Describe CONNECT method #100
Conversation
| used with HTTP proxies to establish a TLS session with an origin server for the | ||
| purposes of interacting with "https" resources. In HTTP/2, the CONNECT method is | ||
| used to establish a tunnel over a single HTTP/2 stream to a remote host for | ||
| similar purposes. |
There was a problem hiding this comment.
This probably needs to use QUIC rather than HTTP/2.
There was a problem hiding this comment.
This was intentional: "HTTP/1.1 does this; HTTP/2 does this. Here's how it works in HTTP/QUIC:" If that's not clear, any suggestions on how to improve it?
There was a problem hiding this comment.
I would move the second sentence to be the first, this establishes the purpose. Then you can say how: In HTTP/1.x, CONNECT is used to convert an entire connection into a tunnel to a remote host; in HTTP/2 a single stream is converted into a tunnel.
Then the rest flows naturally.
| series status code to the client, as defined in {{!RFC7231}}, Section 4.3.6, on | ||
| the message control stream. | ||
|
|
||
| All activity on the message data stream corresponds to data sent on the TCP |
There was a problem hiding this comment.
s/activity/STREAM frames sent/
| the message control stream. | ||
|
|
||
| All activity on the message data stream corresponds to data sent on the TCP | ||
| connection. Any data sent by the client is transmitted by the proxy to the TCP |
| data stream, the proxy will set the FIN bit on its connection to the TCP server. | ||
| When the proxy receives a packet with the FIN bit set, it will half-close the | ||
| corresponding data stream. Note that the size and number of TCP segments is not | ||
| guaranteed to map predictably to the size and number of QUIC STREAM frames. |
There was a problem hiding this comment.
Move this last sentence to the previous paragraph.
| used with HTTP proxies to establish a TLS session with an origin server for the | ||
| purposes of interacting with "https" resources. In HTTP/2, the CONNECT method is | ||
| used to establish a tunnel over a single HTTP/2 stream to a remote host for | ||
| similar purposes. |
There was a problem hiding this comment.
I would move the second sentence to be the first, this establishes the purpose. Then you can say how: In HTTP/1.x, CONNECT is used to convert an entire connection into a tunnel to a remote host; in HTTP/2 a single stream is converted into a tunnel.
Then the rest flows naturally.
| The TCP connection can be closed by either peer. When the client half-closes the | ||
| data stream, the proxy will set the FIN bit on its connection to the TCP server. | ||
| When the proxy receives a packet with the FIN bit set, it will half-close the | ||
| corresponding data stream. |
There was a problem hiding this comment.
I realize now that there is a hole in the definition in h2: when the TCP server sends a packet with the FIN bit, the proxy needs to forward this to the client. This isn't a RST_STREAM it's a stream half-close. The expectation is that the client also respond to the half-close, but we don't say that the client MUST close. I think we should.
There was a problem hiding this comment.
Half-closed TCP connections with ongoing data are valid, albeit rare. I'm ambivalent about excluding them from the use of CONNECT.
There was a problem hiding this comment.
i think @MikeBishop is right.. should probably also call this out for the reader's attention
martinthomson
added
design
For #95; uses HTTP_CONNECT_ERROR error code out of #96, but is otherwise independent. Can be fixed up to correspond with whatever we decide to do there.