-
-
Notifications
You must be signed in to change notification settings - Fork 15.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HttpConversionUtil.toHttp2Headers should strip http/2 incompatible headers #7355
Comments
@mosesn sounds right... want to do a PR against |
we could enhance the conversion to extract out the |
I made a PR that extracted the trailers value and also cleaned up the behavior around "connection", which I think was wrong. #7399 |
mosesn
added a commit
to mosesn/netty
that referenced
this issue
Nov 16, 2017
Motivation: Netty could handle "connection" or "te" headers more gently when converting from http/1.1 to http/2 headers. Http/2 headers don't support single-hop headers, so when we convert from http/1.1 to http/2, we should drop all single-hop headers. This includes headers like "transfer-encoding" and "connection", but also the headers that "connection" points to, since "connection" can be used to designate other headers as single-hop headers. For the "te" header, we can more permissively convert it by just dropping non-conforming headers (ie non-"trailers" headers) which is what we do for all other headers when we convert. Modifications: Add a new blacklist to the http/1.1 to http/2 conversion, which is constructed from the values of the "connection" header, and stop throwing an exception when a "te" header is passed with a non-"trailers" value. Instead, drop all values except for "trailers". Add unit tests for "connection" and "te" headers when converting from http/1.1 to http/2. Result: This will improve the h2c upgrade request, and also conversions from http/1.1 to http/2. This will simplify implementing spec-compliant http/2 servers that want to share code between their http/1.1 and http/2 implementations. [Fixes netty#7355]
Fixed by #7399 |
kiril-me
pushed a commit
to kiril-me/netty
that referenced
this issue
Feb 28, 2018
Motivation: Netty could handle "connection" or "te" headers more gently when converting from http/1.1 to http/2 headers. Http/2 headers don't support single-hop headers, so when we convert from http/1.1 to http/2, we should drop all single-hop headers. This includes headers like "transfer-encoding" and "connection", but also the headers that "connection" points to, since "connection" can be used to designate other headers as single-hop headers. For the "te" header, we can more permissively convert it by just dropping non-conforming headers (ie non-"trailers" headers) which is what we do for all other headers when we convert. Modifications: Add a new blacklist to the http/1.1 to http/2 conversion, which is constructed from the values of the "connection" header, and stop throwing an exception when a "te" header is passed with a non-"trailers" value. Instead, drop all values except for "trailers". Add unit tests for "connection" and "te" headers when converting from http/1.1 to http/2. Result: This will improve the h2c upgrade request, and also conversions from http/1.1 to http/2. This will simplify implementing spec-compliant http/2 servers that want to share code between their http/1.1 and http/2 implementations. [Fixes netty#7355]
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Expected behavior
When servers receive an h2c upgrade request, it's an http/1.1 message, and it quickly gets turned into an h2c message.
Actual behavior
If the upgrade request has illegal headers, like
te: deflate,gzip;q=0.3
then it doesn't handle it gracefully and throws an exception.Steps to reproduce
Send an h2c upgrade request to a server that has illegal h2c headers (like
te: deflate,gzip;q=0.3
).Minimal yet complete reproducer code (or URL to code)
Haven't had a chance to repro
Netty version
4.1.16.Final
JVM version (e.g.
java -version
)jdk8
OS version (e.g.
uname -a
)Darwin tw-mbp13-mnakamura.local 16.7.0 Darwin Kernel Version 16.7.0: Thu Jun 15 17:36:27 PDT 2017; root:xnu-3789.70.16~2/RELEASE_X86_64 x86_64
workaround
I haven't found a workaround for this, so it would be lovely if you had any ideas here. I think it just needs to be fixed in netty. Here's what we normally do in finagle:
https://github.com/twitter/finagle/blob/develop/finagle-http2/src/main/scala/com/twitter/finagle/http2/transport/RichHttp2ServerDowngrader.scala#L10-L20
The text was updated successfully, but these errors were encountered: