Problems with HTTP/2

Valentin V. Bartenev vbart at nginx.com
Tue Sep 29 23:07:06 UTC 2015


On Tuesday 29 September 2015 14:14:44 Aapo Talvensaari wrote:
> On 29 September 2015 at 13:38, Sergey Kandaurov <pluknet at nginx.com> wrote:
> > So, the header field name output as generated with php
> > (and previously guessed by Valentin),
> > is invalid as per 7230, which is in turn referenced in 7540.
> >
> > :   field-name = token
> > :   token = 1*tchar
> > :   tchar = "!" / "#" / "quot; / "%" / "&" / "'" / "*" / "+" / "-" / "." /
> > :    "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA
> >
> > Not much to discuss.
> 
> Even if it works just fine with every browser and every other protocol in
> Nginx than
> HTTP/2? I kinda agree, but being in sense "be liberal what you accept, be
> conservative on what you send", it may make the issue still a worth to
> solve.
> 
> Also it should be checked what happens here on the Nginx itself as this may even
> be a possible bug. Why doesn't it reply with something like internal sever
> error or something in that case? I mean, in worst case this might be a source for a security  bug (note: I'm not saying it is).

NGINX doesn't reply anything special about this header in HTTP/2.
The behavior you see is on the client side.

  wbr, Valentin V. Bartenev



More information about the nginx mailing list