nginx · Server

Fix ERR_SPDY_PROTOCOL_ERROR nginx error on Chrome


There is a nefarious error on nginx that in rare cases can throw an ERR_SPDY_PROTOCOL_ERROR for the users of Chrome.

TLDR: Check your nginx add_headers directives for invalid characters within any HTTP2 server configurations.

I call this out as attempting to troubleshoot it online can lead you down a rabbit hole of old and misinformation. More so now that the SPDY protocol is neither supported on the Chrome browser and nginx servers.

Take the following nginx configuration.

server {
    listen 80;
    server_name www.example.site example.site;
    location / {
        add_header Strict-Transport-Security: "max-age=31536000; includeSubDomains";
        root /var/www/example.site/;
    }
}
server {
    listen 443 ssl http2;
    server_name www.example.site example.site;
    location / {
        add_header Strict-Transport-Security: "max-age=31536000; includeSubDomains";
        root /var/www/example.site/;
    }
}

It will work correctly in Firefox in both with HTTP, HTTPS and Chrome over HTTP.

But it will fail in Chrome over HTTPS.

The problem is there are technically malformed headers in this nginx configuration, and the error only occurs in Chrome over the HTTP2 protocol.

The Strict-Transport-Security headers are copied and modified from an example on MDN, and it is invalid when included in the nginx add_header directive because of the appended colon to the header type.

Strict-Transport-Security: max-age=31536000; includeSubDomains

MDN HSTS Example

To fix the error remove the offending punctuation colon after Strict-Transport-Security.

server {
    listen 443 ssl http2;
    server_name www.example.site example.site;
    location / {
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
        root /var/www/example.site/;
    }
}

Reload nginx.

nginx -s reload

And the ERR_SPDY_PROTOCOL_ERROR in Chrome will go away!

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s