Search code examples
node.jshttpnetwork-programmingbackendhttp2

Why web servers still use http 1.1 instead of http 2?

As a little bit of background, I just finished bootcamp and started going deeper into network and web server in general.

After reading through some information regarding OSI model, TCP/IP model, and about HTTP, I found out there's sort of a gap between these theoratical knowledge versus what I do in real life.

For instance, I built several projects with server running on node.js. It was until very recent I found them running on HTTP 1.1.

All of tutorial course, or other examples I saw utilize HTTP 1.1 instead of HTTP 2.

In theory, HTTP2 does a better job at handling larger amount of data and it is indeed more secure than HTTP 1.1.

Despite several shortcomings, it seems as though http2 is advanced form of http and have matured over past years.

I have hard time understanding why server language (or runtime in case of node.js) still use HTTP 1.1 instead of 2.

Can anyone explain?

Solution

  • TL;DR

    Many people are not aware of the new change. Alternatively, some people are not affected by these changes that you have mentioned and do not see the need to rewrite their code (especially when HTTP 3.0 is in the works).


    Take IP addresses for example. IPv6 has been out for a while, and while some people use it, 65% of the internet uses the old technology, IPv4. This is because the old technology works perfectly, and many systems are ancient.

    (For reference, here is Google's usage graph of IPv6).

    Now, in your case, HTTP 2 vs HTTP 1. Many people don't even know that http2 is out. On my part, I use the standard HTTP module out of convenience. The security flaws you mention do not affect a large amount of people, and with HTTP 3 coming out, why would people switch? I, for one, am going to wait for HTTP 3. However, as time goes on, more and more people will start to adopt the HTTP 2 standards.

    Also, as many people have noticed, their is a big difference between theory and what you called "real life usage". An example of this is Axios, a major request module for the Node.js ecosystem. It is practically unmaintained, has several major issues noted here that don't seem like they will ever be fixed, the build is failing, and has 222 issues that start in 2015, yet at the time I am writing this, 16,434,719 people download it a week. Many people don't see those issues without investigating completely, or the bugs do not effect their usage.