Re: [BUG?] protocol.version=2 sends HTTP "Expect" headers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Nov 01, 2018 at 12:48:04AM +0000, brian m. carlson wrote:

> > So a few questions:
> > 
> >   - is this a bug or not? I.e., do we still need to care about proxies
> >     that can't handle Expect? The original commit was from 2011. Maybe
> >     things are better now. Or maybe that's blind optimism.
> > 
> >     Nobody has complained yet, but that's probably just because v2 isn't
> >     widely deployed yet.
> 
> HTTP/1.1 requires support for 100 Continue on the server side and in
> proxies (it is mandatory to implement).  The original commit disabling
> it (959dfcf42f ("smart-http: Really never use Expect: 100-continue",
> 2011-03-14)), describes proxies as the reason for disabling it.
> 
> It's my understanding that all major proxies (including, as of version
> 3.2, Squid) support HTTP/1.1 at this point.  Moreover, Kerberos is more
> likely to be used in enterprises, where proxies (especially poorly
> behaved and outright broken proxies) are more common.  We haven't seen
> any complaints about Kerberos support in a long time.  This leads me to
> believe that things generally work[0].

Rooting around in the archive a bit, I found this discussion:

  https://public-inbox.org/git/CAJo=hJvyorMjFYZnVwz4iZr88ewor6LuqOE-mpt4LsPyoddBqg@xxxxxxxxxxxxxx/

The original motivation for 959dfcf42f was apparently Google's own
servers. And they are likely the biggest users of the v2 protocol
(since my impression is that Google ships a modified client to most of
their devs that flips the v2 switch). So if they're not having problems,
maybe that's a sign that this is a non-issue.

> Finally, modern versions of libcurl also have a timeout after which they
> assume that the server is not going to respond and just send the request
> body anyways.  This makes the issue mostly moot.

I think this was always the case. It's just that it introduced annoying
stalls into the protocol.

> >   - alternatively, should we just leave it on for v2, and provide a
> >     config switch to disable it if you have a crappy proxy? I don't know
> >     how widespread the problem is, but I can imagine that the issue is
> >     subtle enough that most users wouldn't even know.
> 
> For the reasons I mentioned above, I'd leave it on for now.  Between
> libcurl and better proxy support, I think this issue is mostly solved.
> If we need to fix it in the future, we can, and people can fall back to
> older protocols via config in the interim.

OK. If nobody is complaining, this seems like a good way to ease into
the migration. I.e., if we dropped the old "suppress Expect headers"
code, people might complain that things are now broken. But if it
gradually follows the v2 adoptions, that's a bit more of a gentle curve
(well, until we hit the cliff where we switch the default to trying v2).

-Peff



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux