Merge pull request #1863 from Kriechi/disable-h2c

disable h2c upgrades
2024-11-26 18:18:25 +00:00 · 2016-12-17 09:19:48 +13:00 · 2016-12-17 09:19:48 +13:00 · c4929bbc19
commit c4929bbc19
parent cf15a3c3ef 39a8d4dc22
2 changed files with 23 additions and 0 deletions
--- a/mitmproxy/addons/init.py
+++ b/mitmproxy/addons/init.py
@ -12,6 +12,7 @@ from mitmproxy.addons import stickyauth
 from mitmproxy.addons import stickycookie
 from mitmproxy.addons import streambodies
 from mitmproxy.addons import upstream_auth
+from mitmproxy.addons import disable_h2c_upgrade


 def default_addons():
@ -30,4 +31,5 @@ def default_addons():
        serverplayback.ServerPlayback(),
        clientplayback.ClientPlayback(),
        upstream_auth.UpstreamAuth(),
+        disable_h2c_upgrade.DisableH2CleartextUpgrade(),
    ]
--- a/mitmproxy/addons/disable_h2c_upgrade.py
+++ b/mitmproxy/addons/disable_h2c_upgrade.py
@ -0,0 +1,21 @@
+class DisableH2CleartextUpgrade:
+
+    """
+    We currently only support HTTP/2 over a TLS connection. Some clients try
+    to upgrade a connection from HTTP/1.1 to h2c, so we need to remove those
+    headers to avoid protocol errors if one endpoints suddenly starts sending
+    HTTP/2 frames.
+    """
+
+    def process_flow(self, f):
+        if f.request.headers.get('upgrade', '') == 'h2c':
+            del f.request.headers['upgrade']
+            if 'connection' in f.request.headers:
+                del f.request.headers['connection']
+            if 'http2-settings' in f.request.headers:
+                del f.request.headers['http2-settings']
+
+    # Handlers
+
+    def request(self, f):
+        self.process_flow(f)