fix: respect -pr http11 flag by disabling HTTP/2 fallback

[jpirstin]

Summary

Fixes the -pr http11 flag being ignored due to HTTP/2 fallback in retryablehttp-go.

Problem

As described in #2240, when httpx is run with -pr http11, it configures the transport to disable HTTP/2 by setting TLSNextProto to an empty map. However, retryablehttp-go's do.go has a fallback that switches to HTTPClient2 when it encounters malformed HTTP version "HTTP/2" errors, effectively bypassing the explicit HTTP/1.1-only configuration.

Solution

1. retryablehttp-go (PR: feat: add DisableHTTP2Fallback option retryablehttp-go#524): Added DisableHTTP2Fallback option to Options struct that guards the HTTP/2 fallback path.
2. httpx (this PR): Sets DisableHTTP2Fallback = true when Protocol == "http11".

Dependencies

This PR depends on projectdiscovery/retryablehttp-go#524 being merged first. The go.mod currently uses a replace directive pointing to my fork; once the retryablehttp-go PR is merged and released, the replace can be removed.

Fixes #2240

Summary by CodeRabbit

• Improvements

  • HTTP/1.1 protocol handling now enforces strict protocol compliance without attempting automatic HTTP/2 fallback

• Chores

  • Updated HTTP client dependency to use an alternative fork version

[coderabbitai]

Walkthrough

The PR addresses HTTP/1.1 protocol enforcement by configuring DisableHTTP2Fallback on the retryable HTTP client when HTTP/1.1 is explicitly requested, and switches to a forked version of retryablehttp-go that supports this configuration option.

Changes

Cohort / File(s)	Summary
HTTP/1.1 Protocol Configuration common/httpx/httpx.go	Adds conditional logic to set DisableHTTP2Fallback to true on retryable HTTP client options when Options.Protocol equals "http11", preventing unintended HTTP/2 fallback during error recovery.
Dependency Management go.mod	Replaces github.com/projectdiscovery/retryablehttp-go with a forked version github.com/jpirstin/retryablehttp-go at pseudo-version v1.3.7-0.20260216171522-ed815bc09ccf to support the DisableHTTP2Fallback option.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 When HTTP/1.1 is called by name,
No fallback tricks should blur the game,
A forked path taken, flags now respected,
The protocol now truly reflected! 🚀

🚥 Pre-merge checks | ✅ 6

✅ Passed checks (6 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: disabling HTTP/2 fallback to respect the -pr http11 flag, which aligns perfectly with the primary objective of the PR.
Linked Issues check	✅ Passed	The PR successfully implements the solution outlined in issue #2240: setting DisableHTTP2Fallback=true when Protocol='http11' to prevent retryablehttp-go from falling back to HTTP/2 clients.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to fixing issue #2240: the httpx code change respects the http11 flag, and the go.mod replace directive explicitly supports this fix via a retryablehttp-go fork.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into dev

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@go.mod`:
- Around line 182-183: Remove the temporary replace directive that points to the
personal fork (the replace line referencing
github.com/jpirstin/retryablehttp-go) and instead update the require entry for
github.com/projectdiscovery/retryablehttp-go to the official released version
that contains the DisableHTTP2Fallback change from
projectdiscovery/retryablehttp-go#524; ensure the replace line is deleted and
the require version is bumped to the new tag once that release is available so
the code uses the upstream package with DisableHTTP2Fallback.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Replace directive pointing to a personal fork must not be merged.

The replace directive to github.com/jpirstin/retryablehttp-go is appropriate for development/testing, but it must be removed before merging. Once projectdiscovery/retryablehttp-go#524 is released, update the require block (line 35) to the new version that includes DisableHTTP2Fallback and drop this replace.

🤖 Prompt for AI Agents

In `@go.mod` around lines 182 - 183, Remove the temporary replace directive that
points to the personal fork (the replace line referencing
github.com/jpirstin/retryablehttp-go) and instead update the require entry for
github.com/projectdiscovery/retryablehttp-go to the official released version
that contains the DisableHTTP2Fallback change from
projectdiscovery/retryablehttp-go#524; ensure the replace line is deleted and
the require version is bumped to the new tag once that release is available so
the code uses the upstream package with DisableHTTP2Fallback.