> On Jan 29, 2018, at 1:27 PM, Christopher Schultz
> <[email protected]> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Pierre,
>
> On 1/29/18 1:07 PM, Pierre Chiu wrote:
>> Here is the request/response header. You can tell
>> Content-Encoding:gzip is missing when http2 is enabled.
>>
>>
>>
>> General (same with/without http2) Request
>> URL:https://xxxxxxxxx.ca/tomcat.css Request Method:GET Status
>> Code:200 Remote Address:198.163.180.42:443 Referrer
>> Policy:no-referrer-when-downgrade
>>
>>
>> Request Headers (same with/without http2)
>> Accept:text/css,*/*;q=0.1 Accept-Encoding:gzip, deflate, br
>> Accept-Language:en-US,en;q=0.9,zh-TW;q=0.8,zh;q=0.7
>> Cache-Control:no-cache Connection:keep-alive
>> Cookie:_ga=GA1.2.1536574675.1508533871; __utmc=29525935;
>> __utmz=29525935.1508478784.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=
> (none);
>> __utma=29525935.990581674.1508478784.1516634493.1516996006.24
>> DNT:1 Host:xxxxxxxxx.ca Pragma:no-cache
>> Referer:https://xxxxxxxxx.ca/index.jsp User-Agent:Mozilla/5.0
>> (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36 (KHTML, like
>> Gecko) Chrome/63.0.3239.132 Safari/537.36
>>
>>
>> Response Headers (without http2) Accept-Ranges:bytes
>> Content-Encoding:gzip Content-Type:text/css Date:Mon, 29 Jan 2018
>> 17:55:59 GMT ETag:W/"5931-1516324390000" Last-Modified:Fri, 19 Jan
>> 2018 01:13:10 GMT
>> Strict-Transport-Security:max-age=31536000;includeSubDomains
>> Transfer-Encoding:chunked Vary:Accept-Encoding
>> X-Content-Type-Options:nosniff X-Frame-Options:SAMEORIGIN
>> X-XSS-Protection:1; mode=block
>>
>>
>> Response Headers (with http2) accept-ranges:bytes
>> content-type:text/css date:Mon, 29 Jan 2018 18:03:06 GMT
>> etag:W/"5931-1516324390000" last-modified:Fri, 19 Jan 2018 01:13:10
>> GMT status:200
>> strict-transport-security:max-age=31536000;includeSubDomains
>> x-content-type-options:nosniff x-frame-options:SAMEORIGIN
>> x-xss-protection:1; mode=block
>>
>>
>>
>>> On Jan 29, 2018, at 9:49 AM, Christopher Schultz
>>> <[email protected]> wrote:
>>>
>> Pierre,
>>
>> On 1/29/18 7:03 AM, Pierre Chiu wrote:
>>>>> According to the change log, this is fixed in in bug 60276.
>>>>> However, I cannot make it work.
>>>>>
>>>>> Gzip compression working fine without the UpgradeProtocol
>>>>> tag. Adding UpgradeProtocol for http2 and gzip compression
>>>>> stop working.
>>>>>
>>>>>
>>>>> <Connector port="443"
>>>>> protocol="org.apache.coyote.http11.Http11AprProtocol"
>>>>> SSLEnabled="true" scheme="https" secure="true"
>>>>> maxHttpHeaderSize="32767" maxThreads="150"
>>>>> URIEncoding="UTF-8" compression="on" useSendfile="off"
>>>>> defaultSSLHostConfigName="*. xxxxxxxx.ca"
>>>>>
>>>>> <UpgradeProtocol
>>>>> className="org.apache.coyote.http2.Http2Protocol"
>>>>> compression="on"
>>>>> compressibleMimeType="text/html,text/xml,text/plain,text/css,text/j
> ava
>>
>>>>>
> script,application/javascript,application/json,application/xml"
>>>>>
>>>>>
>> compressionMinSize="0"
>>>>> />
>
> Are you making requests directly to Tomcat, or is there a reverse
> proxy in between?
>
> Is is possible that a servlet other than the DefaultServlet is
> handling the request?
>
> - -chris
>
Hi Chris,
There is no proxy. I have tried again on the same box using localhost and then
result is still the same, when http2 is enabled, gzip not working.
I have no other Servlet, but I have enabled HSTS in web.xml all the time (with
or without http2).
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
<init-param>
<param-name>hstsIncludeSubDomains</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
