bryancall opened a new pull request, #13351: URL: https://github.com/apache/trafficserver/pull/13351
## Problem ATS did not handle 1xx interim responses (for example `103 Early Hints`) received on an outbound HTTP/2 connection to an origin. The interim response headers were decoded into the same buffer as the following final response, producing a duplicate `:status` pseudo-header that failed validation. ATS then reset the stream and reported it to the client as "Server closed connection while reading response header", returning a 502 even though the origin had not closed the connection. This reproduces against any origin that sends `103 Early Hints` before the final response over HTTP/2 (for example a Vercel-hosted origin on a browser navigation request). ## Fix - After a header block is decoded on an outbound stream, detect a `1xx` status, discard the interim headers, and wait for the final response. This is applied to both the HEADERS and CONTINUATION decode paths and handles multiple consecutive interim responses. The interim response is not currently forwarded to the client; the final response is delivered normally. - Allow CONTINUATION frames on an outbound stream in the half-closed (local) state, which is the state in which an origin response is received. Previously a response whose header block spanned a CONTINUATION frame was rejected with "continuation bad state". The per-minute CONTINUATION flood limit still applies. ## Tests Adds `tests/gold_tests/h2/http2_origin_interim_response.test.py` with a small hand-framed HTTP/2 origin (Proxy Verifier cannot emit interim responses) covering a single `103`, multiple interim responses, `100-continue`, and a CONTINUATION-split interim before the final `200`. The test was confirmed failing before this change and passing after; the existing `early_hints` and `h2origin` gold tests still pass. Fixes #13334 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
