Skip to content

Support full HTTP/2 specification - PRI #72

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
pas256 opened this issue Mar 20, 2025 · 2 comments
Open

Support full HTTP/2 specification - PRI #72

pas256 opened this issue Mar 20, 2025 · 2 comments

Comments

@pas256
Copy link

pas256 commented Mar 20, 2025

It seems the HTTP/2 implementation in Thruster is only partially completed. That, or I don't understand enough about it yet, which is entirely possible.

I am seeing this in the logs when trying to make an HTTP/2 connection:

{"time":"2025-03-20T21:12:22.988853435Z","level":"INFO","msg":"Request","path":"*","status":501,"dur":0,"method":"PRI","req_content_length":-1,"req_content_type":"","resp_content_length":27,"resp_content_type":"","remote_addr":"10.31.32.141:57578","user_agent":"","cache":"bypass","query":""}
Unsupported HTTP method used: PRI

A little research tells me that PRI is part of the spec, and that others have run into implementation issues like this too:
See: https://stackoverflow.com/questions/50434269/pri-method-in-http2-implementation-causing-issue

I ran into this by setting an AWS Application Load Balancer (ALB), which is doing TLS termination, to talk to my Rails app using HTTP/2 instead of HTTP/1. Here is the target group config

Image

The workaround is to use HTTP/1 only, but that is somewhat defeating the purpose of Thruster.

So I think (and please correct me if I am wrong) Thruster needs to be updated to accept the PRI method, and then subsequently ignore it.
@le0pard
Copy link
Contributor

le0pard commented Mar 31, 2025
edited
Loading

Looks like by default golang http library activate HTTP/2 only over HTTPS. For plain HTTP not active unencrypted HTTP/2. To make thruster works by HTTP/2 without TLS certs (which looks like handled by aws load balancer instead of thruster) you need add hacks in golang server code:

thruster/internal/server.go

Lines 104 to 111 in 5f38465

func (s *Server) defaultHttpServer(addr string) *http.Server {
return &http.Server{
Addr: addr,
IdleTimeout: s.config.HttpIdleTimeout,
ReadTimeout: s.config.HttpReadTimeout,
WriteTimeout: s.config.HttpWriteTimeout,
}
}

should be like this, so server start working by unencrypted HTTP/2

// Configure the HTTP server with h2c support
protocols := new(http.Protocols)
protocols.SetHTTP1(true)
protocols.SetUnencryptedHTTP2(true) // Enable h2c support
protocols.SetHTTP2(true)

return &http.Server{
	Addr:         addr,
	IdleTimeout:  s.config.HttpIdleTimeout,
	ReadTimeout:  s.config.HttpReadTimeout,
	WriteTimeout: s.config.HttpWriteTimeout,
        Protocols: protocols,
}

Maybe option to activate h2c should be available by config variable or env variable for thruster (not sure that this can be secure default - https://www.assetnote.io/resources/research/h2c-smuggling-in-the-wild )

Image

@pas256
Copy link
Author

pas256 commented Apr 1, 2025

Oh wow, these are related? Who knew?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pas256 @le0pard