W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2021

Re: Connection-specific fields in HTTP/2

From: Willy Tarreau <w@1wt.eu>
Date: Tue, 24 Aug 2021 08:24:13 +0200
To: Martin Thomson <mt@lowentropy.net>
Cc: ietf-http-wg@w3.org
Message-ID: <20210824062413.GA23339@1wt.eu>
On Tue, Aug 24, 2021 at 01:49:38PM +1000, Martin Thomson wrote:
> We previously prohibited connection-specific in HTTP/2, but we only really pointed at those listed in Connection.  As the core drafts list a set of other fields, it makes sense to reference that.
> 
> The core spec: https://httpwg.org/http-core/draft-ietf-httpbis-semantics-latest.html#field.connection
> The pull request referencing that: https://github.com/httpwg/http2-spec/pull/946
> 
> The effect of this is a change.  This explicitly includes the fields listed (Proxy-Connection, Keep-Alive, TE, Transfer-Encoding, and Upgrade) as prohibited.  We already said that Transfer-Encoding was impossible, so this is consistent with that, but this could be a change.
> 
> Any objections or concerns?

Be careful here, "TE" is both listed as forbidden (must be treated as
malformed) and "must not contain any value other than trailers". As
such I'd remove it from the explicit list, as it's already implied by
the general wording.

It's not explicitly mentioned that Connection is forbidden, it's only
said "not used", which remains ambiguous to me since the list focuses
on those that are not listed in Connection. I'd rather explicitly add
it to the list of forbidden ones, especially since the sentence about
intermediaries that have to remove connection-specific header fields
does not mention anymore "along with the connection header itself", so
the risk of seeing a connection header field appear somewhere on an H2
connection without being filtered is non-zero.

Willy
Received on Tuesday, 24 August 2021 06:24:32 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 24 August 2021 06:24:33 UTC