New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Puma treats the HTTP protocol version as an header, loses track of real protocol version when there is a client-provided header named 'version' #2870
Comments
Thanks for the report. Interesting, in that a version header is somewhat odd in terms of mention of it in recent documents. Regardless, changing the following line: Line 402 in 6481347
to http_11 = env.fetch(HTTP_VERSION, '').start_with? HTTP_11 seems to fix the issue you've provided? |
@MSP-Greg that should be a clever and quick way to fix the wrong protocol on response. There is also the problem with the missing/bogus 'version' header when it is client-provided. I think the best way would be having another env 'PROTOCOL_VERSION' for the HTTP protocol version, and then using the HTTP_ prefix strictly for the request headers. |
Obviously, the response protocol should not be changed to HTTP/1.0. But as to changes to header handling, not sure what to do. Maybe others have stronger opinions, but given that specs are non-existent or vague... |
(Puma newbie so apologies in advance if my suggestions are very misguided :-) I'm curious what the rationale is for using AIUI both options would however break compatibility for anyone who is relying on At any rate, I think the immediate fix suggested above makes sense — it would at least avoid a very confusing failure mode, as messing with the protocol version causes problems with upstream/downstream elements in the request processing chain. |
As the linked issue indicates, |
Describe the bug
Puma treats the HTTP protocol version as an header and if there is a client-provided header named 'version' Puma adds the two values, later Puma uses this value when matching which protocol to respond, having now a bogus value it will always fallback to HTTP/1.0.
There is a related issue that was closed:
Issue 1565 - Requests to Puma hanging due to issues with Keep-Alive, Content-Length, and HTTP_VERSION headers
And this comment pretty much sums what is happening
#1565 (comment)
The related Rack issue was fixed on the 3.0.0 version rack/rack#1691
Puma config:
NA
To Reproduce
Start puma hello.ru server.
Test without version header - Puma responds with HTTP/1.1:
Test with version header - Puma responds with HTTP/1.0:
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: