Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Does plaintext HTTP/2 support request body?
John,

It is a difficult case as the issue is how do you handle a large body that needs to be processed as a stream?

As soon as the upgrade is accepted, the server has to respond that it is changing protocols and can begin sending the h2 response to the h1 request.     We can read the request as h1 and write the response as h2 because the h2 output stream is actually 2 way and requires window updates to be sent.  These updates can't just be sent after the request body as you can dead lock if the response consumes all the h2 flow control window it will block in a write and thus may not continue to consume the h1 request body!

The alternative is to buffer the entire h1 request body in memory before the upgrade, but you are opening yourself up for a DOS attack by doing that, unless you limit the size of the request body to something very small.

We need to think about this some more and discuss it to see if there is something better we can do.... but it is not simple.

regards











On 2 May 2016 at 10:55, John Jiang <john.sha.jiang@xxxxxxxxx> wrote:
Hi Simone,
Sorry for my bad _expression_. I just concerned the HTTP/1.1 upgrade.
I did some tests with curl for my Jetty server (9.3.8 with h2 and h2c support).

1. curl -v --http2 http://host:port
The test worked, and the upgrade was successful.

2. curl -v --http2 -d "body" http://host:port
The test didn't work, and the upgrade was failed.

3. curl -v --http2 -d "body" https://host:sslport
Absolutely, the test worked on ALPN.

I just want to confirm this point.
Why does Jetty implement the upgrade in that way?
It seems that HTTP/2 spec doesn't indicate the upgrade with request body is illegal.

Thanks!

2016-05-01 23:48 GMT+08:00 Simone Bordet <sbordet@xxxxxxxxxxx>:
Hi,

On Sun, May 1, 2016 at 5:36 PM, John Jiang <john.sha.jiang@xxxxxxxxx> wrote:
> Hi,
> I'm using standalone Jetty 9.3.8.
> It looks that the plaintext HTTP/2 doesn't support request body.

Sure it does.

> If a request includes body, the upgrade will fail.

Upgrades cannot have a request body.

Perhaps it is better if you explain what you are trying to do.

The fact that you are mixing HTTP/1.1 upgrade and cleartext HTTP/2
makes me think you are way offroad, but unfortunately you don't say
what you're doing, so cannot help much.

--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users



--

Back to the top