http: do not emit upgrade on advertisement
#4337
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Do not emit `upgrade` if the server is just advertising its protocols
support as per RFC 7230 Section 6.7.
A server MAY send an Upgrade header field in any other response
to advertise that it implements support for upgrading to the
listed protocols, in order of descending preference, when
appropriate for a future request.
Fix: nodejs#4334
|
This probably needs to be backported to 0.10 and 0.12 if possible. |
|
@Fishrock123 we should we very careful with this. As you have probably already seen in the tests - there is some behavior change, and we should be sure that this is necessary. |
|
Hmm.. yeah we'll want to test that out. Use of Upgrade has been rare up until HTTP/2 so we're likely safe, but there could be some folks out there making undocumented and unknown uses that could be affected. One question.. is this enough of a change of behavior to warrant a semver-minor or major? The old behavior may have been against spec, but it technically was working as written -- i.e. it wasn't a bug. |
|
@jasnell I wouldn't do semver-minor for this, either patch or major. If we will decide to not backport it - let's call it major. |
|
As much as I'd prefer to have this in v4 and earlier, I'm not sure I'm comfortable with doing so... currently leaning towards major then. |
I second that. |
indutny
added
semver-major
|
Let it be it then! |
| if (upgrade && | ||
| parser.outgoing !== null && | ||
| (parser.outgoing._headers.upgrade === undefined || | ||
| !/(^|\W)upgrade(\W|$)/i.test(parser.outgoing._headers.connection))) { |
There was a problem hiding this comment.
Can you add a comment explaining that the regex is supposed to match Connection: headers containing words besides just the string 'upgrade'?
(At least, that's what I infer it does.)
| 'Upgrade: h2c\r\n\r\n' + | ||
| 'ohai'); | ||
| }).listen(common.PORT, function() { | ||
| fire(); |
There was a problem hiding this comment.
Nit: you could just pass fire() directly.
|
LGTM with two unimportant nits. |
|
@bnoordhuis thank you! |
|
Landed in 32ac376, thank you! |
indutny
added a commit
that referenced
this pull request
Dec 18, 2015
Do not emit `upgrade` if the server is just advertising its protocols
support as per RFC 7230 Section 6.7.
A server MAY send an Upgrade header field in any other response
to advertise that it implements support for upgrading to the
listed protocols, in order of descending preference, when
appropriate for a future request.
Fix: #4334
PR-URL: #4337
Reviewed-By: Ben Noordhuis <[email protected]>
|
When can we expect this feature to be added to the core? |
|
@umutm It's tagged |
|
@silverwind good catch. Glad you saw that. Backing it out of staging |
rvagg
added a commit
that referenced
this pull request
Feb 21, 2016
* buffer:
- You can now supply an encoding argument when filling a
Buffer Buffer#fill(string[, start[, end]][, encoding]), supplying
an existing Buffer will also work with
Buffer#fill(buffer[, start[, end]]). See the API documentation for
details on how this works. (Trevor Norris) #4935
- Buffer#indexOf() no longer requires a byteOffset argument if you
also wish to specify an encoding:
Buffer#indexOf(val[, byteOffset][, encoding]).
(Trevor Norris) #4803
* child_process: spawn() and spawnSync() now support a 'shell' option
to allow for optional execution of the given command inside a shell.
If set to true, cmd.exe will be used on Windows and /bin/sh
elsewhere. A path to a custom shell can also be passed to override
these defaults. On Windows, this option allows .bat. and .cmd files
to be executed with spawn() and spawnSync(). (Colin Ihrig) #4598
* http_parser: Update to http-parser 2.6.2 to fix an unintentionally
strict limitation of allowable header characters.
(James M Snell) #5237
* dgram: socket.send() now supports accepts an array of Buffers or
Strings as the first argument. See the API docs for details on how
this works. (Matteo Collina) #4374
* http: Fix a bug where handling headers will mistakenly trigger an
'upgrade' event where the server is just advertising its protocols.
This bug can prevent HTTP clients from communicating with HTTP/2
enabled servers. (Fedor Indutny) #4337
* net: Added a listening Boolean property to net and http servers to
indicate whether the server is listening for connections.
