Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

messaging 2.3: version (rewriting by intermediaries) #751

Closed
wtarreau opened this issue Feb 7, 2021 · 3 comments · Fixed by #774
Closed

messaging 2.3: version (rewriting by intermediaries) #751

wtarreau opened this issue Feb 7, 2021 · 3 comments · Fixed by #774

Comments

@wtarreau
Copy link

wtarreau commented Feb 7, 2021

It's written:

Intermediaries that process HTTP messages ... MUST send their own HTTP-version in forwarded messages```

Actually I'd rather say "MUST send a version no higher than their own in forwarded messages" (poor wording, I know, maybe someone can propose better).

Indeed, if an intermediary receives an HTTP/1.0 request and passes it as HTTP/1.1, the server will wrongly assume that the client can deal with 1.1 (e.g. chunks) and the message may have to be degraded by the intermediary (such as de-chunking and rely on close only). Furthermore, seeing 1.0 for a server is often an indication of very limited (or possibly bogus) client. For example some intermediaries might avoid compressing or caching when facing HTTP/1.0 messages, and as such it's preferable to let such versions be properly advertised in messages that could be considered as potentially unsafe.

Maybe a different wording should be "intermediaries... MUST NOT pass a message showing a version they do not support, and MUST make sure the message always conforms to the advertised version".

@martinthomson
Copy link
Contributor

I agree with Willy: the underlying requirement is that intermediaries accept and send messages only in versions that they understand (unless acting as a tunnel, I guess). The original text basically means that, even if it is phrased in terms of what value is placed in a specific field rather than as the true requirement.

@mnot mnot added the discuss label Feb 10, 2021
@mnot
Copy link
Member

mnot commented Feb 11, 2021

Discussed at Feb 21 interim; should work on a proposal to loosen this somewhat, at least for intermediaries. SHOULD + context?

@wtarreau
Copy link
Author

OK let's try with that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

Successfully merging a pull request may close this issue.

4 participants