[PATCH 4 of 4] HTTP/2: reject HTTP/2 requests with connection-specific headers

Maxim Dounin mdounin at mdounin.ru
Mon Jun 19 13:47:53 UTC 2017


On Sat, Jun 17, 2017 at 01:57:38PM -0700, Piotr Sikora via nginx-devel wrote:


> > Unless there are practical reasons for these changes, I would
> > rather reject the series.
> The practical reason is that other implementations (e.g. nghttp2)
> reject requests with those headers, which leads to a weird behavior
> where NGINX accepts requests and proxies them to a HTTP/2 upstream
> which rejects them because they contain one of those headers.
> We could clear those headers in proxy module (I'm already doing that
> for most of the headers, anyway), but it feels like a workaround for
> broken clients.

We anyway have to remove hop-by-hop headers from HTTP/1.x 
connections.  I don't see how HTTP/2 can be different, specially 
if one side uses HTTP/1.x and another one uses HTTP/2.

Accordingly, if an upstream server rejects a request, there are 
two possible reasons:

- we've forgot to remove something we have to (that is, there is a 
  bug in nginx);

- a client sent something it shouldn't (that is, there is a bug in 
  the client).

In either case returing the error to the client, as it will 
naturally happen, looks fine to me.

> Having said that, I'm fine with dropping the whole patchset.

Yes, please.

Maxim Dounin

More information about the nginx-devel mailing list