HttpClient does not support cleartext HTTP/2 over http(s) proxies - Githubissues

dotnet / runtime

.NET is a cross-platform runtime for cloud, mobile, desktop, and IoT apps.

https://docs.microsoft.com/dotnet/core/

MIT License

14.87k stars 4.63k forks source link

HttpClient does not support cleartext HTTP/2 over http(s) proxies #99689

Open MihaZupan opened 5 months ago

MihaZupan commented 5 months ago

From https://github.com/dotnet/aspire/issues/1818

We support many combinations of requests and proxies, but we don't allow non-https HTTP/2 when talking through an HTTP(s) proxy.

	HTTP(s) proxy	SOCKS proxy
HTTP 1.1	✅	✅
HTTPS 1.1	✅(CONNECT)	✅
HTTP 2	❌	✅
HTTPS 2	✅(CONNECT)	✅
HTTP 1.1 WebSockets	✅(CONNECT w/o TLS)	✅
HTTPS 1.1 WebSockets	✅(CONNECT)	✅

This scenario currently gets blocked because we pick a HttpConnectionKind.Proxy pool variant here, which is limited to HTTP/1.1.

Similarly to how we use the CONNECT tunnel for non-https WebSockets, we could proxy non-HTTPS H2 that way as well (as long as the policy used isn't RequestVersionOrLower).

dotnet-policy-service[bot] commented 5 months ago

Tagging subscribers to this area: @dotnet/ncl See info in area-owners.md if you want to be subscribed.