Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Understanding the value of the header HTTP2-Settings used for http/2 requests and upgrade

I'm writing a simple app to determine if certain websites support http/2.

Based on what I've read in the draft:

https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-http2-07#section-3.2

I should be able to do a get request such as

GET / HTTP/1.1
Host: server.example.com
Connection: Upgrade, HTTP2-Settings
Upgrade: h2c
HTTP2-Settings: <base64url encoding of HTTP/2 SETTINGS payload>

and then if they support http/2 the response should be something like:

 HTTP/1.1 101 Switching Protocols
 Connection: Upgrade
 Upgrade: HTTP/2.0

 [ HTTP/2.0 connection ...

I'm trying to understand exactly what the value of the HTTP2-Settings request header should be.

I'm hoping someone can explain what information should be included with an example.

like image 524
James Moore Avatar asked May 22 '15 15:05

James Moore


People also ask

How does HTTP2 improve performance of HTTP communication?

Specifically, it allows interleaving of request and response messages on the same connection and uses an efficient coding for HTTP header fields. It also allows prioritization of requests, letting more important requests complete more quickly, further improving performance.

What is HTTP2 used for?

HTTP/2 enables full request and response multiplexing. In practice, this means a connection made to a web server from your browser can be used to send multiple requests and receive multiple responses. This gets rid of a lot of the additional time that it takes to establish a new connection for each request.

What benefits does HTTP2 offer over HTTP?

HTTP2 is more secure as it uses binary protocol instead of plaintext. HTTP/2 allows the user to have a better web experience by reducing the page load time considerably. It needs the header to be sent just once in binary codes to increase speed.

How do I calculate HTTP2?

Google Chrome offers a quick and easy way to check if HTTP/2 is supported on your SSL-enabled site. First, visit your site in Chrome over HTTPS. There you'll see your site listed with protocol h2, confirming your site works over HTTP/2.


2 Answers

HTTP/2 has reached the status of official standard.

You will have very little luck in determining whether websites support HTTP/2 by using the cleartext upgrade mechanism.

The reason is that browsers don't support this style of upgrade to HTTP/2 (they all prefer using ALPN over TLS), and therefore neither servers do.

[Disclaimer, I am a Jetty committer and the Jetty HTTP/2 implementor]. For example, Jetty does support this style of upgrade (and even direct HTTP/2), see for example these tests, but we don't deploy it on our own website, https://webtide.com, for the reasons above.

You don't need to send something in this upgrade SETTINGS frame, you want to only send it if you want to configure the server before it gets a chance to speak back HTTP/2 to you, but typically default values are ok.

Remember that, as part of the connection preface, the client has to send another SETTINGS frame, which also can be empty or contain configuration parameters. Typically HTTP/2 client APIs such as the Jetty HTTP2Client will allow you to easily configure the SETTINGS frame that is part of the preface, because it's what will be use in both the upgrade mechanism and the ALPN mechanism.

A minimal, valid value for the HTTP2-Settings header is the empty string:

GET / HTTP/1.1
Host: host
Connection: Upgrade, HTTP2-Settings
Upgrade: h2c
HTTP2-Settings:
User-Agent: whatever

Otherwise you need to create a SETTINGS frame payload (only the bytes defined here, and hence without the 9 octet frame header defined here), and then convert those bytes using base64 as defined here.

For the purpose of your tests, an empty HTTP2-Settings header will do, but as I said, you will most certainly not detecting whether a website supports HTTP/2: your upgrade will fail, but the website may well support HTTP/2 over TLS via ALPN.

like image 104
sbordet Avatar answered Sep 30 '22 12:09

sbordet


This site http://nghttp2.org/ accepts non encrypted HTTP2 (h2c) connections, so doing:

GET / HTTP/1.1
Host: nghttp2.org
Connection: Upgrade, HTTP2-Settings
Upgrade: h2c
HTTP2-Settings:
User-Agent: whatever

As suggested by sbordet does produce a "101 Switching Protocols" response from the server.

like image 20
Ferares Avatar answered Sep 30 '22 11:09

Ferares