You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is some good discussion in [HTTP-SEMANTICS] about the risk of
CONNECT being used as an arbitrary tunnel, that is probably worth
referencing from here.
The CONNECT method can be used to create disproportionate load on a
proxy, since stream creation is relatively inexpensive when compared
to the creation and maintenance of a TCP connection. A proxy might
also maintain some resources for a TCP connection beyond the closing
of the stream that carries the CONNECT request, since the outgoing
TCP connection remains in the TIME_WAIT state. Therefore, a proxy
cannot rely on QUIC stream limits alone to control the resources
consumed by CONNECT requests.
I'm not sure how well this last sentence translates from HTTP/2 to
HTTP/3 -- in HTTP/2 the limit is on the number of concurrent streams,
but QUIC gives a hard cap on the absolute stream number, so IIUC an
endpoint could refuse to allow new streams until TCP state had quiesced.
(Of course, this would also prevent any new HTTP requests from being
sent...)
The text was updated successfully, but these errors were encountered:
@kaduk said
The text was updated successfully, but these errors were encountered: