- From: Tom Bergan <tombergan@chromium.org>
- Date: Thu, 15 Sep 2016 16:31:32 -0700
- To: HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CA+3+x5EG+PV-FEcy23xPU5iJgqh6u6aVRsTS-g=fQZnsMFTMHg@mail.gmail.com>
I believe the following example has a race:
1. Server receives request A.
2. Server sends PUSH_PROMISE frames for B, C, D.
3. Client sends PRIORITY to make B the exclusive parent of C
4. Server receives that PRIORITY frame.
After step 2, the server's local priority tree is A -> {B,C,D}, due to the
default priority rules in RFC 7540 Section 5.3.5. At step 4, the server
cannot know if the client has received the PUSH_PROMISE for D yet. This
makes it ambiguous whether the client intended the tree to be A -> B ->
{C,D} or A -> {B->C, D}. I believe this race can happen any time a
PUSH_PROMISE and exclusive PRIORITY can pass each other on the wire. I
think the race is impossible for non-exclusive PRIORITYs.
This is the simplest example of the race, but it's admittedly strange that
the client would send that specific PRIORITY frame. Here's slightly more
complex, but less strange example:
1. Client requests A then B, where B's HEADERS frame makes A the exclusive
parent of B
2. Server receives request A
3. Server sends PUSH_PROMISE frames for C, D.
4. Server receives request B
5. Client receives PUSH_PROMISE frames for C, D
At each step, the priority trees are updated like this:
1. Client's tree is A -> B
2. Server's tree is A
3. Server's tree is A -> {C,D}
4. Server's tree is A -> B -> {C,D}
5. Client's tree is A -> {B,C,D}
If steps 3 and 4 are swapped, the client and server will finish with the
same priority tree. As-is, they finish with different priority trees.
Does that sound right? If so, is this worth mentioning in some kind of
errata or other note? Apologies if this was brought up previously -- I
searched through the mailing list archives and did not see a mention.
-Tom
Received on Thursday, 15 September 2016 23:32:03 UTC