You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Because the H2 code has better reuse between server and client, turning on compression currently enables compression, decompression, and negotiation in both directions. However, they are fundamentally asymmetrical, and the defaults should reflect that.
The server should not default to decompressing requests, for both pragmatic and security reasons. Explicit support should be fine, though. Likewise, the client should not default to compressing requests.
Earlier conversation
The h2-compression-handler is about parsing the client's "accept-encoding" header to determine what encoding to return. In theory, this could be symmetrical, and clients could encode their bodies, but for pragmatic and security reasons, client request body encoding isn't a thing, and we should change the code to make it clearer that it's server-only, and prevent misuse. (E.g., rename the keys, update AlephHttp2FrameCodecBuilder to compress or decompress, but not both simultaneously, etc.) You don't have to do that in this PR, though I think maybe I should update the key names before we do a full release of 0.7.0.
About
Because the H2 code has better reuse between server and client, turning on compression currently enables compression, decompression, and negotiation in both directions. However, they are fundamentally asymmetrical, and the defaults should reflect that.
The server should not default to decompressing requests, for both pragmatic and security reasons. Explicit support should be fine, though. Likewise, the client should not default to compressing requests.
Earlier conversation
The
h2-compression-handleris about parsing the client's "accept-encoding" header to determine what encoding to return. In theory, this could be symmetrical, and clients could encode their bodies, but for pragmatic and security reasons, client request body encoding isn't a thing, and we should change the code to make it clearer that it's server-only, and prevent misuse. (E.g., rename the keys, update AlephHttp2FrameCodecBuilder to compress or decompress, but not both simultaneously, etc.) You don't have to do that in this PR, though I think maybe I should update the key names before we do a full release of 0.7.0.Originally posted by @KingMob in #683 (comment)
The text was updated successfully, but these errors were encountered: