What does ERR_SPDY_PROTOCOL_ERROR mean in nginx?

Question

I and a few of my colleagues got the net::ERR_SPDY_PROTOCOL_ERROR error.

We use ngnix version 1.8.0. The error is not stable (hard to replicate), and t

Answer 1

If you're getting

ERR_HTTP2_PROTOCOL_ERROR

OR

ERR_SPDY_PROTOCOL_ERROR

in Chrome or Safari browser by using Nginx Content-Security-Policy, first inspect this issue by accessing chrome hidden interface: chrome://net-internals/#events and selecting "live HTTP/2 sessions" button under HTTP/2 tab.

If you get anything like below as a result against your domain after a refresh:

HTTP2_SESSION_RECV_INVALID_HEADER

--> error = "Invalid character in header name."

You should write CSP header in following method:

add_header Content-Security-Policy "";

This method worked fine for me.

NOTE: White spaces are not allowed in CSP. Use white space to differentiate the policy parameter and its value only. To reproduce this issue in chrome, you can use add_header Content-Security-Policy: ""; which have additional : which will consider as invalid.