Ugg... I *just* noticed: However, header field names MUST be converted to lowercase prior to their encoding in HTTP/2. A request or response containing uppercase header field names MUST be treated as malformed
> On Nov 20, 2015, at 10:44 AM, Stefan Eissing <stefan.eiss...@greenbytes.de> > wrote: > > Most of this is discussed here: > https://httpwg.github.io/specs/rfc7540.html#HttpHeaders > > Basically HTTP/2 defines its own connection properties, so several things > which are announced/controlled > by Connection: and other headers do not apply to HTTP/2 connections. So, the > "Connection:" header itself > was obsoleted. > > mod_http2 has to translate between both worlds a bit and is doing so probably > incompletely so now, so > the discussion about this is very useful. > > There are two conversions for mod_http2 to make: > 1. request headers (H2 -> H1): > 2. response headers (H1 -> H2): > > For 1. certain headers should not arrive at all. If they do, we can either > ignore or generate an error and deny the request. For example "Connection: > ..." should never arrive. Same for "Transfer-Encoding: ". The current > implementation ignores. One could argue for deny. > For 2. certain headers we cannot send out and we need to take proper actions > for that. For example a "TE: deflate" we cannot process like this. Here more > checks need to be added. > > //Stefan > >> Am 20.11.2015 um 16:25 schrieb Yann Ylavic <ylavic....@gmail.com>: >> >> On Fri, Nov 20, 2015 at 2:58 PM, <ic...@apache.org> wrote: >>> Author: icing >>> Date: Fri Nov 20 13:58:32 2015 >>> New Revision: 1715363 >>> >>> URL: http://svn.apache.org/viewvc?rev=1715363&view=rev >>> Log: >>> incoming trailers passed into chunked request bodies, outgoing trailers not >>> supported yet >>> >>> Modified: >> [] >>> httpd/httpd/trunk/modules/http2/h2_util.c >> [] >>> >>> >>> Modified: httpd/httpd/trunk/modules/http2/h2_util.c >>> URL: >>> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http2/h2_util.c?rev=1715363&r1=1715362&r2=1715363&view=diff >>> ============================================================================== >>> --- httpd/httpd/trunk/modules/http2/h2_util.c (original) >>> +++ httpd/httpd/trunk/modules/http2/h2_util.c Fri Nov 20 13:58:32 2015 >> [] >>> @@ -879,3 +894,94 @@ h2_ngheader *h2_util_ngheader_make_req(a >>> return ngh; >>> } >>> >>> +/******************************************************************************* >>> + * header HTTP/1 <-> HTTP/2 conversions >>> + >>> ******************************************************************************/ >>> + >>> + >>> +typedef struct { >>> + const char *name; >>> + size_t len; >>> +} literal; >>> + >>> +#define H2_DEF_LITERAL(n) { (n), (sizeof(n)-1) } >>> +#define H2_ALEN(a) (sizeof(a)/sizeof((a)[0])) >>> +#define H2_LIT_ARGS(a) (a),H2_ALEN(a) >>> + >>> +static literal IgnoredRequestHeaders[] = { >>> + H2_DEF_LITERAL("host"), >>> + H2_DEF_LITERAL("expect"), >>> + H2_DEF_LITERAL("upgrade"), >>> + H2_DEF_LITERAL("connection"), >>> + H2_DEF_LITERAL("keep-alive"), >>> + H2_DEF_LITERAL("http2-settings"), >>> + H2_DEF_LITERAL("proxy-connection"), >>> + H2_DEF_LITERAL("transfer-encoding"), >>> +}; >> >> Shouldn't we also include all the tokens from the Connection header? >> (obviously not feasible with this only blacklist) >> >> >>> +static literal IgnoredRequestTrailers[] = { /* Ignore, see rfc7230, ch. >>> 4.1.2 */ >>> + H2_DEF_LITERAL("te"), >>> + H2_DEF_LITERAL("host"), >>> + H2_DEF_LITERAL("range"), >>> + H2_DEF_LITERAL("cookie"), >>> + H2_DEF_LITERAL("expect"), >>> + H2_DEF_LITERAL("pragma"), >>> + H2_DEF_LITERAL("max-forwards"), >>> + H2_DEF_LITERAL("cache-control"), >>> + H2_DEF_LITERAL("authorization"), >>> + H2_DEF_LITERAL("content-length"), >>> + H2_DEF_LITERAL("proxy-authorization"), >>> +}; >> >> No notion of announced trailers in HTTP2, with eg. the request header >> "Trailer: token1, token2, ..." (any non-announced trailer would be >> ignored), something we could (always/optionally) enforce? >> >>> +static literal IgnoredResponseTrailers[] = { >>> + H2_DEF_LITERAL("age"), >>> + H2_DEF_LITERAL("date"), >>> + H2_DEF_LITERAL("vary"), >>> + H2_DEF_LITERAL("cookie"), >>> + H2_DEF_LITERAL("expires"), >>> + H2_DEF_LITERAL("warning"), >>> + H2_DEF_LITERAL("location"), >>> + H2_DEF_LITERAL("retry-after"), >>> + H2_DEF_LITERAL("cache-control"), >>> + H2_DEF_LITERAL("www-authenticate"), >>> + H2_DEF_LITERAL("proxy-authenticate"), >>> +}; >> >> Likewise, shouldn't we check whether the request associated to the >> response contains a "TE: trailers" or otherwise use no trailer? >> >> >> I'm a bit confused about what is included-in/overwritten-by the HTTP2 >> framing and what remains from HTTP1 RFCs/requirements. >> >> >> Regards, >> Yann. >