8349670: HttpServer: sending interim responses fails after JDK-7026262 #27069
Conversation
|
Hi @SentryMan, welcome to this OpenJDK project and thanks for contributing! We do not recognize you as Contributor and need to ensure you have signed the Oracle Contributor Agreement (OCA). If you have not signed the OCA, please follow the instructions. Please fill in your GitHub username in the "Username" field of the application. Once you have signed the OCA, please let us know by writing If you already are an OpenJDK Author, Committer or Reviewer, please click here to open a new issue so that we can record that fact. Please use "Add GitHub user SentryMan" as summary for the issue. If you are contributing this work on behalf of your employer and your employer has signed the OCA, please let us know by writing |
|
❗ This change is not yet ready to be integrated. |
|
@SentryMan The following label will be automatically applied to this pull request:
When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command. |
SentryMan
force-pushed
the
JDK-8349670
branch
from
3328b10 to
e53c151
Compare
|
@SentryMan Please do not rebase or force-push to an active PR as it invalidates existing review comments. Note for future reference, the bots always squash all changes into a single commit automatically as part of the integration. See OpenJDK Developers’ Guide for more information. |
SentryMan
changed the title
|
/signed |
|
It turns out I had previously signed the OCA but forgot to put my GH username on it. Edit: no wait my OCA does have my GH username on it? |
|
Thank you! Please allow for up to two weeks to process your OCA, although it is usually done within one to two business days. Also, please note that pull requests that are pending an OCA check will not usually be evaluated, so your patience is appreciated! |
bridgekeeper
bot
removed
oca
Webrevs
|
|
Hi @SentryMan, thanks for contributing! The informational response handling looks good, but the upgrades need to be handled differently. If we start treating every request with an Both uses of the The second issue is resource handling. The server keeps a list of all active connections and exchanges. The existing OutputStream classes like |
|
Thank you for taking the time to review.
It does not appear that this is the case. Looking at rfc9110, a server can send other status codes to reject the connection, such as 426 or ignore the header altogether and not upgrade as you say. |
dfuch
left a comment
dfuch
left a comment
There was a problem hiding this comment.
Hi Josiah! Glad to see that the OCA verification finally went through!
It seems to me that this PR addresses two different problems:
- attempting to fix sendResponseHeaders to support sending informational responses (1xx status - a bug fix)
- attempting to add support for switching protocols to the HttpServer (a new functionality)
I believe it would be best to separate these two issues into two different PRs to avoid mixing them up.
I would suggest only addressing 1. in this PR and log an enhancement for 2.
With regard to supporting some way to support upgrading protocols in the HTTP server I believe more discussion will be needed.
best regards, -- daniel
|
ok will move the upgrade stuff to a different pr |
|
I have to say I'm a bit uncomfortable trying to shoe-horn all this functionality into the existing method If we are supporting |
|
@Michael-Mc-Mahon are you suggesting we should add a new API to send informational codes instead, and throw in |
That was my initial expectation. I was expecting a new method like If we're not adding a new API, then I think all the above questions need answers and the spec for sendResponseHeaders updated to spell out how all this functionality would work, with tests showing it. Either way, I think this change needs a CSR. I suppose also the question of whether or not to add a new method depends on to what extent this actually worked (even if it was never intended that it should work) before 7026262 |
103 is for http2, and a lot of clients won't even accept it if the connection is not on http2
alright going back to 101 for a second, there is no difficulty, as the 101 is the final response with the final headers, rather than other codes. I can toss this PR and get back exclusively to 101 if we decide the effects for 100-continue are undesirable.
