Search code examples
httpprotocolsspdyhttp2

Understanding the value of the header HTTP2-Settings used for http/2 requests and upgrade

I'm writing a simple app to determine if certain websites support http/2.

Based on what I've read in the draft:

https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-http2-07#section-3.2

I should be able to do a get request such as

GET / HTTP/1.1
Host: server.example.com
Connection: Upgrade, HTTP2-Settings
Upgrade: h2c
HTTP2-Settings: <base64url encoding of HTTP/2 SETTINGS payload>

and then if they support http/2 the response should be something like:

 HTTP/1.1 101 Switching Protocols
 Connection: Upgrade
 Upgrade: HTTP/2.0

 [ HTTP/2.0 connection ...

I'm trying to understand exactly what the value of the HTTP2-Settings request header should be.

I'm hoping someone can explain what information should be included with an example.

Solution

  • HTTP/2 has reached the status of official standard.

    You will have very little luck in determining whether websites support HTTP/2 by using the cleartext upgrade mechanism.

    The reason is that browsers don't support this style of upgrade to HTTP/2 (they all prefer using ALPN over TLS), and therefore neither servers do.

    [Disclaimer, I am a Jetty committer and the Jetty HTTP/2 implementor]. For example, Jetty does support this style of upgrade (and even direct HTTP/2), see for example these tests, but we don't deploy it on our own website, https://webtide.com, for the reasons above.

    You don't need to send something in this upgrade SETTINGS frame, you want to only send it if you want to configure the server before it gets a chance to speak back HTTP/2 to you, but typically default values are ok.

    Remember that, as part of the connection preface, the client has to send another SETTINGS frame, which also can be empty or contain configuration parameters. Typically HTTP/2 client APIs such as the Jetty HTTP2Client will allow you to easily configure the SETTINGS frame that is part of the preface, because it's what will be use in both the upgrade mechanism and the ALPN mechanism.

    A minimal, valid value for the HTTP2-Settings header is the empty string:

    GET / HTTP/1.1
Host: host
Connection: Upgrade, HTTP2-Settings
Upgrade: h2c
HTTP2-Settings:
User-Agent: whatever

    Otherwise you need to create a SETTINGS frame payload (only the bytes defined here, and hence without the 9 octet frame header defined here), and then convert those bytes using base64 as defined here.

    For the purpose of your tests, an empty HTTP2-Settings header will do, but as I said, you will most certainly not detecting whether a website supports HTTP/2: your upgrade will fail, but the website may well support HTTP/2 over TLS via ALPN.