Provide better control over which HTTP protocols are enabled

Over cleartext TCP the `protocols` option lists the enabled protocols. The default is to allow both HTTP/1.1 and HTTP/2. Over TLS the default protocol to use when ALPN is not used can now be configured via the `alpn_default_protocol` option. Performing an HTTP/1.1 upgrade to HTTP/2 over TLS is now rejected with an error as connecting to HTTP/2 over TLS requires the use of ALPN (or that HTTP/2 be the default when connecting over TLS).
author: Loïc Hoguin <[email protected]> 2025-02-10 15:26:00 +0100
committer: Loïc Hoguin <[email protected]> 2025-02-10 15:26:00 +0100
commit: 053e233c5634ede60dec6c2c261a5729dae1abc4 (patch)
tree: bb4ffb0be63cea405a43ed7e6048dd0008c9e876 /doc/src
parent: 971684788d991d98fc86e84d061a52809df76e2b (diff)
download: cowboy-053e233c5634ede60dec6c2c261a5729dae1abc4.tar.gz
cowboy-053e233c5634ede60dec6c2c261a5729dae1abc4.tar.bz2
cowboy-053e233c5634ede60dec6c2c261a5729dae1abc4.zip
2 files changed, 30 insertions, 0 deletions
diff --git a/doc/src/manual/cowboy_http.asciidoc b/doc/src/manual/cowboy_http.asciidoc
index aff9f1b..96a5585 100644
--- a/doc/src/manual/cowboy_http.asciidoc
+++ b/doc/src/manual/cowboy_http.asciidoc
@@ -18,6 +18,7 @@ as a Ranch protocol.
 ----
 opts() :: #{
     active_n                   => pos_integer(),
+    alpn_default_protocol      => http | http2,
     chunked                    => boolean(),
     connection_type            => worker | supervisor,
     dynamic_buffer             => false | {pos_integer(), pos_integer()},
@@ -36,6 +37,7 @@ opts() :: #{
     max_method_length          => non_neg_integer(),
     max_request_line_length    => non_neg_integer(),
     max_skip_body_length       => non_neg_integer(),
+    protocols                  => [http | http2],
     proxy_header               => boolean(),
     request_timeout            => timeout(),
     reset_idle_timeout_on_send => boolean(),
@@ -63,6 +65,12 @@ values reduce the number of times Cowboy need to request more
 packets from the port driver at the expense of potentially
 higher memory being used.
 
+alpn_default_protocol (http)::
+
+Default protocol to use when the client connects over TLS
+without ALPN. Can be set to `http2` to disable HTTP/1.1
+entirely.
+
 chunked (true)::
 
 Whether chunked transfer-encoding is enabled for HTTP/1.1 connections.
@@ -156,6 +164,13 @@ max_skip_body_length (1000000)::
 Maximum length Cowboy is willing to skip when the user code did not read the body fully.
 When the remaining length is too large or unknown Cowboy will close the connection.
 
+protocols ([http2, http])::
+
+Protocols that may be used when the client connects over
+cleartext TCP. The default is to allow both HTTP/1.1 and
+HTTP/2. HTTP/1.1 and HTTP/2 can be disabled entirely by
+omitting them from the list.
+
 proxy_header (false)::
 
 Whether incoming connections have a PROXY protocol header. The
diff --git a/doc/src/manual/cowboy_http2.asciidoc b/doc/src/manual/cowboy_http2.asciidoc
index 971dcb8..7b34b88 100644
--- a/doc/src/manual/cowboy_http2.asciidoc
+++ b/doc/src/manual/cowboy_http2.asciidoc
@@ -18,6 +18,7 @@ as a Ranch protocol.
 ----
 opts() :: #{
     active_n                       => pos_integer(),
+    alpn_default_protocol          => http | http2,
     connection_type                => worker | supervisor,
     connection_window_margin_size  => 0..16#7fffffff,
     connection_window_update_threshold => 0..16#7fffffff,
@@ -46,6 +47,7 @@ opts() :: #{
     max_stream_buffer_size         => non_neg_integer(),
     max_stream_window_size         => 0..16#7fffffff,
     preface_timeout                => timeout(),
+    protocols                      => [http | http2],
     proxy_header                   => boolean(),
     reset_idle_timeout_on_send     => boolean(),
     sendfile                       => boolean(),
@@ -76,6 +78,12 @@ values reduce the number of times Cowboy need to request more
 packets from the port driver at the expense of potentially
 higher memory being used.
 
+alpn_default_protocol (http)::
+
+Default protocol to use when the client connects over TLS
+without ALPN. Can be set to `http2` to disable HTTP/1.1
+entirely.
+
 connection_type (supervisor)::
 
 Whether the connection process also acts as a supervisor.
@@ -259,6 +267,13 @@ preface_timeout (5000)::
 
 Time in ms Cowboy is willing to wait for the connection preface.
 
+protocols ([http2, http])::
+
+Protocols that may be used when the client connects over
+cleartext TCP. The default is to allow both HTTP/1.1 and
+HTTP/2. HTTP/1.1 and HTTP/2 can be disabled entirely by
+omitting them from the list.
+
 proxy_header (false)::
 
 Whether incoming connections have a PROXY protocol header. The
author	Loïc Hoguin <[email protected]>	2025-02-10 15:26:00 +0100
committer	Loïc Hoguin <[email protected]>	2025-02-10 15:26:00 +0100
commit	053e233c5634ede60dec6c2c261a5729dae1abc4 (patch)
tree	bb4ffb0be63cea405a43ed7e6048dd0008c9e876 /doc/src
parent	971684788d991d98fc86e84d061a52809df76e2b (diff)
download	cowboy-053e233c5634ede60dec6c2c261a5729dae1abc4.tar.gz cowboy-053e233c5634ede60dec6c2c261a5729dae1abc4.tar.bz2 cowboy-053e233c5634ede60dec6c2c261a5729dae1abc4.zip