Add pref for EH over HTTP1.1
Categories
(Core :: Networking: HTTP, task, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox129 | --- | fixed |
People
(Reporter: valentin, Assigned: sekim)
References
(Blocks 1 open bug)
Details
(Whiteboard: [necko-triaged])
Attachments
(1 file)
We should have a static pref that controls whether we accept early hints sent over a H1.1 connection.
|
||
Comment 1•1 years ago
|
||
What Early Hints RFC has to say about early hints over h1.1:
In particular, an HTTP/1.1 client that mishandles an informational response as a final response is likely to consider all responses to the succeeding requests sent over the same connection to be part of the final response. Such behavior might constitute a cross-origin information disclosure vulnerability in case the client multiplexes requests to different origins onto a single persistent connection.
Therefore, a server might refrain from sending 103 (Early Hints) responses over HTTP/1.1 unless the client is known to handle informational responses correctly.
Is there a way to check the HTTP version in MaybeCreateAndInsertPreload in EarlyHintPreloader.cpp? (referring to https://searchfox.org/mozilla-central/source/netwerk/protocol/http/EarlyHintPreloader.cpp#198)
|
Reporter | |
Comment 4•9 months ago
|
||
The early hint is dispatched from here
We can check the version by checking mConnection->Version() or mResponseHead->Version().
The pref could go here.
You can probably check the pref in the if (status == 103) { line - something like pseudocode: if status == 103 && (allow_103_over_h1 || mResponseHead->Version() != h1)
|
||
Comment 7•8 months ago
|
||
| bugherder | ||
Description
•