From ec9d1de5364ce617b09c3c4fe1c3ad2215e55f7b Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Tue, 18 Nov 2014 02:13:39 -0800
Subject: [PATCH] Alternate-Protocol is a hop-by-hop header

Google are pushing Alternate-Protocol header to arbitrarily move clients
from HTTP to their experimental and proprietary protocols.

When relayed through a proxy this can cause traffic bifurcation with
side effects ranging from client visible failures, to traffic increase
on the network as proxy caching is bypassed, to security vulnerabilities
or privacy information leaks over the experimental protocol.

Treating the Alternate-Protocol header as a hop-by-hop header only
relevant on client->origin connections we can both prevent the above
issues occuring on networks utilizing a proxy, and also participate in
the protocol exprimentation process ourselves.
---
 src/HttpHeader.cc            | 2 ++
 src/http/RegisteredHeaders.h | 1 +
 2 files changed, 3 insertions(+)

diff --git a/src/HttpHeader.cc b/src/HttpHeader.cc
index 607b972155..68e1e84799 100644
--- a/src/HttpHeader.cc
+++ b/src/HttpHeader.cc
@@ -72,6 +72,7 @@ static const HttpHeaderFieldAttrs HeadersAttrs[] = {
     {"Accept-Ranges", HDR_ACCEPT_RANGES, ftStr},
     {"Age", HDR_AGE, ftInt},
     {"Allow", HDR_ALLOW, ftStr},
+    {"Alternate-Protocol", HDR_ALTERNATE_PROTOCOL, ftStr},
     {"Authorization", HDR_AUTHORIZATION, ftStr},	/* for now */
     {"Cache-Control", HDR_CACHE_CONTROL, ftPCc},
     {"Connection", HDR_CONNECTION, ftStr},
@@ -306,6 +307,7 @@ static http_hdr_type ReplyHeadersArr[] = {
 /* hop-by-hop headers */
 static HttpHeaderMask HopByHopHeadersMask;
 static http_hdr_type HopByHopHeadersArr[] = {
+    HDR_ALTERNATE_PROTOCOL,
     HDR_CONNECTION,
     HDR_HTTP2_SETTINGS,
     HDR_KEEP_ALIVE,
diff --git a/src/http/RegisteredHeaders.h b/src/http/RegisteredHeaders.h
index 3891203f80..ce74771281 100644
--- a/src/http/RegisteredHeaders.h
+++ b/src/http/RegisteredHeaders.h
@@ -13,6 +13,7 @@ typedef enum {
     HDR_ACCEPT_RANGES,                  /**< RFC 7233 */
     HDR_AGE,                            /**< RFC 7234 */
     HDR_ALLOW,                          /**< RFC 7231 */
+    HDR_ALTERNATE_PROTOCOL,             /**< GFE custom header we may have to erase */
     HDR_AUTHENTICATION_INFO,            /**< RFC 2617 */
     HDR_AUTHORIZATION,                  /**< RFC 7235, 4559 */
     HDR_CACHE_CONTROL,                  /**< RFC 7234 */
-- 
2.47.2