We removed that behavior from this PR, but while it was in here (4b00588), it worked as expected, the client waited for the manually sent 100 code to send the body and everything. |
@Michael-Mc-Mahon just to give a recap, right now this PR doesn't allow control over 100-continue, it just allows you to send extra superfluous 100 (because the current logic where we auto-send 100 continue before the handler is still intact). It was determined that moving the auto continue logic to when the inputstream is read should be evaluated as a separate issue. |
It works either way, but clearing I feel is unexpected and undesirable |
|
It occurs to me, that there is actually no practical reason for this PR. For the 100-continue case, there are better ways to handle it than For connection upgrades, this PR is also unrelated as besides keeping the inputstream open, it otherwise behaves like other status codes and doesn't require sending 101 and then some other status. |
|
I'm personally OK with adding a new API to send 1xx response. WRT 100 I'm a bit of two minds with how to handle that. We heavily use the HttpServer to test the HttpClient HTTP/1.1 stack. In the Httpclient, we wanted to test that if the server didn't send 100, the client would send the body after a reasonable timeout. Then we wanted to test that the 100 would be ignored if it came after the client had started to send the body. We also wanted to test that additional 100 would be ignored. |
Adding auto-send in |
The way we would do this with our HTTP/2 test server is to consume the first byte of the request body before sending 100, so as not send 100 before having received the first byte of the body. |
That is invalid. The whole purpose is to enable the client to avoid sending the request body until the 100 Continue is received (i.e all headers validated by the handler). |
they're testing the client not the server, but it is a bit strange indeed since the client is already in the process of sending the body.
You can send 1xx codes today with sendResponseHeaders, the only caveat is that you can't read the InputStream anymore. |
Well - this HTTP/2 server is a test server - and it's useful to be able to do "invalid" things in order to test how the client reacts. And note that this is not strictly invalid, since from the client standpoint - it looks exactly the same as if the handling of the request had been delayed on the server side. The client has no way to know that the server has consumed the first byte. |
|
In any case, no matter what option we go with to support 100-continue the automatic sending logic present now will have to be moved/modified as adding a new method doesn't change the fact that 100-continue is being sent before handlers are called. Perhaps we should focus more on that part before we add new methods that don't actually change the situation |
True. But it would at least allow us to test that status code |
you can do this now: |
|
@dfuch it is invalid in the client, the client if it sets the Expect 100-Continue should not send the body until it receives the 100 Continue. See the rfc. |
okay they should but the rfc also allows for the client to send the body before receiving 100 because servers might ignore the Expect header |
|
@SentryMan you are correct. The rfc confirms it - sorry for the noise @dfuch |
You mean - with the changes in your PR? Because without these changes I suspect you might have to pass 0, not -1. So pretend that there is a body of unknown length. |
without the changes it's treated like a response without a body, so 0/-1 doesn't matter as it will be overridden |
Possibly. If we are agreed that 100 Continue is the only potential practical use case for this (other than 101 which is out of scope), then we definitely don't need a new method at this time, and we then need to ask what point is there in sending a 100 Continue considering that the server already handles it. Is there a use case for allowing the user to send it separately? If not, I'm questioning the benefit of allowing it. As I said from the start, this was never intended to be supported in the initial implementation and my first thought was just to disallow it formally. |
|
If we're not going to allow |
as the PR stands now, even that is no longer relevant, because of the auto-send. We are in one accord then that this PR implementation does not have anything of worth.
Given that the server automatically sends 100-Continue without allowing the handler to validate if the body should be sent, I think we should make a different PR delaying the auto send until
I'm amenable to banning 100 (because the server handles it) and 103 (needs http2), but once again I ask for a discussion on http 101 before we proceed to say that all 1xx codes are not accepted. I've created #27751 for review and a place to discuss, would you kindly take a moment to review and voice your concerns? |
|
closing as there are better ways to handle 100-continue |
5 participants
Following the guideline of the last comment on JDK-8349670, resolves the issue where sending a 1xx status code would close the input stream, preventing the server from reading the body.
sendResponseHeaders, the input/output streams will not be closed prematurely.Expect: 100-continueheader is presentProgress
Issue
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/27069/head:pull/27069$ git checkout pull/27069Update a local copy of the PR:
$ git checkout pull/27069$ git pull https://git.openjdk.org/jdk.git pull/27069/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 27069View PR using the GUI difftool:
$ git pr show -t 27069Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/27069.diff
Using Webrev
Link to Webrev Comment