bryancall opened a new pull request, #13351:
URL: https://github.com/apache/trafficserver/pull/13351

   ## Problem
   
   ATS did not handle 1xx interim responses (for example `103 Early Hints`) 
received on an outbound HTTP/2 connection to an origin. The interim response 
headers were decoded into the same buffer as the following final response, 
producing a duplicate `:status` pseudo-header that failed validation. ATS then 
reset the stream and reported it to the client as "Server closed connection 
while reading response header", returning a 502 even though the origin had not 
closed the connection.
   
   This reproduces against any origin that sends `103 Early Hints` before the 
final response over HTTP/2 (for example a Vercel-hosted origin on a browser 
navigation request).
   
   ## Fix
   
   - After a header block is decoded on an outbound stream, detect a `1xx` 
status, discard the interim headers, and wait for the final response. This is 
applied to both the HEADERS and CONTINUATION decode paths and handles multiple 
consecutive interim responses. The interim response is not currently forwarded 
to the client; the final response is delivered normally.
   - Allow CONTINUATION frames on an outbound stream in the half-closed (local) 
state, which is the state in which an origin response is received. Previously a 
response whose header block spanned a CONTINUATION frame was rejected with 
"continuation bad state". The per-minute CONTINUATION flood limit still applies.
   
   ## Tests
   
   Adds `tests/gold_tests/h2/http2_origin_interim_response.test.py` with a 
small hand-framed HTTP/2 origin (Proxy Verifier cannot emit interim responses) 
covering a single `103`, multiple interim responses, `100-continue`, and a 
CONTINUATION-split interim before the final `200`. The test was confirmed 
failing before this change and passing after; the existing `early_hints` and 
`h2origin` gold tests still pass.
   
   Fixes #13334
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to