Why isn’t my site serving assets via HTTP/2?

Status: unresolved

The front-end chapter of The Ruby on Rails Performance Apocrypha urges us to enable HTTP/2 in our Cloudfront distributions. It turns out HTTP/2 is enabled by default on Cloudfront distributions since around September 2007. Which is neat, we should be taking advantage of it already. So I check that it’s ticked in our distribution (it is) and then load some assets via Firefox. And it says in the header that they’re being served with HTTP/1.1. What the heck. Chrome seems to be happily fetching assets from our Cloudfront distribution over HTTP/2. Why isn’t Firefox?

So I check the CanIUse page on HTTP/2, and it suggests that many browsers (except prominently Safari) only support HTTP/2 when the server is capable of negotiating via ALPN.

It’s not that, since Chrome is working. And it turns out, so is Firefox, if I use an incognito window.

Not storing secrets in your ENV

  • https://blog.nillsf.com/index.php/2020/02/24/dont-use-environment-variables-in-kubernetes-to-consume-secrets/
  • https://diogomonica.com/2017/03/27/why-you-shouldnt-use-env-variables-for-secret-data/
  • https://movingfast.io/articles/environment-variables-considered-harmful/

Things I Read