Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#793 closed defect (invalid)

HTTP/2 defaults differ from spdy/http, change of behavior with default configs.

Reported by: Pyry Hakulinen Owned by: Valentin V. Bartenev
Priority: minor Milestone:
Component: nginx-module Version: 1.9.x
Keywords: http2 Cc:
uname -a: Linux hostname 3.16.0-0.bpo.4-amd64 #1 SMP Debian 3.16.7-ckt2-1~bpo70+1 (2014-12-08) x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.9.4
built by gcc 4.7.2 (Debian 4.7.2-5)
built with OpenSSL 1.0.2d 9 Jul 2015
TLS SNI support enabled
configure arguments: --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --conf-path=/usr/local/etc/nginx.conf --error-log-path=/var/log/nginx/error_log --http-log-path=/var/log/nginx/access_log --sbin-path=/usr/local/sbin/nginx --with-openssl=../openssl-1.0.2d/ --with-http_auth_request_module --with-threads --with-file-aio --add-module=../ngx_cache_purge-2.3/ --with-debug


Maximum length for single header (and in total) for http, https, and spdy uses:

large_client_header_buffers 4 8k;

But HTTP/2 module defaults to:

http2_max_field_size 4k;
http2_max_header_size 16k;

This leads to situation that very long header lines worked with SPDY, but will now break with HTTP/2. Also it leads to inconsistent functionality/limits between http/1.x and http/2.0

For backwards compatibility I would suggest changing HTTP/2 defaults to 8k and 32k.

Steps to reproduce (Using Chrome and patch.http2-v6_1.9.4.txt) :
1) setup http/2 nginx server with minimal config (allow http and http/2)
2) Go to http://server
3) Set 2 cookies using javascript:

document.cookie="username=" + "a".repeat(3000);document.cookie="username2=" + "a".repeat(3000);

4) Reload the page, and it will work just fine
4) Navigate to https://server and you will get a Chrome error page saying "ERR_CONNECTION_CLOSED", because header length is too long.

Also (while probably not directly related) you will not get any error page, the connection will just close, on http if you go over the 8k limit you will see the default error page:

400 Bad Request

Request Header Or Cookie Too Large

Change History (5)

comment:1 by maxim, 5 years ago

Milestone: 1.9.5

Ticket retargeted after milestone closed

comment:2 by Pyry Hakulinen, 5 years ago

Looks like this was related to #792 and fixed in r6248 and/or r6249. I can't reproduce the issue in nginx-1.9.5. This ticket can be closed.

comment:3 by maxim, 5 years ago

Owner: set to Valentin V. Bartenev
Status: newassigned

comment:4 by Valentin V. Bartenev, 5 years ago

Resolution: invalid
Status: assignedclosed

The values of these directives cannot be matched to large_client_header_buffers, since the headers in HTTP/2 have different representation, and the directives limit amount of memory used for reading compressed headers.

comment:5 by Valentin V. Bartenev, 5 years ago

Regarding the error message, there is no way to return HTTP response in case of HTTP/2 connection level error.

Note: See TracTickets for help on using tickets.