[PATCH 4 of 4] HTTP/2: reject HTTP/2 requests with connection-specific headers
Maxim Dounin
mdounin at mdounin.ru
Mon Jun 19 13:47:53 UTC 2017
Hello!
On Sat, Jun 17, 2017 at 01:57:38PM -0700, Piotr Sikora via nginx-devel wrote:
[...]
> > Unless there are practical reasons for these changes, I would
> > rather reject the series.
>
> The practical reason is that other implementations (e.g. nghttp2)
> reject requests with those headers, which leads to a weird behavior
> where NGINX accepts requests and proxies them to a HTTP/2 upstream
> which rejects them because they contain one of those headers.
>
> We could clear those headers in proxy module (I'm already doing that
> for most of the headers, anyway), but it feels like a workaround for
> broken clients.
We anyway have to remove hop-by-hop headers from HTTP/1.x
connections. I don't see how HTTP/2 can be different, specially
if one side uses HTTP/1.x and another one uses HTTP/2.
Accordingly, if an upstream server rejects a request, there are
two possible reasons:
- we've forgot to remove something we have to (that is, there is a
bug in nginx);
- a client sent something it shouldn't (that is, there is a bug in
the client).
In either case returing the error to the client, as it will
naturally happen, looks fine to me.
> Having said that, I'm fine with dropping the whole patchset.
Yes, please.
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list