#793 closed defect (invalid)
HTTP/2 defaults differ from spdy/http, change of behavior with default configs.
Reported by: | Pyry Hakulinen | Owned by: | Valentin V. Bartenev |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-module | Version: | 1.9.x |
Keywords: | http2 | Cc: | |
uname -a: | Linux hostname 3.16.0-0.bpo.4-amd64 #1 SMP Debian 3.16.7-ckt2-1~bpo70+1 (2014-12-08) x86_64 GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.9.4
built by gcc 4.7.2 (Debian 4.7.2-5) built with OpenSSL 1.0.2d 9 Jul 2015 TLS SNI support enabled configure arguments: --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --conf-path=/usr/local/etc/nginx.conf --error-log-path=/var/log/nginx/error_log --http-log-path=/var/log/nginx/access_log --sbin-path=/usr/local/sbin/nginx --with-openssl=../openssl-1.0.2d/ --with-http_auth_request_module --with-threads --with-file-aio --add-module=../ngx_cache_purge-2.3/ --with-debug |
Description
Maximum length for single header (and in total) for http, https, and spdy uses:
large_client_header_buffers 4 8k;
But HTTP/2 module defaults to:
http2_max_field_size 4k; http2_max_header_size 16k;
This leads to situation that very long header lines worked with SPDY, but will now break with HTTP/2. Also it leads to inconsistent functionality/limits between http/1.x and http/2.0
For backwards compatibility I would suggest changing HTTP/2 defaults to 8k and 32k.
Steps to reproduce (Using Chrome and patch.http2-v6_1.9.4.txt) :
1) setup http/2 nginx server with minimal config (allow http and http/2)
2) Go to http://server
3) Set 2 cookies using javascript:
document.cookie="username=" + "a".repeat(3000);document.cookie="username2=" + "a".repeat(3000);
4) Reload the page, and it will work just fine
4) Navigate to https://server and you will get a Chrome error page saying "ERR_CONNECTION_CLOSED", because header length is too long.
Also (while probably not directly related) you will not get any error page, the connection will just close, on http if you go over the 8k limit you will see the default error page:
400 Bad Request Request Header Or Cookie Too Large
Change History (5)
comment:1 by , 9 years ago
Milestone: | 1.9.5 |
---|
comment:2 by , 9 years ago
comment:3 by , 9 years ago
Owner: | set to |
---|---|
Status: | new → assigned |
comment:4 by , 9 years ago
Resolution: | → invalid |
---|---|
Status: | assigned → closed |
The values of these directives cannot be matched to large_client_header_buffers
, since the headers in HTTP/2 have different representation, and the directives limit amount of memory used for reading compressed headers.
comment:5 by , 9 years ago
Regarding the error message, there is no way to return HTTP response in case of HTTP/2 connection level error.
Ticket retargeted after milestone closed