http2: initial support for originSet #17935
Conversation
nodejs-github-bot
added
dont-land-on-v4.x
http2
|
Ping @nodejs/http2 |
lib/internal/http2/core.js
Outdated
|
|
||
| get originSet() { | ||
| return this[kState].originSet ? | ||
| Array.from(this[kState].originSet) : undefined; |
There was a problem hiding this comment.
This property's name implies a Set instance yet this returns an Array.
There was a problem hiding this comment.
The origin set terminology is adopted from the ORIGIN frame spec. It is a bit confusing. Do you have a suggested alternative?
There was a problem hiding this comment.
The name is great; I'm just wondering if it could return the Set (or clone thereof).
There was a problem hiding this comment.
"Origin Set" is the name within the spec, I don't think that should determine whether we use Array or Set as the data structure. I don't know if we have any APIs that currently return a Set, I would keep as is.
There was a problem hiding this comment.
Returning a Set may imply that it's mutable by the user, which is not the case. Yes, an Array is still mutable, but the property returns a new Array instance on every call. I'd prefer to keep the name and the array return.
doc/api/http2.md
Outdated
| --> | ||
|
|
||
| Value will be `undefined` if the `Http2Session` is not yet connected to a | ||
| socket, `h2c` if the `Http2Session` is not connected to a `TLSSocket`, or |
There was a problem hiding this comment.
h2c === HTTP/2 over plain text. I'm using it generically because, typically, when using a plain text connection, there's no alpnProtocol property we can use to source it. So if the socket is not a TLSSocket, we assume it's plain text.
lib/internal/http2/core.js
Outdated
| this[kAlpnProtocol] = socket.alpnProtocol; | ||
| this[kEncrypted] = true; | ||
| const origin = | ||
| (new URL(`https://${socket.servername}:${socket.remotePort}`)).origin; |
There was a problem hiding this comment.
Can we avoid parsing a URL for every connected socket?
There was a problem hiding this comment.
To my knowlege sockets can be also connected via Unix Domain sockets/windows pipes. There is no remotePort in that case.
There was a problem hiding this comment.
Good point. In those cases, there won't be a proper initial origin. I'll update to account for that.
There was a problem hiding this comment.
@mcollina ... the ORIGIN spec is pretty clear that the origin must be a validly serialized ASCII-origin, which means our servername must be a pct-encoded ASCII host. The spec also requires that the SNI servername is used to construct the origin. I can see if we can make this more efficient, but I don't think we can completely avoid this.
We could potentially defer the parse such that it occurs the first time the originSet property getter is accessed.
There was a problem hiding this comment.
We would potentially defer the parse such that it occurs the first time the originSet property getter is accessed.
I like that idea. 👍
There was a problem hiding this comment.
the ORIGIN spec is pretty clear that the origin must be a validly serialized ASCII-origin, which means our servername must be a pct-encoded ASCII host. The spec also requires that the SNI servername is used to construct the origin. I can see if we can make this more efficient, but I don't think we can completely avoid this.
I'm guessing we do not need to generate a new string and then parse it to generate a new pct-encoded ASCII host.
We could potentially defer the parse such that it occurs the first time the originSet property getter is accessed.
+1 with this approach.
There was a problem hiding this comment.
Unfortunately, as far as I know, the servername isn't guaranteed to be ASCII or percent encoded so we need to at least pass that through.
There was a problem hiding this comment.
Unfortunately, as far as I know, the servername isn't guaranteed to be ASCII or percent encoded so we need to at least pass that through.
can that be cached and filled in from the server?
lib/internal/http2/core.js
Outdated
| this[kEncrypted] = true; | ||
| const origin = | ||
| (new URL(`https://${socket.servername}:${socket.remotePort}`)).origin; | ||
| this[kState].originSet = new Set([origin]); |
There was a problem hiding this comment.
Can you please add a TODO here that the Set will be used by the ORIGIN frame support?
lib/internal/http2/core.js
Outdated
|
|
||
| get originSet() { | ||
| return this[kState].originSet ? | ||
| Array.from(this[kState].originSet) : undefined; |
There was a problem hiding this comment.
"Origin Set" is the name within the spec, I don't think that should determine whether we use Array or Set as the data structure. I don't know if we have any APIs that currently return a Set, I would keep as is.
| assert(client.encrypted); | ||
| assert.strictEqual(client.alpnProtocol, 'h2'); | ||
| const originSet = client.originSet; | ||
| assert(originSet); |
There was a problem hiding this comment.
Can this be assert(Array.isArray(originSet))?
| assert(stream.session.encrypted); | ||
| assert(stream.session.alpnProtocol, 'h2'); | ||
| const originSet = stream.session.originSet; | ||
| assert(originSet); |
There was a problem hiding this comment.
Can this be assert(Array.isArray(originSet))?
lib/internal/http2/core.js
Outdated
| } | ||
|
|
||
| get originSet() { | ||
| return this[kState].originSet ? |
There was a problem hiding this comment.
Can we just check this[kEncrypted] here? It's slightly more efficient.
| @@ -717,6 +719,17 @@ function setupHandle(socket, type, options) { | |||
|
|
|||
| this[kHandle] = handle; | |||
|
|
|||
| if (socket.encrypted) { | |||
| this[kAlpnProtocol] = socket.alpnProtocol; | |||
| this[kEncrypted] = true; | |||
There was a problem hiding this comment.
Should we define these on the initial class (as undefined) to avoid thrashing of the hidden class? (Maybe originSet too, on kState.)
jasnell
force-pushed
the
http2-originset
branch
from
c48aeaa
to
3c18eda
Compare
|
Updated. |
lib/internal/http2/core.js
Outdated
| if (originSet === undefined) { | ||
| const socket = this[kSocket]; | ||
| originSet = new Set(); | ||
| if (socket.servername != null) { |
|
CI is good, but build bots failed on arm. running again https://ci.nodejs.org/job/node-test-commit-arm/12895/ |
lib/internal/http2/core.js
Outdated
| let originSet = this[kState].originSet; | ||
| if (originSet === undefined) { | ||
| const socket = this[kSocket]; | ||
| originSet = new Set(); |
There was a problem hiding this comment.
Should this be stored on this[kState]?
There was a problem hiding this comment.
heh. looks like an edit didn't get saved.
| <!-- YAML | ||
| added: REPLACEME | ||
| --> | ||
|
|
There was a problem hiding this comment.
There should be a type annotation here, like
* {string|undefined}Ditto below.
doc/api/http2.md
Outdated
| @@ -388,6 +392,8 @@ A prototype-less object describing the current local settings of this | |||
| added: REPLACEME | |||
| --> | |||
|
|
|||
| * Value: {Array|undefined} | |||
jasnell
force-pushed
the
http2-originset
branch
from
34487a0
to
073e5ea
Compare
Add new properties to `Http2Session` to identify alpnProtocol, and indicator about whether the session is TLS or not, and initial support for origin set (preparinng for `ORIGIN` frame support and the client-side `Pool` implementation. The `originSet` is the set of origins for which an `Http2Session` may be considered authoritative. Per the `ORIGIN` frame spec, the originSet is only valid on TLS connections, so this is only exposed when using a `TLSSocket`.
