uvicorn icon indicating copy to clipboard operation
uvicorn copied to clipboard

Published 20 hours ago verified publisher icon encode

Gracefully handle HTTP/2 upgrade request

Open ChristianCiach opened this issue 2 years ago • 6 comments

I know that HTTP/2 is out of scope of this project. But I am not asking to support HTTP/2.

More and more http clients try to upgrade the connection to HTTP/2. Uvicorn is free to not honor this request. Unfortunately, instead of ignoring the upgrade request, Uvicorn responds with status 400 Bad Request and the message "Unsupported upgrade request".

According to https://developer.mozilla.org/en-US/docs/Web/HTTP/Protocol_upgrade_mechanism the server should just ignore the upgrade request:

If the server decides to upgrade the connection, it sends back a 101 Switching Protocols response status with an Upgrade header that specifies the protocol(s) being switched to. If it does not (or cannot) upgrade the connection, it ignores the Upgrade header and sends back a regular response (for example, a 200 OK).

We continue to encounter this issue because the HttpClient class of modern OpenJDK versions tries to upgrade the connection to HTTP/2 by default. Uvicorn should just ignore these headers and process the requests as if these headers were not present.

ChristianCiach avatar May 25 '22 12:05 ChristianCiach

interesting, low priority but something to consider

euri10 avatar Jun 14 '22 07:06 euri10

I don't agree with the "low priority" assessment. This is a blatant violation of the http specification and more and more (standards compliant) http clients break just by using them with their default settings.

ChristianCiach avatar Sep 07 '22 12:09 ChristianCiach

PR welcome.

Kludex avatar Sep 07 '22 12:09 Kludex

The existence of a PR has nothing to do with the priority assessment. In fact, giving this issue a higher priority may incentivize people to actually fix this issue. Saying that this violation of the http spec is "low prio" is more a statement about the level of professionalism of this software, or the lack thereof.

For the record: Yes, I would try to fix this myself, but you have to realize that not every user of your product is a software developer that uses the language that your software is written in. I am fluent in Java and Go, but I cannot fix python code. Or at least not at a level that you would ever consider to accept contributions.

ChristianCiach avatar Sep 07 '22 13:09 ChristianCiach

Locking the issue as I'm not liking the tone of the reporter.

PR is still welcome. 🙏

If no one implements it, I will, at some point, on my free time (unpaid free time).

Kludex avatar Sep 07 '22 13:09 Kludex

omg, happy to come back to see your fluency in being a total asshat @ChristianCiach raising the issue as high priority :+1: !

euri10 avatar Sep 09 '22 10:09 euri10

  • Closed by #1661

It will be available on uvicorn 0.19.0.

Kludex avatar Oct 19 '22 06:10 Kludex