Hi, I found 2 weird issues with ssl/http2
- I did this test on the public instance and there seems to be a weird request added at the start. In this case we see test1/test2 headers added to the strange 1st request.
addHeader test1: 1
setHeader test2: 2
- on my private instance I don’t see the weird request, but I also don’t see the headers .
Is Firefox and scripting not possible?
That “strange request” is the certificate validation. Yes, firefox scripting is possible though setting headers on HTTP2 requests may not work (should work for IE and Chrome but I’m pretty sure there is an open issue about Firefox header support for HTTP/2).
The reason you see them on the OCSP check is that that is not HTTP/2 so the headers could be added.
Not sure why you don’t see the request on your instance. Are you running the latest Firefox release and also a recent agent?
Just noticed we missed replying to this. I had done this research for another team and posted it for them.
In regards to your question, the other team’s private instance did not have an up to date agent.
With regards to automation, where the base page headers are examined, I guess the solution to the extra request is to look for the 1st request that matches your target URL and then trigger our logic off that request.