Alt-Svc header + ALTSVC frame

The Alt-Svc header field doesn’t allow advertisement of an alternative on another host, to avoid security issues (mostly around someone injecting a header that transparently redirects a site to an attacker).

The ALTSVC frame does allow changing hosts, as long as certain criteria have been met (as per the draft).

If a site wants to upgrade from HTTP/1 to HTTP/2 *and* shift traffic to another server, it seems to be it could do so by:

1) Serving the HTTP/1 response with an Alt-Svc HTTP header to another port on the same host, speaking HTTP/2
2) On the HTTP/2 port, upon connection immediately send an ALTSVC frame followed by a GOAWAY frame

That would have the effect of informing the client about the alternative on the other host, which would be used once the connection to it was viable.

Any reason this wouldn’t work / be a good idea? Mostly, I’m interested in confirming that everyone has a similar understanding of how Alt-Svc/ALTSVC works…

Cheers,

--
Mark Nottingham   http://www.mnot.net/

Received on Tuesday, 29 April 2014 04:13:48 UTC