Alternate-Protocol is a hop-by-hop header

Google are pushing Alternate-Protocol header to arbitrarily move clients
from HTTP to their experimental and proprietary protocols.

When relayed through a proxy this can cause traffic bifurcation with
side effects ranging from client visible failures, to traffic increase
on the network as proxy caching is bypassed, to security vulnerabilities
or privacy information leaks over the experimental protocol.

Treating the Alternate-Protocol header as a hop-by-hop header only
relevant on client->origin connections we can both prevent the above
issues occuring on networks utilizing a proxy, and also participate in
the protocol exprimentation process ourselves.

diff --git a/src/HttpHeader.cc b/src/HttpHeader.cc
index 607b972155a0b5bd03b3931892a21929aa11c56c..68e1e84799aeb8872695ffef3cf4020b3313ab5b 100644 (file)
--- a/src/HttpHeader.cc
+++ b/src/HttpHeader.cc
@@ -72,6 +72,7 @@ static const HttpHeaderFieldAttrs HeadersAttrs[] = {
     {"Accept-Ranges", HDR_ACCEPT_RANGES, ftStr},
     {"Age", HDR_AGE, ftInt},
     {"Allow", HDR_ALLOW, ftStr},
+    {"Alternate-Protocol", HDR_ALTERNATE_PROTOCOL, ftStr},
     {"Authorization", HDR_AUTHORIZATION, ftStr},       /* for now */
     {"Cache-Control", HDR_CACHE_CONTROL, ftPCc},
     {"Connection", HDR_CONNECTION, ftStr},
@@ -306,6 +307,7 @@ static http_hdr_type ReplyHeadersArr[] = {
 /* hop-by-hop headers */
 static HttpHeaderMask HopByHopHeadersMask;
 static http_hdr_type HopByHopHeadersArr[] = {
+    HDR_ALTERNATE_PROTOCOL,
     HDR_CONNECTION,
     HDR_HTTP2_SETTINGS,
     HDR_KEEP_ALIVE,

diff --git a/src/http/RegisteredHeaders.h b/src/http/RegisteredHeaders.h
index 3891203f80707c57788270eef6e411671ff62079..ce747712819649896daee87eab0405912f9c3459 100644 (file)
--- a/src/http/RegisteredHeaders.h
+++ b/src/http/RegisteredHeaders.h
@@ -13,6 +13,7 @@ typedef enum {
     HDR_ACCEPT_RANGES,                  /**< RFC 7233 */
     HDR_AGE,                            /**< RFC 7234 */
     HDR_ALLOW,                          /**< RFC 7231 */
+    HDR_ALTERNATE_PROTOCOL,             /**< GFE custom header we may have to erase */
     HDR_AUTHENTICATION_INFO,            /**< RFC 2617 */
     HDR_AUTHORIZATION,                  /**< RFC 7235, 4559 */
     HDR_CACHE_CONTROL,                  /**< RFC 7234 */