Hey Maxim, > I'm highly sceptical about the whole series in general, and this > patch specifically. > > In particular, the "Proxy-Connection" header is not something even > defined by any standard, and even in its non-standard [broken] > meaning never expected to be used in connections to nginx. Not to > mention that Proxy-Authorization, a standard-defined hop-by-hop > (connection-specific in terms of HTTP/2) header, is not checked > anywhere.
Proxy-Connection is mentioned (and discouraged) in RFC7230. > Additionally, I really think that disabling upgrades is one of the > big mistakes of HTTP/2. It would be much more logical to > interpret a HTTP/2 stream as a connection to upgrade, and allow to > multiplex arbitrary protocols via a single HTTP/2 connection. Unfortunately, I have to agree. > Unless there are practical reasons for these changes, I would > rather reject the series. The practical reason is that other implementations (e.g. nghttp2) reject requests with those headers, which leads to a weird behavior where NGINX accepts requests and proxies them to a HTTP/2 upstream which rejects them because they contain one of those headers. We could clear those headers in proxy module (I'm already doing that for most of the headers, anyway), but it feels like a workaround for broken clients. Having said that, I'm fine with dropping the whole patchset. Best regards, Piotr Sikora _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