(José Moreira) #4743
* node: The C++ node::MakeCallback() API is now reentrant and calling
it from inside another MakeCallback() call no longer causes the
nextTick queue or Promises microtask queue to be processed out of
order. (Trevor Norris) #4507
* tls: Add a new tlsSocket.getProtocol() method to get the negotiated
TLS protocol version of the current connection. (Brian White) #4995
* vm: Introduce new 'produceCachedData' and 'cachedData' options to
new vm.Script() to interact with V8's code cache. When a new
vm.Script object is created with the 'produceCachedData' set to true
a Buffer with V8's code cache data will be produced and stored in
cachedData property of the returned object. This data in turn may be
supplied back to another vm.Script() object with a 'cachedData'
option if the supplied source is the same. Successfully executing a
script from cached data can speed up instantiation time. See the API
docs for details. (Fedor Indutny) #4777
* performance: Improvements in:
- process.nextTick() (Ruben Bridgewater) #5092
- path module (Brian White) #5123
- querystring module (Brian White) #5012
- streams module when processing small chunks (Matteo Collina) #4354
rvagg
added a commit
that referenced
this pull request
Feb 21, 2016
* buffer:
- You can now supply an encoding argument when filling a
Buffer Buffer#fill(string[, start[, end]][, encoding]), supplying
an existing Buffer will also work with
Buffer#fill(buffer[, start[, end]]). See the API documentation for
details on how this works. (Trevor Norris) #4935
- Buffer#indexOf() no longer requires a byteOffset argument if you
also wish to specify an encoding:
Buffer#indexOf(val[, byteOffset][, encoding]).
(Trevor Norris) #4803
* child_process: spawn() and spawnSync() now support a 'shell' option
to allow for optional execution of the given command inside a shell.
If set to true, cmd.exe will be used on Windows and /bin/sh
elsewhere. A path to a custom shell can also be passed to override
these defaults. On Windows, this option allows .bat. and .cmd files
to be executed with spawn() and spawnSync(). (Colin Ihrig) #4598
* http_parser: Update to http-parser 2.6.2 to fix an unintentionally
strict limitation of allowable header characters.
(James M Snell) #5237
* dgram: socket.send() now supports accepts an array of Buffers or
Strings as the first argument. See the API docs for details on how
this works. (Matteo Collina) #4374
* http: Fix a bug where handling headers will mistakenly trigger an
'upgrade' event where the server is just advertising its protocols.
This bug can prevent HTTP clients from communicating with HTTP/2
enabled servers. (Fedor Indutny) #4337
* net: Added a listening Boolean property to net and http servers to
indicate whether the server is listening for connections.
(José Moreira) #4743
* node: The C++ node::MakeCallback() API is now reentrant and calling
it from inside another MakeCallback() call no longer causes the
nextTick queue or Promises microtask queue to be processed out of
order. (Trevor Norris) #4507
* tls: Add a new tlsSocket.getProtocol() method to get the negotiated
TLS protocol version of the current connection. (Brian White) #4995
* vm: Introduce new 'produceCachedData' and 'cachedData' options to
new vm.Script() to interact with V8's code cache. When a new
vm.Script object is created with the 'produceCachedData' set to true
a Buffer with V8's code cache data will be produced and stored in
cachedData property of the returned object. This data in turn may be
supplied back to another vm.Script() object with a 'cachedData'
option if the supplied source is the same. Successfully executing a
script from cached data can speed up instantiation time. See the API
docs for details. (Fedor Indutny) #4777
* performance: Improvements in:
- process.nextTick() (Ruben Bridgewater) #5092
- path module (Brian White) #5123
- querystring module (Brian White) #5012
- streams module when processing small chunks (Matteo Collina) #4354
rvagg
added a commit
that referenced
this pull request
Feb 23, 2016
* buffer:
- You can now supply an encoding argument when filling a
Buffer Buffer#fill(string[, start[, end]][, encoding]), supplying
an existing Buffer will also work with
Buffer#fill(buffer[, start[, end]]). See the API documentation for
details on how this works. (Trevor Norris) #4935
- Buffer#indexOf() no longer requires a byteOffset argument if you
also wish to specify an encoding:
Buffer#indexOf(val[, byteOffset][, encoding]).
