Most of this is discussed here: https://httpwg.github.io/specs/rfc7540.html#HttpHeaders
Basically HTTP/2 defines its own connection properties, so several things which are announced/controlled by Connection: and other headers do not apply to HTTP/2 connections. So, the "Connection:" header itself was obsoleted. mod_http2 has to translate between both worlds a bit and is doing so probably incompletely so now, so the discussion about this is very useful. There are two conversions for mod_http2 to make: 1. request headers (H2 -> H1): 2. response headers (H1 -> H2): For 1. certain headers should not arrive at all. If they do, we can either ignore or generate an error and deny the request. For example "Connection: ..." should never arrive. Same for "Transfer-Encoding: ". The current implementation ignores. One could argue for deny. For 2. certain headers we cannot send out and we need to take proper actions for that. For example a "TE: deflate" we cannot process like this. Here more checks need to be added. //Stefan > Am 20.11.2015 um 16:25 schrieb Yann Ylavic <[email protected]>: > > On Fri, Nov 20, 2015 at 2:58 PM, <[email protected]> wrote: >> Author: icing >> Date: Fri Nov 20 13:58:32 2015 >> New Revision: 1715363 >> >> URL: http://svn.apache.org/viewvc?rev=1715363&view=rev >> Log: >> incoming trailers passed into chunked request bodies, outgoing trailers not >> supported yet >> >> Modified: > [] >> httpd/httpd/trunk/modules/http2/h2_util.c > [] >> >> >> Modified: httpd/httpd/trunk/modules/http2/h2_util.c >> URL: >> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http2/h2_util.c?rev=1715363&r1=1715362&r2=1715363&view=diff >> ============================================================================== >> --- httpd/httpd/trunk/modules/http2/h2_util.c (original) >> +++ httpd/httpd/trunk/modules/http2/h2_util.c Fri Nov 20 13:58:32 2015 > [] >> @@ -879,3 +894,94 @@ h2_ngheader *h2_util_ngheader_make_req(a >> return ngh; >> } >> >> +/******************************************************************************* >> + * header HTTP/1 <-> HTTP/2 conversions >> + >> ******************************************************************************/ >> + >> + >> +typedef struct { >> + const char *name; >> + size_t len; >> +} literal; >> + >> +#define H2_DEF_LITERAL(n) { (n), (sizeof(n)-1) } >> +#define H2_ALEN(a) (sizeof(a)/sizeof((a)[0])) >> +#define H2_LIT_ARGS(a) (a),H2_ALEN(a) >> + >> +static literal IgnoredRequestHeaders[] = { >> + H2_DEF_LITERAL("host"), >> + H2_DEF_LITERAL("expect"), >> + H2_DEF_LITERAL("upgrade"), >> + H2_DEF_LITERAL("connection"), >> + H2_DEF_LITERAL("keep-alive"), >> + H2_DEF_LITERAL("http2-settings"), >> + H2_DEF_LITERAL("proxy-connection"), >> + H2_DEF_LITERAL("transfer-encoding"), >> +}; > > Shouldn't we also include all the tokens from the Connection header? > (obviously not feasible with this only blacklist) > > >> +static literal IgnoredRequestTrailers[] = { /* Ignore, see rfc7230, ch. >> 4.1.2 */ >> + H2_DEF_LITERAL("te"), >> + H2_DEF_LITERAL("host"), >> + H2_DEF_LITERAL("range"), >> + H2_DEF_LITERAL("cookie"), >> + H2_DEF_LITERAL("expect"), >> + H2_DEF_LITERAL("pragma"), >> + H2_DEF_LITERAL("max-forwards"), >> + H2_DEF_LITERAL("cache-control"), >> + H2_DEF_LITERAL("authorization"), >> + H2_DEF_LITERAL("content-length"), >> + H2_DEF_LITERAL("proxy-authorization"), >> +}; > > No notion of announced trailers in HTTP2, with eg. the request header > "Trailer: token1, token2, ..." (any non-announced trailer would be > ignored), something we could (always/optionally) enforce? > >> +static literal IgnoredResponseTrailers[] = { >> + H2_DEF_LITERAL("age"), >> + H2_DEF_LITERAL("date"), >> + H2_DEF_LITERAL("vary"), >> + H2_DEF_LITERAL("cookie"), >> + H2_DEF_LITERAL("expires"), >> + H2_DEF_LITERAL("warning"), >> + H2_DEF_LITERAL("location"), >> + H2_DEF_LITERAL("retry-after"), >> + H2_DEF_LITERAL("cache-control"), >> + H2_DEF_LITERAL("www-authenticate"), >> + H2_DEF_LITERAL("proxy-authenticate"), >> +}; > > Likewise, shouldn't we check whether the request associated to the > response contains a "TE: trailers" or otherwise use no trailer? > > > I'm a bit confused about what is included-in/overwritten-by the HTTP2 > framing and what remains from HTTP1 RFCs/requirements. > > > Regards, > Yann.
