Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:111226 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 4008 invoked from network); 28 Jul 2020 19:28:11 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 28 Jul 2020 19:28:11 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 0D76B180541 for ; Tue, 28 Jul 2020 11:24:07 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_NONE autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mo4-p00-ob.smtp.rzone.de (mo4-p00-ob.smtp.rzone.de [81.169.146.217]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Tue, 28 Jul 2020 11:24:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1595960644; s=strato-dkim-0002; d=kelunik.com; h=Cc:To:Subject:Message-ID:Date:From:In-Reply-To:References: X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender; bh=76tsKsb9ng3F0FRf3DE+Ft9UPVKo9Tbs6lvQeOMj+Jc=; b=S2cR15AzD39dCr18rZUKNLMDLDEtafo5NYMqiGOMyP3xKsyZP2+DUc67AyFo7LSVeF 3CKmssBqbpldIKjQUBUArgxQ3EMWxhJDMRqxK6h0aVbXWHa2pb00SBF7jHLieiexDcfs G/NKB1tIfvU1WDxJmdp33ipH5UsFuBdWW4YHS9tP2eHWj+TXyWdAbrYBkUWPdwxPE6OC tvrYedHIbvqMADSfDPHBHlCxN5hcRGCUnT0uKtFqGEs6TtWGXeNDRG49Ggawsoz1erKG aWSJlL+3bd+MPkk7Gafnf46IGEVf1lp33dj6OSS3veHTd1+9VTOfkVTMyJLwD22do/sc uIqg== X-RZG-AUTH: ":IWkkfkWkbvHsXQGmRYmUo9mlsGbEv0XHBzMIJSS+jKTzde5mDb8AaBEcYiVB" X-RZG-CLASS-ID: mo00 Received: from mail-vs1-f52.google.com by smtp.strato.de (RZmta 46.10.5 AUTH) with ESMTPSA id g021aew6SIO4Eaz (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate) for ; Tue, 28 Jul 2020 20:24:04 +0200 (CEST) Received: by mail-vs1-f52.google.com with SMTP id 1so6039490vsl.1 for ; Tue, 28 Jul 2020 11:24:04 -0700 (PDT) X-Gm-Message-State: AOAM531cQplOh6DxgETUH2rWiXzroHGB3rBWFvPHDllsYEGCnos7GWqE DJP8caRQfMOCJEuyMNMrSvIgPQPcd9YwBYWfW8c= X-Google-Smtp-Source: ABdhPJwFMP8pULRJZHdwztHEIrHZHzrdQch6e8/CPBhfdWZz5nLxvPQS0GbSbZ1vEa92gm1kICyIQrjLAvB2exSPDQE= X-Received: by 2002:a05:6102:390:: with SMTP id m16mr21738757vsq.55.1595960643124; Tue, 28 Jul 2020 11:24:03 -0700 (PDT) MIME-Version: 1.0 References: <9d28ade6-1a70-9850-3bc0-64050c0dcbe4@gmail.com> In-Reply-To: Date: Tue, 28 Jul 2020 20:22:13 +0200 X-Gmail-Original-Message-ID: Message-ID: To: Rowan Tommins , Sara Golemon Cc: PHP Internals Content-Type: multipart/alternative; boundary="00000000000035854905ab848bd9" Subject: Re: [PHP-DEV] Re: HTTP/1.1 by default in PHP 8.0 From: me@kelunik.com (Niklas Keller) --00000000000035854905ab848bd9 Content-Type: text/plain; charset="UTF-8" Hey all, > > > Given that it's a very small change, the RFC is probably not necessary, > in > > which case it's not too late, however I'd like some clarification about > > what this actually offers over defaulting to 1.0. > One thing it offers is detecting truncated responses. Servers will often respond without transfer-encoding: chunked / content-length for an HTTP/1.0 request, which leaves connection closure as only indication where the response ends. As we progress to HTTP/3 already, newer implementations might not implement 1.0 at all. If we're compatible with 1.1 already, there's no reason IMO not to advertise and use its features. That's a very reasonable question. The way I see it is this: > > The risk of advertising 1.0 by default is that some software will have been > programmed to outright refuse that protocol version. I don't know of any > recent examples, but this bug report from 2007 was for a SOAP endpoint that > returned 505 Version Not Supported: https://bugs.php.net/bug.php?id=43069 > Notably, Dmitry's patch for that bug made sure the protocol context option > is honoured by ext/soap, but also specifically defaulted it to HTTP/1.1 as > of PHP 5.3. > > The risk of advertising 1.1 by default is that some software will respond > with a more complex response, and trigger some bug in our response parsing. > This was previously the case with detecting "Transfer-Encoding: chunked" > headers, for instance. By advertising 1.0, we may be benefitting from > servers "downgrading" their response. > Do we handle 1XX responses, yet? https://tools.ietf.org/html/rfc7231#section-6.2 > In practice, a large amount of software appears to do neither, and simply > replies with an HTTP/1.1 response to a HTTP/1.0 request. This is why I talk > about "advertising" versions - in practice, the code is always acting as an > HTTP/1.1 client, e.g. sending "Connection: Close", and listening for > Transfer-Encoding, because it's increasingly rare for a server to actually > honour the 1.0 spec. > This is what implementations should do, see https://tools.ietf.org/html/rfc7230#section-2.6 That section also says we should send 1.1, as we support it. Best, Niklas > My main motivation for the change is that if someone was writing the > feature today, I don't think it would occur to them to default to 1.0, and > I think _new_ users would be less surprised at needing to opt into 1.0 than > into 1.1. > > Regards, > -- > Rowan Tommins > [IMSoP] > --00000000000035854905ab848bd9--