Fwd: HTTP/2: Missing location header on 301 redirects

Wed Aug 12 14:53:20 UTC 2015

Hi,

I've been taking the alpha HTTP/2 support for a spin, and noticed that 301
redirects are missing the Location response header.  Thus, browsers don't
redirect and just show an HTML page instead.

Here's the output of nginx -V:

nginx version: nginx/1.9.3
built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04)
built with OpenSSL 1.0.2d 9 Jul 2015
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx
--conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid
--lock-path=/var/run/nginx.lock
--http-client-body-temp-path=/var/cache/nginx/client_temp
--http-proxy-temp-path=/var/cache/nginx/proxy_temp
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
--http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx
--with-http_ssl_module --with-http_realip_module
--with-http_addition_module --with-http_sub_module --with-http_dav_module
--with-http_flv_module --with-http_mp4_module --with-http_gunzip_module
--with-http_gzip_static_module --with-http_random_index_module
--with-http_secure_link_module --with-http_stub_status_module
--with-http_auth_request_module --with-threads --with-stream
--with-stream_ssl_module --with-mail --with-mail_ssl_module --with-file-aio
--with-http_v2_module --with-cc-opt='-g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Werror=format-security'
--with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' --with-ipv6

I'm testing using the URL https://joeshaw.org/about (which redirects to
/about/).

Here's the output of a HTTP/1.1 request from curl:

< HTTP/1.1 301 Moved Permanently
* Server nginx is not blacklisted
< Server: nginx
< Date: Wed, 12 Aug 2015 14:43:41 GMT
< Content-Type: text/html
< Content-Length: 178
< Location: https://joeshaw.org/about/
< Connection: keep-alive
< Strict-Transport-Security: max-age=15768000; preload
< Public-Key-Pins:
pin-sha256="aBBtZy0hiXFCr7RV/RqoJoTCMHEhrwtB6IfgSPCY2sA=";
pin-sha256="d6qzvu9zOKCb90Uez27xWltNsj0e1Md7GkYYkVoZwmm="; max-age=86400
< X-Frame-Options: DENY

Here's the HTTP/2 output from h2i (
https://github.com/bradfitz/http2/tree/master/h2i):

[FrameHeader HEADERS flags=END_HEADERS stream=1 len=284]
  :status = "301"
  server = "nginx"
  date = "Wed, 12 Aug 2015 14:44:31 GMT"
  content-type = "text/html"
  content-length = "178"
  strict-transport-security = "max-age=15768000; preload"
  public-key-pins =
"pin-sha256=\"aBBtZy0hiXFCr7RV/RqoJoTCMHEhrwtB6IfgSPCY2sA=\";
pin-sha256=\"d6qzvu9zOKCb90Uez27xWltNsj0e1Md7GkYYkVoZwmm=\"; max-age=86400"
  x-frame-options = "DENY"

I hope this is helpful.

Thanks,
Joe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20150812/5bdd72cf/attachment.html>