(Trevor Norris) #4803
* child_process: spawn() and spawnSync() now support a 'shell' option
to allow for optional execution of the given command inside a shell.
If set to true, cmd.exe will be used on Windows and /bin/sh
elsewhere. A path to a custom shell can also be passed to override
these defaults. On Windows, this option allows .bat. and .cmd files
to be executed with spawn() and spawnSync(). (Colin Ihrig) #4598
* http_parser: Update to http-parser 2.6.2 to fix an unintentionally
strict limitation of allowable header characters.
(James M Snell) #5237
* dgram: socket.send() now supports accepts an array of Buffers or
Strings as the first argument. See the API docs for details on how
this works. (Matteo Collina) #4374
* http: Fix a bug where handling headers will mistakenly trigger an
'upgrade' event where the server is just advertising its protocols.
This bug can prevent HTTP clients from communicating with HTTP/2
enabled servers. (Fedor Indutny) #4337
* net: Added a listening Boolean property to net and http servers to
indicate whether the server is listening for connections.
(José Moreira) #4743
* node: The C++ node::MakeCallback() API is now reentrant and calling
it from inside another MakeCallback() call no longer causes the
nextTick queue or Promises microtask queue to be processed out of
order. (Trevor Norris) #4507
* tls: Add a new tlsSocket.getProtocol() method to get the negotiated
TLS protocol version of the current connection. (Brian White) #4995
* vm: Introduce new 'produceCachedData' and 'cachedData' options to
new vm.Script() to interact with V8's code cache. When a new
vm.Script object is created with the 'produceCachedData' set to true
a Buffer with V8's code cache data will be produced and stored in
cachedData property of the returned object. This data in turn may be
supplied back to another vm.Script() object with a 'cachedData'
option if the supplied source is the same. Successfully executing a
script from cached data can speed up instantiation time. See the API
docs for details. (Fedor Indutny) #4777
* performance: Improvements in:
- process.nextTick() (Ruben Bridgewater) #5092
- path module (Brian White) #5123
- querystring module (Brian White) #5012
- streams module when processing small chunks (Matteo Collina) #4354
PR-URL: #5295
rvagg
added a commit
that referenced
this pull request
Feb 24, 2016
* buffer:
- You can now supply an encoding argument when filling a
Buffer Buffer#fill(string[, start[, end]][, encoding]), supplying
an existing Buffer will also work with
Buffer#fill(buffer[, start[, end]]). See the API documentation for
details on how this works. (Trevor Norris) #4935
- Buffer#indexOf() no longer requires a byteOffset argument if you
also wish to specify an encoding:
Buffer#indexOf(val[, byteOffset][, encoding]).
(Trevor Norris) #4803
* child_process: spawn() and spawnSync() now support a 'shell' option
to allow for optional execution of the given command inside a shell.
If set to true, cmd.exe will be used on Windows and /bin/sh
elsewhere. A path to a custom shell can also be passed to override
these defaults. On Windows, this option allows .bat. and .cmd files
to be executed with spawn() and spawnSync(). (Colin Ihrig) #4598
* http_parser: Update to http-parser 2.6.2 to fix an unintentionally
strict limitation of allowable header characters.
(James M Snell) #5237
* dgram: socket.send() now supports accepts an array of Buffers or
Strings as the first argument. See the API docs for details on how
this works. (Matteo Collina) #4374
* http: Fix a bug where handling headers will mistakenly trigger an
'upgrade' event where the server is just advertising its protocols.
This bug can prevent HTTP clients from communicating with HTTP/2
enabled servers. (Fedor Indutny) #4337
* net: Added a listening Boolean property to net and http servers to
indicate whether the server is listening for connections.
