Totally agree. This is all post 2.4.21 with the "Header unset Upgrade" 
available as workaround for 2.4.21.

> Am 16.06.2016 um 13:56 schrieb William A Rowe Jr <wr...@rowe-clan.net>:
> 
> 
> On Jun 16, 2016 3:30 AM, "Stefan Eissing" <stefan.eiss...@greenbytes.de> 
> wrote:
> >
> > There are three things to address, one core related and one HTTP/2 related:
> >
> > 1. The whole discussion arose, because there are clients that seriously 
> > choke on
> >    *any* Upgrade: response header. No matter what tokens it contains. Those 
> > *can* now
> >    be addressed via mod_header with a "Header unset Upgrade" directive.
> 
> I agree this is the workaround for broken clients.  Using SetEnvIf, this can 
> even be conditional on said broken clients.
> 
> It is a sufficient workaround for 2.4.21.
> 
> >    Since Upgrade: is a core feature, it should maybe better be a core 
> > directive, such as
> >
> >      ProtocolsHttpUpgradeAnnounce on|off         # make no announce in a 
> > response header
> >      ProtocolsHttpUpgrade on|off                 # make no http Upgrade: at 
> > all
> 
> One other ... right now your logic announces once, but HTTP/1 is stateless.  
> The upgrade advertising header should generally be presented with each 
> applicable response.
> 
> Perhaps a 'once' optimization could be added, to suppress on subsequent 
> responses without the upgrade required status.
> 
> This can certainly be deferred for 2.4.22.
> 
> > 2. What kind of HTTP/1.1 Upgrade: paths we want to implement.
> >    - 'h2c' on a cleartext connection, I assume, is desired
> >    - 'h2' on a cleartext connection, I do not see a use case for. Same as 
> > 'TLS/1.x, HTTP/2'. It might be interesting to debate which is more 
> > according to which spec, but I do not plan to participate in that.
> >    - 'h2' on a TLS connection. This is currently supported, configured off 
> > by default. So we do conform to RFC7540, but one can configure a TLS 
> > HTTP/1.1 -> HTTP/2 upgrade path if one so desires.
> 
> > As to the discussion of 'HTTP/2' or 'HTTP/2.0' vs. 'h2' on TLS connections, 
> > we could also decide to support that. I am +-0 on this. I think 'h2' is 
> > immediately clear to anyone that has read RFC7540 at least once. Regardless 
> > of it being only registered for ALPN.
> 
> Agreed there is no urgency to doing either right at this moment, and note 
> there are other schemes afoot...
> 
> https://lists.w3.org/Archives/Public/ietf-http-wg/2016AprJun/0298.html
> 
> > 3. The whole 'TLS/x.x, other-id' upgrade dance on cleartext connections has 
> > been discussed months ago. We should discuss how we address this in the 
> > core protocols_propose/switch API that has been marked experimental and 
> > needs to be re-visited after the experiences of the last months. Also, the 
> > requirements from Jacob in regard to WebSocket Upgrade should be factored 
> > in.
> 
> Agreed, I set that down and need to pick this back up in the immediate 
> future, but not prior to 2.4.21...

Reply via email to