Re: "Upgrade: h2" header for HTTP/1.1 via TLS (Bug 59311)

Wed, 20 Apr 2016 04:30:25 -0700 

> Am 20.04.2016 um 13:16 schrieb Yann Ylavic <ylavic....@gmail.com>:
> 
> On Wed, Apr 20, 2016 at 1:09 PM, Yann Ylavic <ylavic....@gmail.com> wrote:
>> On Wed, Apr 20, 2016 at 11:25 AM, Stefan Eissing
>> <stefan.eiss...@greenbytes.de> wrote:
>>> Done in r1740075.
>>> 
>>> I was thinking of a nicer solution, but that involved inventing new hooks 
>>> which seems not worth it.
>>> 
>>> Since this area of protocol negotiation has already been talked about in 
>>> regard to TLS upgrades
>>> and websockets, I do not want to invest in the current way of handling this 
>>> too much time.
>> 
>> I really don't see why we couldn't upgrade to h2 from "http:" (not
>> "https:" since ALPN did not take place already, or would have done
>> it).
>> ISTM that "Upgrade: h2" could be valid in response to a (plain) HTTP/1
>> request, and the client could upgrade from there...
> 
> More on this and Michael's quote of RFC 7540 ("A server MUST ignore an
> "h2" token...").
> An HTTP/2 server must indeed ignore the inner HTTP/1 request's
> "Upgrade: h2" header since it's RFC states it, but and HTTP/1 server
> (AFAICT) is not concerned by this RFC, and should not...

Totally agree. And, although untested, in principle we would upgrade
such a request, as our protocol negotiation framework is somewhat agnostic
to which RFC can leak water farther than others.

This whole PR came about because NodeJS HTTP client misunderstood the whole
Upgrade: header handling of HTTP/1.1. They though that when the client 
*receives*
as response header Upgrade: that they *needed* to change the protocol. 
With clever carefulness they decided to better not ignore it and fail any 
response that carries an  Upgrade:, irregardless of field value.

This has been fixed now, AFAIK. But, as with all software, a lot of 
installations
out there still have it and thus fail when talking to a new Apache. Since RFC 
7230 
clearly allows Upgrade: in the response, it was argued hat at least "Upgrade: 
h2"
is outside any spec and should go away.

If our release reaches potential users faster than the nodejs update, I do not 
know...

This is the story as I see it. Lots of good intentions from all sides, no real
leap forward for mankind in this protocol layering mix.

-Stefan

Reply via email to