CONNECT request sent over h2 connection has both :scheme and :path headers leading to protocol error response from server.
Such requests are rejected by hyper on server side:
The ":scheme" and ":path" pseudo-header fields MUST be omitted
This was reproduced with roughly such code:
let proxy_io = hyper_util::rt::TokioIo::new(tcp_stream);
let (mut sender, conn) =
hyper::client::conn::http2::handshake(hyper_util::rt::TokioExecutor::new(), proxy_io)
.await
.context("HTTP2 handshake created")?;
tokio::task::spawn(async move {
if let Err(err) = conn.await {
tracing::error!("Connection failed: {:?}", err);
}
});
let uri = hyper::Uri::builder()
.scheme("https".parse::<http::uri::Scheme>().unwrap())
.authority("tunnel.example.com")
.path_and_query("/")
.build()
.context("Gateway URI constructed")?;
let connect_req = hyper::Request::builder()
.uri(uri)
.method(hyper::Method::CONNECT)
.body(http_body_util::Empty::<hyper::body::Bytes>::new())
.context("Request constructed")?;
let connect_resp = sender
.send_request(connect_req)
.await
.context("Request was sent")?;
Even when URI is constructed with "none" scheme and empty path_and_query the request on wire still has both fields:
let uri = hyper::Uri::builder()
.scheme("".parse::<http::uri::Scheme>().unwrap())
.authority("tunnel.example.com")
.path_and_query("")
.build()
.context("Gateway URI constructed")?;
CONNECT
request sent overh2
connection has both:scheme
and:path
headers leading to protocol error response from server. Such requests are rejected by hyper on server side:This happen due to violation of 8.5. The CONNECT Method:
This was reproduced with roughly such code:
Even when
URI
is constructed with "none" scheme and emptypath_and_query
the request on wire still has both fields: