magento2: ZendClient breaks when receiving an HTTP/2 response

Preconditions (*)

Magento version 2.2.6
a version of Curl that supports HTTP/2 (v 7.43.0 or above)
(optional) CentOS operating system

Steps to reproduce (*)

Make an api request using ZendClient and the Curl adapter to an API endpoint that returns an HTTP/2 response
Receive the error “Invalid header line detected”

Expected result (*)

The api response to be returned successfully without throwing an exception

Actual result (*)

An exception is thrown because the HTTP/2 header format cannot be parsed.

Solution

Alter the regex in Zend_Http_Response, function extractHeaders to properly validate HTTP/2
Line 517: if ($index === 0 && preg_match('#^HTTP/\d+(?:\.\d+) [1-5]\d+#', $line)) { is where string “HTTP/2 200” breaks. The regex should optionally enforce the period since 2.0 was dropped from HTTP/2. Sample fixed regex: ‘#^HTTP/\d+(?:.\d+)? [1-5]\d+#’

About this issue

Original URL
State: closed
Created 6 years ago
Comments: 26 (12 by maintainers)

Most upvoted comments

As suggested by the devs at TaxJar I “fixed” this by modifying magento/zendframework1/library/Zend/Http/Response.php in two places:

Line 185

//if (! preg_match('|^\d\.\d$|', $version)) {
if (! preg_match('|^\d\.\d$|', $version) && $version != 2) {

Line 518

//if ($index === 0 && preg_match('#^HTTP/\d+(?:\.\d+) [1-5]\d+#', $line)) {
if ($index === 0 && preg_match('#^HTTP/\d+(?:\.\d+)? [1-5]\d+#', $line)) {

Two other suggestions provided by TaxJar are

You can downgrade the version of curl you’re using. We’ve had reports that version 7.61.1 works fine.
You can rebuild the Curl package from source without HTTP/2 support.

Message from TaxJar:

The problem seems to be with Magento’s support for HTTP/2. When we have seen this previously, it was related to running a recent version of Curl (7.62+), where HTTP/2 support is enabled by default. Magento’s Zend_Http_Response class can’t handle parsing the HTTP/2 headers and throws the exception “Invalid header line detected”. We’ve reported this issue to Magento and their most recent response said this will be addressed in the Magento release 2.3.1 - https://github.com/magento/magento2/issues/19442

I don’t really get how issue 19442 fixes this though (which modified vendor/magento/framework/HTTP/Adapter/Curl.php). If you were to use \Zend_Http_Client and \Zend_Http_Response directly as TaxJar does the issue still exists. Seems as though it needs to be fixed in magento/zendframework1 (magento/zf1).

+11

Jimgitsit on Mar 13, 2019

Hi All, I’ve got this issue in Magento 2.2.4 instance and below is the workaround I applied. (A dirty fix)

composer.json “autoload”: { … , “files”: [ … , “lib/Zend/Http/Response.php” ] },`

Copy the vendor/magento/zendframework1/library/Zend/Http/Response.php to lib/Zend/Http/Response.php

Edit the following lines. Line No: 517 if ($index === 0 && preg_match('#^HTTP/\d(?:\.\d+)* [1-5]\d+#', $line)) { Line No: 185 if (! preg_match('#^\d|\d(\.\d)*$#', $version)) {

Then Run composer dump-autoload

The issue is Zend_Http_Response doesn’t support HTTP/2. It only support HTTP/1.1.

What I have done here is load the file in lib/Zend/Http/Response.php instead vendor/magento/zendframework1/library/Zend/Http/Response.php and edit the regular expression to accept the HTTP/2.

mudithae on Sep 30, 2019