE_MACHINES:
+        print(state_machine.fqdn, '...discovered')
+
+        digraph = build_digraph(state_machine)
+
+        if args.image_directory:
+            digraph.format = "png"
+            digraph.render(filename="{}.dot".format(state_machine.fqdn),
+                           directory=args.image_directory,
+                           view=args.view,
+                           cleanup=True)
+            print(state_machine.fqdn, "...wrote image into", args.image_directory)
+
+
+if __name__ == '__main__':
+    main()