- From: Alex Rousskov <rousskov@measurement-factory.com>
- Date: Thu, 1 Dec 2016 09:54:59 -0700
- To: HTTP Working Group <ietf-http-wg@w3.org>
Hello,
This question is inspired be an interoperability problem between Web
Polygraph benchmark and a [MitM] HTTP/2 proxy. Inside a CONNECT tunnel
to a Polygraph server, Polygraph clients were violating the following
RFC 7540 SHOULD by sending a Host header instead of the :authority
pseudo-header:
> Clients
> that generate HTTP/2 requests directly SHOULD use the ":authority"
> pseudo-header field instead of the Host header field.
When forwarding the requests, the proxy dropped the Host header without
adding :authority... While investigating who is at fault, I noticed that
Polygraph [accidentally] follows RFC 7540 examples: *All* Section 8.3
examples show HTTP/2 requests with a Host header instead of :authority!
> GET /resource HTTP/1.1 HEADERS
> Host: example.org ==> + END_STREAM
> Accept: image/jpeg + END_HEADERS
> :method = GET
> :scheme = https
> :path = /resource
> host = example.org
> accept = image/jpeg
One could argue that the RFC examples are meant to illustrate how to
mechanically translate an HTTP/1 message to HTTP/2, with as little
information loss as possible, even at the expense of violating a SHOULD.
I do not think that is a valid argument because the Examples section
does not disclose that intent and most readers will expect the [only]
Example section to illustrate genuine HTTP/2 messages rather than
unusual HTTP version translation peculiarities (unless explicitly noted
otherwise).
AFAICT, the Examples section talks about and shows various generated
HTTP/2 messages that meet version-agnostic prose specifications. The
HTTP/1 messages are probably also included just because most [early] RFC
readers were expected to be more familiar with HTTP/1 than HTTP/2.
Do you think the RFC examples should use ":authority" instead of "host"?
Thank you,
Alex.
Received on Thursday, 1 December 2016 16:55:33 UTC