jasnell
force-pushed
the
http2-originset
branch
from
073e5ea
to
816964a
Compare
PR-URL: #17935 Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: Sebastiaan Deckers <sebdeckers83@gmail.com> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Add new properties to `Http2Session` to identify alpnProtocol, and indicator about whether the session is TLS or not, and initial support for origin set (preparinng for `ORIGIN` frame support and the client-side `Pool` implementation. The `originSet` is the set of origins for which an `Http2Session` may be considered authoritative. Per the `ORIGIN` frame spec, the originSet is only valid on TLS connections, so this is only exposed when using a `TLSSocket`. PR-URL: #17935 Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: Sebastiaan Deckers <sebdeckers83@gmail.com> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
|
Landed in b25b1ef and 060babd |
Add new properties to `Http2Session` to identify alpnProtocol, and indicator about whether the session is TLS or not, and initial support for origin set (preparinng for `ORIGIN` frame support and the client-side `Pool` implementation. The `originSet` is the set of origins for which an `Http2Session` may be considered authoritative. Per the `ORIGIN` frame spec, the originSet is only valid on TLS connections, so this is only exposed when using a `TLSSocket`. PR-URL: nodejs#17935 Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: Sebastiaan Deckers <sebdeckers83@gmail.com> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Add new properties to `Http2Session` to identify alpnProtocol, and indicator about whether the session is TLS or not, and initial support for origin set (preparinng for `ORIGIN` frame support and the client-side `Pool` implementation. The `originSet` is the set of origins for which an `Http2Session` may be considered authoritative. Per the `ORIGIN` frame spec, the originSet is only valid on TLS connections, so this is only exposed when using a `TLSSocket`. Backport-PR-URL: #18050 PR-URL: #17935 Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: Sebastiaan Deckers <sebdeckers83@gmail.com> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Notable change:
* async_hooks:
- deprecate AsyncHooks Sensitive API and runInAsyncIdScope. Neither
API were documented. (Andreas Madsen)
#16972
* deps:
- update nghttp2 to 1.29.0 (James M Snell)
#17908
- upgrade npm to 5.6.0 (Kat Marchán)
#17535
- cherry-pick 50f7455 from upstream V8 (Michaël Zasso)
#16591
* events:
- remove reaches into _events internals (Anatoli Papirovski)
#17440
* http:
- add rawPacket in err of `clientError` event (XadillaX)
#17672
* http2:
- implement maxSessionMemory (James M Snell)
#17967
- add initial support for originSet (James M Snell)
#17935
- add altsvc support (James M Snell)
#17917
- perf_hooks integration (James M Snell)
#17906
* net:
- remove Socket.prototype.write (Anna Henningsen)
#17644
- remove Socket.prototype.listen (Ruben Bridgewater)
#13735
* repl:
- show lexically scoped vars in tab completion (Michaël Zasso)
#16591
* stream:
- rm {writeable/readable}State.length (Calvin Metcalf)
#12857
- add flow and buffer properties to streams (Calvin Metcalf)
#12855
* util:
- allow wildcards in NODE_DEBUG variable (Tyler)
#17609
* zlib:
- add ArrayBuffer support (Jem Bezooyen)
#16042
* Addedew collaborator**
- [starkwang](https://github.com/starkwang) Weijia Wang
* Addedew TSC member**
- [danbev](https://github.com/danbev) Daniel Bevenius
PR-URL: #18069
Add new properties to `Http2Session` to identify alpnProtocol, and indicator about whether the session is TLS or not, and initial support for origin set (preparinng for `ORIGIN` frame support and the client-side `Pool` implementation. The `originSet` is the set of origins for which an `Http2Session` may be considered authoritative. Per the `ORIGIN` frame spec, the originSet is only valid on TLS connections, so this is only exposed when using a `TLSSocket`. Backport-PR-URL: #18050 PR-URL: #17935 Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: Sebastiaan Deckers <sebdeckers83@gmail.com> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Notable change:
* async_hooks:
- deprecate AsyncHooks Sensitive API and runInAsyncIdScope. Neither
API were documented. (Andreas Madsen)
#16972
* deps:
- update nghttp2 to 1.29.0 (James M Snell)
#17908
- upgrade npm to 5.6.0 (Kat Marchán)
#17535
- cherry-pick 50f7455 from upstream V8 (Michaël Zasso)
