Does plaintext HTTP/2 support request body?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Does plaintext HTTP/2 support request body?

John Jiang
Hi,
I'm using standalone Jetty 9.3.8.
It looks that the plaintext HTTP/2 doesn't support request body.
If a request includes body, the upgrade will fail.

Thanks!

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: Does plaintext HTTP/2 support request body?

Simone Bordet-3
Hi,

On Sun, May 1, 2016 at 5:36 PM, John Jiang <[hidden email]> wrote:
> Hi,
> I'm using standalone Jetty 9.3.8.
> It looks that the plaintext HTTP/2 doesn't support request body.

Sure it does.

> If a request includes body, the upgrade will fail.

Upgrades cannot have a request body.

Perhaps it is better if you explain what you are trying to do.

The fact that you are mixing HTTP/1.1 upgrade and cleartext HTTP/2
makes me think you are way offroad, but unfortunately you don't say
what you're doing, so cannot help much.

--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: Does plaintext HTTP/2 support request body?

John Jiang
Hi Simone,
Sorry for my bad expression. I just concerned the HTTP/1.1 upgrade.
I did some tests with curl for my Jetty server (9.3.8 with h2 and h2c support).

1. curl -v --http2 http://host:port
The test worked, and the upgrade was successful.

2. curl -v --http2 -d "body" http://host:port
The test didn't work, and the upgrade was failed.

3. curl -v --http2 -d "body" https://host:sslport
Absolutely, the test worked on ALPN.

I just want to confirm this point.
Why does Jetty implement the upgrade in that way?
It seems that HTTP/2 spec doesn't indicate the upgrade with request body is illegal.

Thanks!

2016-05-01 23:48 GMT+08:00 Simone Bordet <[hidden email]>:
Hi,

On Sun, May 1, 2016 at 5:36 PM, John Jiang <[hidden email]> wrote:
> Hi,
> I'm using standalone Jetty 9.3.8.
> It looks that the plaintext HTTP/2 doesn't support request body.

Sure it does.

> If a request includes body, the upgrade will fail.

Upgrades cannot have a request body.

Perhaps it is better if you explain what you are trying to do.

The fact that you are mixing HTTP/1.1 upgrade and cleartext HTTP/2
makes me think you are way offroad, but unfortunately you don't say
what you're doing, so cannot help much.

--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users


_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: Does plaintext HTTP/2 support request body?

Greg Wilkins
John,

It is a difficult case as the issue is how do you handle a large body that needs to be processed as a stream?

As soon as the upgrade is accepted, the server has to respond that it is changing protocols and can begin sending the h2 response to the h1 request.     We can read the request as h1 and write the response as h2 because the h2 output stream is actually 2 way and requires window updates to be sent.  These updates can't just be sent after the request body as you can dead lock if the response consumes all the h2 flow control window it will block in a write and thus may not continue to consume the h1 request body!

The alternative is to buffer the entire h1 request body in memory before the upgrade, but you are opening yourself up for a DOS attack by doing that, unless you limit the size of the request body to something very small.

We need to think about this some more and discuss it to see if there is something better we can do.... but it is not simple.

regards











On 2 May 2016 at 10:55, John Jiang <[hidden email]> wrote:
Hi Simone,
Sorry for my bad expression. I just concerned the HTTP/1.1 upgrade.
I did some tests with curl for my Jetty server (9.3.8 with h2 and h2c support).

1. curl -v --http2 http://host:port
The test worked, and the upgrade was successful.

2. curl -v --http2 -d "body" http://host:port
The test didn't work, and the upgrade was failed.

3. curl -v --http2 -d "body" https://host:sslport
Absolutely, the test worked on ALPN.

I just want to confirm this point.
Why does Jetty implement the upgrade in that way?
It seems that HTTP/2 spec doesn't indicate the upgrade with request body is illegal.

Thanks!

2016-05-01 23:48 GMT+08:00 Simone Bordet <[hidden email]>:
Hi,

On Sun, May 1, 2016 at 5:36 PM, John Jiang <[hidden email]> wrote:
> Hi,
> I'm using standalone Jetty 9.3.8.
> It looks that the plaintext HTTP/2 doesn't support request body.

Sure it does.

> If a request includes body, the upgrade will fail.

Upgrades cannot have a request body.

Perhaps it is better if you explain what you are trying to do.

The fact that you are mixing HTTP/1.1 upgrade and cleartext HTTP/2
makes me think you are way offroad, but unfortunately you don't say
what you're doing, so cannot help much.

--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users


_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users



--

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: Does plaintext HTTP/2 support request body?

Simone Bordet-3
Hi,

On Mon, May 2, 2016 at 4:47 AM, Greg Wilkins <[hidden email]> wrote:
> John,
>
> It is a difficult case as the issue is how do you handle a large body that
> needs to be processed as a stream?

But I fail to see how an Upgrade request body can be processed by an
application.
We handle upgrades at the container level, and we never invoke the
application, so even if there is an Upgrade request body, those bytes
will never be passed or otherwise interpreted by an application, so
they are as good as discarded.

Even Servlet 3.1's HttpUpgradeHandler is not meant to handle Upgrade
request content, but only handle *after* upgrade scenarios.

--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: Does plaintext HTTP/2 support request body?

Greg Wilkins

Simone,

With an upgrade from h1 to h2, the h1 request is still sent to the servlet container, only that it's response is not delivered over h1 rather over stream 1 of the h2 connection.   This allows the request in the upgrade to always be handled in a single round trip.

So theoretically we could:
  1. receive the upgrade request
  2. buffer the entire content
  3. accept the upgrade to h2
  4. dispatch the request to the handlers
  5. feed in the buffered request body to the request input stream
  6. feed the response output stream to the h2 stream 1
But as I said, we would have to put a limit on the size of the request body.

cheers






On 2 May 2016 at 19:55, Simone Bordet <[hidden email]> wrote:
Hi,

On Mon, May 2, 2016 at 4:47 AM, Greg Wilkins <[hidden email]> wrote:
> John,
>
> It is a difficult case as the issue is how do you handle a large body that
> needs to be processed as a stream?

But I fail to see how an Upgrade request body can be processed by an
application.
We handle upgrades at the container level, and we never invoke the
application, so even if there is an Upgrade request body, those bytes
will never be passed or otherwise interpreted by an application, so
they are as good as discarded.

Even Servlet 3.1's HttpUpgradeHandler is not meant to handle Upgrade
request content, but only handle *after* upgrade scenarios.

--
Simone Bordet
----
http://cometd.org
http://webtide.com
Developer advice, training, services and support
from the Jetty & CometD experts.
_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users



--

_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users