From 41312c877352f072d099c98b1fb6b53484241ad9 Mon Sep 17 00:00:00 2001 From: VoidChecksum Date: Sun, 15 Mar 2026 19:30:35 +0100 Subject: [PATCH] fix: respect -pr http11 flag by disabling HTTP/2 fallback When users specify -pr http11 to force HTTP/1.1-only connections, httpx correctly disables HTTP/2 on the primary transport. However, retryablehttp-go's fallback mechanism automatically retries failed HTTP/1.x requests with an HTTP/2 client (HTTPClient2), effectively bypassing the explicit protocol restriction. Disable the HTTP/2 fallback when HTTP/1.1-only mode is requested so the protocol flag is respected throughout the entire request lifecycle, including retries. Fixes projectdiscovery/httpx#2240 --- common/httpx/httpx.go | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/common/httpx/httpx.go b/common/httpx/httpx.go index 039f4c4c..2fb0252e 100644 --- a/common/httpx/httpx.go +++ b/common/httpx/httpx.go @@ -177,11 +177,22 @@ func New(options *Options) (*HTTPX, error) { transport.Proxy = http.ProxyURL(proxyURL) } - httpx.client = retryablehttp.NewWithHTTPClient(&http.Client{ + httpClient := &http.Client{ Transport: transport, Timeout: httpx.Options.Timeout, CheckRedirect: redirectFunc, - }, retryablehttpOptions) + } + httpx.client = retryablehttp.NewWithHTTPClient(httpClient, retryablehttpOptions) + + // When HTTP/1.1-only mode is requested, the retryablehttp-go library still + // has an internal fallback (HTTPClient2) that retries with a native HTTP/2 + // client when it encounters certain error messages about malformed HTTP/2 + // responses. Override that fallback client with the same HTTP/1.1 transport + // so the -pr http11 flag is respected throughout the entire request + // lifecycle, including retries. + if httpx.Options.Protocol == "http11" { + httpx.client.HTTPClient2 = httpClient + } transport2 := &http2.Transport{ TLSClientConfig: &tls.Config{