Alternate-Protocol is a hop-by-hop header

Google are pushing Alternate-Protocol header to arbitrarily move clients
from HTTP to their experimental and proprietary protocols.

When relayed through a proxy this can cause traffic bifurcation with
side effects ranging from client visible failures, to traffic increase
on the network as proxy caching is bypassed, to security vulnerabilities
or privacy information leaks over the experimental protocol.

By treating the Alternate-Protocol header as a hop-by-hop header only
relevant on client->origin connections we can both prevent the above
issues occuring on networks utilizing a proxy, and also participate in
the protocol exprimentation process ourselves.

diff --git a/src/HttpHeader.cc b/src/HttpHeader.cc
index 8105063ef48e81741921e9b3f79439bb9d216843..27c4f8535c35d344f51c2b09236847977dd947d1 100644 (file)
--- a/src/HttpHeader.cc
+++ b/src/HttpHeader.cc
@@ -87,6 +87,7 @@ static const HttpHeaderFieldAttrs HeadersAttrs[] = {
     {"Accept-Ranges", HDR_ACCEPT_RANGES, ftStr},
     {"Age", HDR_AGE, ftInt},
     {"Allow", HDR_ALLOW, ftStr},
+    {"Alternate-Protocol", HDR_ALTERNATE_PROTOCOL, ftStr},
     {"Authorization", HDR_AUTHORIZATION, ftStr},       /* for now */
     {"Cache-Control", HDR_CACHE_CONTROL, ftPCc},
     {"Connection", HDR_CONNECTION, ftStr},
@@ -266,6 +267,7 @@ static http_hdr_type RequestHeadersArr[] = {
 
 static HttpHeaderMask HopByHopHeadersMask;
 static http_hdr_type HopByHopHeadersArr[] = {
+    HDR_ALTERNATE_PROTOCOL,
     HDR_CONNECTION, HDR_HTTP2_SETTINGS, HDR_KEEP_ALIVE, /*HDR_PROXY_AUTHENTICATE,*/ HDR_PROXY_AUTHORIZATION,
     HDR_TE, HDR_TRAILER, HDR_TRANSFER_ENCODING, HDR_UPGRADE, HDR_PROXY_CONNECTION
 };

diff --git a/src/HttpHeader.h b/src/HttpHeader.h
index 8681d1aaca020564d88cb977ca5d44a9c2d693e4..c86d17cf1dc46a77f2fe87872bf2a7965f6df744 100644 (file)
--- a/src/HttpHeader.h
+++ b/src/HttpHeader.h
@@ -57,6 +57,7 @@ typedef enum {
     HDR_ACCEPT_RANGES,                  /**< RFC 2608, 2616 */
     HDR_AGE,                            /**< RFC 2608, 2616 */
     HDR_ALLOW,                          /**< RFC 2608, 2616 */
+    HDR_ALTERNATE_PROTOCOL,             /**< GFE custom header we may have to erase */
     /*HDR_ALTERNATES,*/                 /* deprecated RFC 2068, 2295 */
     HDR_AUTHORIZATION,                  /**< RFC 2608, 2616, 4559 */
     HDR_CACHE_CONTROL,                  /**< RFC 2608, 2616 */