- From: Willy Tarreau <w@1wt.eu>
- Date: Fri, 6 Apr 2018 21:34:24 +0200
- To: Lucas Pardue <Lucas.Pardue@bbc.co.uk>
- Cc: ???? <kazuki_yasufuku@dwango.co.jp>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Hi Lucas, On Fri, Apr 06, 2018 at 03:29:05PM +0000, Lucas Pardue wrote: > FWIW it sounds like an implementation/config issue to me. What is the size of > SETTINGS_MAX_HEADER_LIST_SIZE for these connections? It seems like that size > is smaller than the check in your HTTP/1.1 case. Very possible. It's also possible that a conversion from H2 to H1 fails on the H1 side and that this failure is not easily reported to the client. By the way, the spec says the value in this setting is only advisory. > I'm inclined to think that it is valid for a server to first send a 4XX > response, followed by a GOAWAY with ENHANCE_YOUR_CALM. I'd be interested to > hear what others think. Yep, that would be the best whenever possible. Kazuki, regarding the reason why it's a CAN and not a MUST, it's very likely because 431 arrived way later than most deployed servers, and that it's always possible to fall back to 400 for any 4xx . Even if the spec would change, that would not suddenly upgrade deployed servers. Your implementation needs to protect itself against any misbehaving agent. Here a GOAWAY may be the only solution this agent has in this particular situation due to a technical constraint. Maybe if you know that your application sometimes bugs and bombs with cookies, using various request rejection signals (such as 4xx, RST_STREAM and GOAWAY) could help detect the problem and work around it. Regards Willy
Received on Friday, 6 April 2018 19:34:55 UTC