Yes, but I interpret that as the header fields, not any tokens that refer to header names.
> Am 20.11.2015 um 17:04 schrieb Jim Jagielski <[email protected]>: > > Ugg... I *just* noticed: > > However, header field names MUST be converted to lowercase > prior to their encoding in HTTP/2. A request or response > containing uppercase header field names MUST be treated as > malformed > > > >> On Nov 20, 2015, at 10:44 AM, Stefan Eissing <[email protected]> >> wrote: >> >> Most of this is discussed here: >> https://httpwg.github.io/specs/rfc7540.html#HttpHeaders >> >> Basically HTTP/2 defines its own connection properties, so several things >> which are announced/controlled >> by Connection: and other headers do not apply to HTTP/2 connections. So, the >> "Connection:" header itself >> was obsoleted. >> >> mod_http2 has to translate between both worlds a bit and is doing so >> probably incompletely so now, so >> the discussion about this is very useful. >> >> There are two conversions for mod_http2 to make: >> 1. request headers (H2 -> H1): >> 2. response headers (H1 -> H2): >> >> For 1. certain headers should not arrive at all. If they do, we can either >> ignore or generate an error and deny the request. For example "Connection: >> ..." should never arrive. Same for "Transfer-Encoding: ". The current >> implementation ignores. One could argue for deny. >> For 2. certain headers we cannot send out and we need to take proper actions >> for that. For example a "TE: deflate" we cannot process like this. Here more >> checks need to be added. >> >> //Stefan >> >>> Am 20.11.2015 um 16:25 schrieb Yann Ylavic <[email protected]>: >>> >>> On Fri, Nov 20, 2015 at 2:58 PM, <[email protected]> wrote: >>>> Author: icing >>>> Date: Fri Nov 20 13:58:32 2015 >>>> New Revision: 1715363 >>>> >>>> URL: http://svn.apache.org/viewvc?rev=1715363&view=rev >>>> Log: >>>> incoming trailers passed into chunked request bodies, outgoing trailers >>>> not supported yet >>>> >>>> Modified: >>> [] >>>> httpd/httpd/trunk/modules/http2/h2_util.c >>> [] >>>> >>>> >>>> Modified: httpd/httpd/trunk/modules/http2/h2_util.c >>>> URL: >>>> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http2/h2_util.c?rev=1715363&r1=1715362&r2=1715363&view=diff >>>> ============================================================================== >>>> --- httpd/httpd/trunk/modules/http2/h2_util.c (original) >>>> +++ httpd/httpd/trunk/modules/http2/h2_util.c Fri Nov 20 13:58:32 2015 >>> [] >>>> @@ -879,3 +894,94 @@ h2_ngheader *h2_util_ngheader_make_req(a >>>> return ngh; >>>> } >>>> >>>> +/******************************************************************************* >>>> + * header HTTP/1 <-> HTTP/2 conversions >>>> + >>>> ******************************************************************************/ >>>> + >>>> + >>>> +typedef struct { >>>> + const char *name; >>>> + size_t len; >>>> +} literal; >>>> + >>>> +#define H2_DEF_LITERAL(n) { (n), (sizeof(n)-1) } >>>> +#define H2_ALEN(a) (sizeof(a)/sizeof((a)[0])) >>>> +#define H2_LIT_ARGS(a) (a),H2_ALEN(a) >>>> + >>>> +static literal IgnoredRequestHeaders[] = { >>>> + H2_DEF_LITERAL("host"), >>>> + H2_DEF_LITERAL("expect"), >>>> + H2_DEF_LITERAL("upgrade"), >>>> + H2_DEF_LITERAL("connection"), >>>> + H2_DEF_LITERAL("keep-alive"), >>>> + H2_DEF_LITERAL("http2-settings"), >>>> + H2_DEF_LITERAL("proxy-connection"), >>>> + H2_DEF_LITERAL("transfer-encoding"), >>>> +}; >>> >>> Shouldn't we also include all the tokens from the Connection header? >>> (obviously not feasible with this only blacklist) >>> >>> >>>> +static literal IgnoredRequestTrailers[] = { /* Ignore, see rfc7230, ch. >>>> 4.1.2 */ >>>> + H2_DEF_LITERAL("te"), >>>> + H2_DEF_LITERAL("host"), >>>> + H2_DEF_LITERAL("range"), >>>> + H2_DEF_LITERAL("cookie"), >>>> + H2_DEF_LITERAL("expect"), >>>> + H2_DEF_LITERAL("pragma"), >>>> + H2_DEF_LITERAL("max-forwards"), >>>> + H2_DEF_LITERAL("cache-control"), >>>> + H2_DEF_LITERAL("authorization"), >>>> + H2_DEF_LITERAL("content-length"), >>>> + H2_DEF_LITERAL("proxy-authorization"), >>>> +}; >>> >>> No notion of announced trailers in HTTP2, with eg. the request header >>> "Trailer: token1, token2, ..." (any non-announced trailer would be >>> ignored), something we could (always/optionally) enforce? >>> >>>> +static literal IgnoredResponseTrailers[] = { >>>> + H2_DEF_LITERAL("age"), >>>> + H2_DEF_LITERAL("date"), >>>> + H2_DEF_LITERAL("vary"), >>>> + H2_DEF_LITERAL("cookie"), >>>> + H2_DEF_LITERAL("expires"), >>>> + H2_DEF_LITERAL("warning"), >>>> + H2_DEF_LITERAL("location"), >>>> + H2_DEF_LITERAL("retry-after"), >>>> + H2_DEF_LITERAL("cache-control"), >>>> + H2_DEF_LITERAL("www-authenticate"), >>>> + H2_DEF_LITERAL("proxy-authenticate"), >>>> +}; >>> >>> Likewise, shouldn't we check whether the request associated to the >>> response contains a "TE: trailers" or otherwise use no trailer? >>> >>> >>> I'm a bit confused about what is included-in/overwritten-by the HTTP2 >>> framing and what remains from HTTP1 RFCs/requirements. >>> >>> >>> Regards, >>> Yann. >
