What happens if an HTTP/2 proxy forwards a Connect as an HTTP/1.1. request

ietf-wg-masque / draft-ietf-masque-connect-udp

Other

29 stars 9 forks source link

What happens if an HTTP/2 proxy forwards a Connect as an HTTP/1.1. request #166

Closed gloinul closed 2 years ago

gloinul commented 2 years ago

Looking at the changes in the document I think I have picked up on another potential issue. Due to the discussion in https://github.com/ietf-wg-masque/draft-ietf-masque-connect-udp/issues/148 I have to ask what happens if the client issues an Connect request over HTTP/2 that is then changed into an HTTP/1.1 request by an intermediate HTTP proxy in front of the actual MASQUE server. I don’t think this issue is discussed and what a MASQUE server does if it gets a CONNECT request with an Connect-UDP upgrade header.

DavidSchinazi commented 2 years ago

In that scenario, the client will send:

HTTP/2 HEADERS
:method = CONNECT
:protocol = connect-udp
:scheme = https
:path = /.well-known/masque/udp/192.0.2.42/443/
:authority = proxy.example.org

and the intermediary converting from HTTP/2 to HTTP/1.1 will convert that to:

GET https://proxy.example.org/.well-known/masque/udp/192.0.2.42/443/ HTTP/1.1
Host: proxy.example.org
Connection: Upgrade
Upgrade: connect-udp

That works as expected. Are you saying there's a problem here?

LPardue commented 2 years ago

Probably worth a mention in this spec, like CONNECT already does, that a proxy can forward CONNECT-UDP requests to a proxy it has configured.

I don't think much more detail is required than that. Such a proxy needs to follow the normative requirements set out else where. Concerns about converting requests between HTTP versions are common and not terribly unique here.

DavidSchinazi commented 2 years ago

That sounds like a worthwhile clarification. Tagging as editorial.