Skip to content

[pull] master from AdguardTeam:master #426

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pull merged 1 commit into from
Jun 26, 2026
+367 −7
Merged

[pull] master from AdguardTeam:master #426

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,6 @@ NOTE: Add new changes BELOW THIS COMMENT.

- Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in [1.26.4][go-1.26.4].

- The H2C connection establishment via HTTP/1.1 request upgrade is no longer supported. See [RFC 9113][rfc9113].

- The size of rulelists is limited. This is necessary to prevent a user's machine from becoming overloaded if the filter source misbehaves.

### Added
Expand All @@ -40,6 +38,10 @@ NOTE: Add new changes BELOW THIS COMMENT.

- The `filtering` object of the YAML configuration now includes a new property, `max_http_size`, which defines the maximum size of the HTTP request for rulelists. To disable the limitation, set a large size, such as `1 TB`.

### Deprecated

- The h2c connection establishment via HTTP/1.1 request upgrade is deprecated. Use the Prior Knowledge mechanism instead. See [RFC 9113][rfc9113].

### Fixed

- The parsing of the `ech` parameter in DNS rewrite rules for the HTTPS record type ([#8276]).
Expand Down
19 changes: 14 additions & 5 deletions internal/home/web.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,10 @@ import (
"github.com/AdguardTeam/golibs/osutil/executil"
"github.com/NYTimes/gziphandler"
"github.com/quic-go/quic-go/http3"
"golang.org/x/net/http2"

//lint:ignore SA1019 See AGDNS-4111.
"golang.org/x/net/http2/h2c"
)

// TODO(a.garipov): Make configurable.
Expand Down Expand Up @@ -276,16 +280,21 @@ func (web *webAPI) start(ctx context.Context) {

hdlr = web.auth.middleware().Wrap(hdlr)

// Enable unencrypted HTTP/2, e.g. for proxies.
protocols := &http.Protocols{}
protocols.SetUnencryptedHTTP2(true)
protocols.SetHTTP1(true)
// Use an h2c handler to support unencrypted HTTP/2, e.g. for proxies.
//
// NOTE: The auth middleware must be inside the h2c handler to ensure
// it applies to upgraded HTTP/2 connections as well. See AG-51779.
//
// TODO(f.setrakov): Use stdlib HTTP/2 when its compatibility issues are
// resolved.
//
//lint:ignore SA1019 See AGDNS-4111.
hdlr = h2c.NewHandler(hdlr, &http2.Server{})

// Create a new instance, because the Web is not usable after Shutdown.
web.httpServer = &http.Server{
Addr: web.conf.BindAddr.String(),
Handler: hdlr,
Protocols: protocols,
ReadTimeout: web.conf.ReadTimeout,
ReadHeaderTimeout: web.conf.ReadHeaderTimeout,
WriteTimeout: web.conf.WriteTimeout,
Expand Down
Loading
Loading