Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support RFC 8441 WebSocket upgrade with HTTP/2 CONNECT #34362

Open
wants to merge 2 commits into
base: 6.2.x
Choose a base branch
from
Open

Support RFC 8441 WebSocket upgrade with HTTP/2 CONNECT #34362

wants to merge 2 commits into from
+76 −33

Conversation

jazdw
Copy link

@jazdw jazdw commented Feb 3, 2025
edited
Loading

f477c16 which closed #34044 was an incomplete fix. Further changes are necessary to support HTTP/2 CONNECT WebSocket upgrades (RFC 8441).

I have manually tested this PR and the CONNECT WebSocket upgrade works as expected using Jetty 12 EE10.

Link to RFC:
https://datatracker.ietf.org/doc/html/rfc8441

The RFC explicitly says that the Sec-WebSocket-Key header is not required:

Implementations using this extended CONNECT to bootstrap WebSockets
do not do the processing of the Sec-WebSocket-Key and Sec-WebSocket-
Accept header fields of [RFC6455] as that functionality has been
superseded by the :protocol pseudo-header field.

The RFC explicitly says that the Connection and Upgrade headers are not required:

[RFC6455] requires the use of Connection and Upgrade header fields
that are not part of HTTP/2. They MUST NOT be included in the
CONNECT request defined here.

TODO

  • Look into if we need to verify that we are using HTTP/2 and verify the :protocol pseudo-header
  • Fix WebFlux implementation also

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Feb 3, 2025
@rstoyanchev rstoyanchev mentioned this pull request Feb 4, 2025
Closed
@rstoyanchev rstoyanchev self-assigned this Feb 4, 2025
@rstoyanchev rstoyanchev added in: web Issues in web modules (web, webmvc, webflux, websocket) type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Feb 4, 2025
@rstoyanchev rstoyanchev added this to the 6.2.3 milestone Feb 4, 2025
@rstoyanchev rstoyanchev changed the title Fix HTTP/2 CONNECT WebSocket upgrades (RFC 8441) Support RFC 8441 WebSocket upgrade HTTP/2 CONNECT Feb 4, 2025
@rstoyanchev rstoyanchev changed the title Support RFC 8441 WebSocket upgrade HTTP/2 CONNECT Support RFC 8441 WebSocket upgrade with HTTP/2 CONNECT Feb 4, 2025
@rstoyanchev
Copy link
Contributor

@jazdw thanks for testing and sending this. Could you check the DCO instructions on how to sign off your commit and update the PR branch? This is required for us to process this.

About checking for HTTP/2, ServletRequest has a getProtocolVersion() method that we could use, but would have to expose it first through ServerHttpRequest. I don't think that's truly necessary.

@jazdw
Copy link
Author

jazdw commented Feb 5, 2025
edited
Loading

About checking for HTTP/2, ServletRequest has a getProtocolVersion() method that we could use, but would have to expose it first through ServerHttpRequest. I don't think that's truly necessary.

I dug into this a little more, Jetty verifies the :protocol pseudo header internally, see org.eclipse.jetty.websocket.core.server.internal.RFC8441Negotiation#validateHeaders.

https://github.com/jetty/jetty.project/blob/a171ad3a4d46bde2dfcc7cc5803f12f6919088fb/jetty-core/jetty-websocket/jetty-websocket-core-server/src/main/java/org/eclipse/jetty/websocket/core/server/internal/RFC8441Negotiation.java#L31-L37

It also verifies the method is CONNECT and the HTTP version is HTTP/2.0 in org.eclipse.jetty.websocket.core.server.internal.RFC8441Handshaker#isWebSocketUpgradeRequest

https://github.com/jetty/jetty.project/blob/a171ad3a4d46bde2dfcc7cc5803f12f6919088fb/jetty-core/jetty-websocket/jetty-websocket-core-server/src/main/java/org/eclipse/jetty/websocket/core/server/internal/RFC8441Handshaker.java#L35-L47

I am wondering if we should add a supportsRfc8441() method to the RequestUpgradeStrategy? That way we wouldn't attempt the upgrade if we know the implementation doesn't support CONNECT.

@jazdw jazdw marked this pull request as ready for review February 5, 2025 00:56
@rstoyanchev
Copy link
Contributor

I don't mind a dedicated supports check for RFC 8441 as long as it is possible through the Servlet API. Jetty is at a lower level and can perform more checks I suspect.

@jazdw
Copy link
Author

jazdw commented Feb 5, 2025

@rstoyanchev I've pushed another commit, I don't know that it is necessary though. Happy for you to drop the second commit if you are happy with just the first. I've tested it on Jetty 12 EE10 with both GET setConnectProtocolEnabled(false) and CONNECT setConnectProtocolEnabled(true)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@rstoyanchev rstoyanchev

Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: enhancement A general enhancement
Projects
None yet
Milestone
6.2.3
Development

Successfully merging this pull request may close these issues.
3 participants
@jazdw @rstoyanchev @spring-projects-issues