-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problems getting browser and curl to connect to HTTP/3 server #11417
Comments
Please try Firefox. Chrome has always been extremely difficult to get going, and so far we have not yet understood why. |
@sbordet Will do. Regarding curl, I think even the Jetty client's connection is getting terminated prematurely. It throws:
This is a DEBUG log, not a WARN, so it's possible no one else has noticed this before. |
@sbordet I just tried Firefox. Same issue. It is hitting the server with HTTP/2 instead of HTTP/3. I must be doing something wrong The server is up in case you want to take a look. Let me know if you spot any obvious problems. |
I'm going to dig some more into this tomorrow, but I wanted to mention that if you haven't run across chrome://net-export/ (https://www.chromium.org/for-testers/providing-network-details/) I suggest you take a look. It provides a lot more information about why the browser is not trying to request HTTP/3. For example, they use exponential backoff to avoid hitting "broken" HTTP/3 endpoints too often: https://chromium.googlesource.com/chromium/src/+/HEAD/net/http/broken_alternative_services.h#60 I'm going to try flushing that cache somehow tomorrow and seeing what the new net-export says... Also, I've temporarily moved my HTTP/3 endpoint from port 8443 to 443 (in case you're interested in hitting it)... |
Okay... I figured out what was happening. There are four (!!) separate issues going on.
Background for issue 1
Background for issue 2https://stackoverflow.com/a/72793129/14731 Background for issue 3The only way I found to clear the ALT-SVC cache in Chrome was to use Incognito mode. So here is what I did:
My interpretation is that the first request uses HTTP/2 because it doesn't know if the server uses HTTP/3. The second request doesn't necessarily trust the Firefox also required the use of Incognito mode to clear the
All of this is 100% reproducible, so long as the server does not return a Background for issue 4My website contains a "Sign in with Google" button. Reading their instructions at https://developers.google.com/identity/gsi/web/guides/get-google-api-clientid they write:
But it turns out that if I include this header (even if I set to the default value), it causes the following problem (per chrome://net-export/):
See http3.log for the full log. I can't figure out why this header would cause a problem but it seems to be reproducible on Chrome, Firefox and CURL... so something is going on. Any ideas? |
I filed this bug report against Chrome: https://issues.chromium.org/issues/325808006 though I doubt I will get a response anytime soon. Hopefully someone else has an idea, especially since CURL also doesn't like this header for some reason. |
I worked with the author of I ran Going through the logs on both ends, it looks like Jetty is terminating the connection too soon. It writes a frame containing the response headers but the connection is reset (from curl's point of view) before it gets a chance to read the frame. Here is a quick example. This is Jetty's point of view of what's happening:
and this is curl's point of view:
The interesting bit is that both sides see that 183 bytes are being sent but from curl's point of view, the connection is terminated before it finishes reading it fully. And you know what else is interesting? :) If you compare what was supposed to get sent vs what was received, you'll notice that the connection is terminated immediately before that magical header we talked about: Here are log files with full DEBUG logs on (the above snippet only shows HTTP/3 related events): curl-full-debug.log So to recap: Jetty fails to flush messages fully before terminating the connection. How do we debug this further? |
I've spent a couple more hours today trying to debug this but I've hit a brick wall. It's extremely easy to reproduce the problem using |
Jetty Version
12.0.7-SNAPSHOT using this PR: #11368
Jetty Environment
core
Java Version
openjdk version "21.0.1" 2023-10-17 LTS
OpenJDK Runtime Environment Zulu21.30+15-CA (build 21.0.1+12-LTS)
OpenJDK 64-Bit Server VM Zulu21.30+15-CA (build 21.0.1+12-LTS, mixed mode, sharing)
Question
My server is accepting HTTP/1, HTTPS/1, HTTP/2, and HTTP/3 connections. I am able to connect Jetty's HttpClient to the server's HTTP/3 endpoint just fine, but Chrome and Curl don't work (for different reasons).
Alt-Svc: h3=":8443"; ma=60
but no matter what I do, it never tries hitting the HTTP/3 endpoint... even in subsequent page reloads. Wireshark confirms there is no activity on the UDP port.If I configure Cloudflare to act as a HTTP/3 -> HTTP/2 tunnel then Chrome happily hits Cloudflare's HTTP/3 endpoint. I don't know what "trick" I'm missing to convince the browser to try hitting the HTTP/3 endpoint.
curl --http3 --verbose https://licensed.app:8443/
I get:From the server's perspective, I see my code running
Sink.write(response, true, StandardCharsets.UTF_8.encode(body));
and when this method completes curl gets disconnected unexpectly. Here are the DEBUG logs from the server and the corresponding Wireshark capture:server-logs-for-curl.txt
curl-wireshark.zip
So to recap, I've got two separate problems: one with Chrome and another with
curl
. Let me know if you have any ideas for what I can try next.The text was updated successfully, but these errors were encountered: