I'm writing a simple app to determine if certain websites support http/2.
Based on what I've read in the draft:
https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-http2-07#section-3.2
I should be able to do a get request such as
GET / HTTP/1.1
Host: server.example.com
Connection: Upgrade, HTTP2-Settings
Upgrade: h2c
HTTP2-Settings: <base64url encoding of HTTP/2 SETTINGS payload>
and then if they support http/2 the response should be something like:
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: HTTP/2.0
[ HTTP/2.0 connection ...
I'm trying to understand exactly what the value of the HTTP2-Settings
request header should be.
I'm hoping someone can explain what information should be included with an example.
Specifically, it allows interleaving of request and response messages on the same connection and uses an efficient coding for HTTP header fields. It also allows prioritization of requests, letting more important requests complete more quickly, further improving performance.
HTTP/2 enables full request and response multiplexing. In practice, this means a connection made to a web server from your browser can be used to send multiple requests and receive multiple responses. This gets rid of a lot of the additional time that it takes to establish a new connection for each request.
HTTP2 is more secure as it uses binary protocol instead of plaintext. HTTP/2 allows the user to have a better web experience by reducing the page load time considerably. It needs the header to be sent just once in binary codes to increase speed.
Google Chrome offers a quick and easy way to check if HTTP/2 is supported on your SSL-enabled site. First, visit your site in Chrome over HTTPS. There you'll see your site listed with protocol h2, confirming your site works over HTTP/2.
HTTP/2 has reached the status of official standard.
You will have very little luck in determining whether websites support HTTP/2 by using the cleartext upgrade mechanism.
The reason is that browsers don't support this style of upgrade to HTTP/2 (they all prefer using ALPN over TLS), and therefore neither servers do.
[Disclaimer, I am a Jetty committer and the Jetty HTTP/2 implementor]. For example, Jetty does support this style of upgrade (and even direct HTTP/2), see for example these tests, but we don't deploy it on our own website, https://webtide.com, for the reasons above.
You don't need to send something in this upgrade SETTINGS frame, you want to only send it if you want to configure the server before it gets a chance to speak back HTTP/2 to you, but typically default values are ok.
Remember that, as part of the connection preface, the client has to send another SETTINGS frame, which also can be empty or contain configuration parameters. Typically HTTP/2 client APIs such as the Jetty HTTP2Client will allow you to easily configure the SETTINGS frame that is part of the preface, because it's what will be use in both the upgrade mechanism and the ALPN mechanism.
A minimal, valid value for the HTTP2-Settings
header is the empty string:
GET / HTTP/1.1
Host: host
Connection: Upgrade, HTTP2-Settings
Upgrade: h2c
HTTP2-Settings:
User-Agent: whatever
Otherwise you need to create a SETTINGS frame payload (only the bytes defined here, and hence without the 9 octet frame header defined here), and then convert those bytes using base64 as defined here.
For the purpose of your tests, an empty HTTP2-Settings
header will do, but as I said, you will most certainly not detecting whether a website supports HTTP/2: your upgrade will fail, but the website may well support HTTP/2 over TLS via ALPN.
This site http://nghttp2.org/ accepts non encrypted HTTP2 (h2c) connections, so doing:
GET / HTTP/1.1
Host: nghttp2.org
Connection: Upgrade, HTTP2-Settings
Upgrade: h2c
HTTP2-Settings:
User-Agent: whatever
As suggested by sbordet does produce a "101 Switching Protocols" response from the server.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With