#16591
* events:
- remove reaches into _events internals (Anatoli Papirovski)
#17440
* http:
- add rawPacket in err of `clientError` event (XadillaX)
#17672
* http2:
- implement maxSessionMemory (James M Snell)
#17967
- add initial support for originSet (James M Snell)
#17935
- add altsvc support (James M Snell)
#17917
- perf_hooks integration (James M Snell)
#17906
- Refactoring and cleanup of Http2Session and Http2Stream destroy
(James M Snell) #17406
* net:
- remove Socket.prototype.write (Anna Henningsen)
#17644
- remove Socket.prototype.listen (Ruben Bridgewater)
#13735
* repl:
- show lexically scoped vars in tab completion (Michaël Zasso)
#16591
* stream:
- rm {writeable/readable}State.length (Calvin Metcalf)
#12857
- add flow and buffer properties to streams (Calvin Metcalf)
#12855
* util:
- allow wildcards in NODE_DEBUG variable (Tyler)
#17609
* zlib:
- add ArrayBuffer support (Jem Bezooyen)
#16042
* Addedew collaborator**
- [starkwang](https://github.com/starkwang) Weijia Wang
* Addedew TSC member**
- [danbev](https://github.com/danbev) Daniel Bevenius
PR-URL: #18069
Notable change:
* async_hooks:
- deprecate AsyncHooks Sensitive API and runInAsyncIdScope. Neither
API were documented. (Andreas Madsen)
#16972
* deps:
- update nghttp2 to 1.29.0 (James M Snell)
#17908
- upgrade npm to 5.6.0 (Kat Marchán)
#17535
- cherry-pick 50f7455 from upstream V8 (Michaël Zasso)
#16591
* events:
- remove reaches into _events internals (Anatoli Papirovski)
#17440
* http:
- add rawPacket in err of `clientError` event (XadillaX)
#17672
* http2:
- implement maxSessionMemory (James M Snell)
#17967
- add initial support for originSet (James M Snell)
#17935
- add altsvc support (James M Snell)
#17917
- perf_hooks integration (James M Snell)
#17906
- Refactoring and cleanup of Http2Session and Http2Stream destroy
(James M Snell) #17406
* net:
- remove Socket.prototype.write (Anna Henningsen)
#17644
- remove Socket.prototype.listen (Ruben Bridgewater)
#13735
* repl:
- show lexically scoped vars in tab completion (Michaël Zasso)
#16591
* stream:
- rm {writeable/readable}State.length (Calvin Metcalf)
#12857
- add flow and buffer properties to streams (Calvin Metcalf)
#12855
* util:
- allow wildcards in NODE_DEBUG variable (Tyler)
#17609
* zlib:
- add ArrayBuffer support (Jem Bezooyen)
#16042
* Addedew collaborator**
- [starkwang](https://github.com/starkwang) Weijia Wang
* Addedew TSC member**
- [danbev](https://github.com/danbev) Daniel Bevenius
PR-URL: #18069
Backport-PR-URL: nodejs#18050 PR-URL: nodejs#17935 Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: Sebastiaan Deckers <sebdeckers83@gmail.com> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Add new properties to `Http2Session` to identify alpnProtocol, and indicator about whether the session is TLS or not, and initial support for origin set (preparinng for `ORIGIN` frame support and the client-side `Pool` implementation. The `originSet` is the set of origins for which an `Http2Session` may be considered authoritative. Per the `ORIGIN` frame spec, the originSet is only valid on TLS connections, so this is only exposed when using a `TLSSocket`. Backport-PR-URL: nodejs#18050 PR-URL: nodejs#17935 Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: Sebastiaan Deckers <sebdeckers83@gmail.com> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Add new properties to `Http2Session` to identify alpnProtocol, and indicator about whether the session is TLS or not, and initial support for origin set (preparinng for `ORIGIN` frame support and the client-side `Pool` implementation. The `originSet` is the set of origins for which an `Http2Session` may be considered authoritative. Per the `ORIGIN` frame spec, the originSet is only valid on TLS connections, so this is only exposed when using a `TLSSocket`. Backport-PR-URL: #18050 Backport-PR-URL: #20456 PR-URL: #17935 Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: Sebastiaan Deckers <sebdeckers83@gmail.com> Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
In preparation for client side connection
PoolandORIGINframe support, introduce new properties onHttp2Sessionto identify if the session is secure, provide thealpnProtocolidentifier, and generate the initialoriginSet.Includes a fix to tls_wrap where the SNI servername was not being set on the client side.
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passesAffected core subsystem(s)
http2, tls