(José Moreira) #4743
* node: The C++ node::MakeCallback() API is now reentrant and calling
it from inside another MakeCallback() call no longer causes the
nextTick queue or Promises microtask queue to be processed out of
order. (Trevor Norris) #4507
* tls: Add a new tlsSocket.getProtocol() method to get the negotiated
TLS protocol version of the current connection. (Brian White) #4995
* vm: Introduce new 'produceCachedData' and 'cachedData' options to
new vm.Script() to interact with V8's code cache. When a new
vm.Script object is created with the 'produceCachedData' set to true
a Buffer with V8's code cache data will be produced and stored in
cachedData property of the returned object. This data in turn may be
supplied back to another vm.Script() object with a 'cachedData'
option if the supplied source is the same. Successfully executing a
script from cached data can speed up instantiation time. See the API
docs for details. (Fedor Indutny) #4777
* performance: Improvements in:
- process.nextTick() (Ruben Bridgewater) #5092
- path module (Brian White) #5123
- querystring module (Brian White) #5012
- streams module when processing small chunks (Matteo Collina) #4354
PR-URL: #5295
MylesBorins
pushed a commit
to MylesBorins/node
that referenced
this pull request
Mar 1, 2016
Do not emit `upgrade` if the server is just advertising its protocols
support as per RFC 7230 Section 6.7.
A server MAY send an Upgrade header field in any other response
to advertise that it implements support for upgrading to the
listed protocols, in order of descending preference, when
appropriate for a future request.
Fix: nodejs#4334
PR-URL: nodejs#4337
Reviewed-By: Ben Noordhuis <[email protected]>
MylesBorins
pushed a commit
that referenced
this pull request
Mar 1, 2016
Do not emit `upgrade` if the server is just advertising its protocols
support as per RFC 7230 Section 6.7.
A server MAY send an Upgrade header field in any other response
to advertise that it implements support for upgrading to the
listed protocols, in order of descending preference, when
appropriate for a future request.
Fix: #4334
PR-URL: #4337
Reviewed-By: Ben Noordhuis <[email protected]>
MylesBorins
pushed a commit
that referenced
this pull request
Mar 2, 2016
Do not emit `upgrade` if the server is just advertising its protocols
support as per RFC 7230 Section 6.7.
A server MAY send an Upgrade header field in any other response
to advertise that it implements support for upgrading to the
listed protocols, in order of descending preference, when
appropriate for a future request.
Fix: #4334
PR-URL: #4337
Reviewed-By: Ben Noordhuis <[email protected]>
scovetta
pushed a commit
to scovetta/node
that referenced
this pull request
Apr 2, 2016
Do not emit `upgrade` if the server is just advertising its protocols
support as per RFC 7230 Section 6.7.
A server MAY send an Upgrade header field in any other response
to advertise that it implements support for upgrading to the
listed protocols, in order of descending preference, when
appropriate for a future request.
Fix: nodejs#4334
PR-URL: nodejs#4337
Reviewed-By: Ben Noordhuis <[email protected]>
|
Any chance that this fix will be added to v0.10 to make the older Nodejsversions compatible with HTTP/2? |
|
@umutm I don't know if any collaborators are interested in back-porting it but you're welcome to give it a go; the v0.12-staging and v0.10-staging branches are what you want to target. |
|
@bnoordhuis Thanks very much for the update. Although I'd love to, that is over my talent and had wondered if there was any official decision to make older versions HTTP\2 compatible. Thanks very much again. |
|
afaik 0.10 and 0.12 are not going to be getting any non security upgrades. /cc @nodejs/lts |
|
0.12 entered Maintenance this month and joins 0.10, the bar is pretty high for getting changes in to those branches however given the importance of this change to supporting modern servers I think we might be at least open to have a discussion about if if someone were to put pull requests to those staging branches. Your best bet is to migrate to v4+ tbh, there's so much additional work that's gone in to making v4 a really solid platform. |
|
Please also note that this is a breaking change, some programs that work right now on v0.10/v0.12 may become broken after backporting it. Can we afford this? |
|
Also, strange enough, there is not much demand for this. It is either "big hosting companies didn't update their Apache versions yet so that HTTP requests work fine for many" or the majority uses v4+. We have performed a switch to v4, experiencing an issue there (couldn't clarify yet) and wanted to double check if the v0.1+ would get this feature. An totally understand the difficulty of maintaining/updating such older versions. Thanks you very much again for all the help. |
@umutm Probably not very immediately at the least, if at all. If you need help upgrading to v4 we have a full list of breaking changes v0.10 -> v4. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Do not emit
upgradeif the server is just advertising its protocolssupport as per RFC 7230 Section 6.7.
Fix: #4334
cc @nodejs/http
R?=@mscdex or @bnoordhuis