Hi, Checking RFC 7540 once again, it looks clear that while clients *SHOULD* use :authority instead of Host, this is not a strict *MUST*. There’s no explicit prohibition of the Host header in HTTP/2 requests.
Maybe we should reconsider our current approach of treating such requests as malformed. Arturo On Sat, Oct 12, 2024 at 12:47 PM Oleg Kalnichevski <ol...@apache.org> wrote: > Folks > > Presently HttpCore HTTP/2 protocol handler treats HTTP/2 request > messages with a `Host` header as malformed. > > However I just recently discovered that Apache HTTPD happily sends us > push promise requests with a `Host` header in them. Initially I thought > it was a bug in HTTPD and was going to report it to the HTTPD devs. > However I have gone through RFC 7540 a few more times I must admit > there appears to be no clear statement defining `Host` header as > illegal for HTTP/2 messages. There is only this: "Clients that generate > HTTP/2 requests directly SHOULD use the ":authority" pseudo-header > field instead of the Host header field". > > It looks like we are in the wrong here. > > How do you see it? > > Oleg > > --- > DEBUG [requester-dispatch-1][org.apache.hc.core5.http.headers] > c-0000000000 >> :method: GET > DEBUG [requester-dispatch-1][org.apache.hc.core5.http.headers] > c-0000000000 >> :scheme: http > DEBUG [requester-dispatch-1][org.apache.hc.core5.http.headers] > c-0000000000 >> :authority: localhost:32916 > DEBUG [requester-dispatch-1][org.apache.hc.core5.http.headers] > c-0000000000 >> :path: /pushy > DEBUG [requester-dispatch-1][org.apache.hc.core5.http.headers] > c-0000000000 >> user-agent: Apache-HttpCore/5.3.1-SNAPSHOT (Java/17.0.12) > DEBUG [requester-dispatch-1][org.apache.hc.core5.http2.frame] c-0000000000 > >> stream 1 frame: HEADERS (0x1); flags: END_STREAM END_HEADERS (0x5); > length: 59 > ... > DEBUG [requester-dispatch-1][org.apache.hc.core5.http2.frame] c-0000000000 > << stream 1 frame: PUSH_PROMISE (0x5); flags: END_HEADERS (0x4); length: 77 > DEBUG [requester-dispatch-1][org.apache.hc.core5.http2.frame.payload] > c-0000000000 << Promised stream 2 > ... > DEBUG [requester-dispatch-1][org.apache.hc.core5.http.headers] > c-0000000000 << :scheme: http > DEBUG [requester-dispatch-1][org.apache.hc.core5.http.headers] > c-0000000000 << :authority: localhost:32916 > DEBUG [requester-dispatch-1][org.apache.hc.core5.http.headers] > c-0000000000 << :path: /aaa > DEBUG [requester-dispatch-1][org.apache.hc.core5.http.headers] > c-0000000000 << :method: GET > DEBUG [requester-dispatch-1][org.apache.hc.core5.http.headers] > c-0000000000 << user-agent: Apache-HttpCore/5.3.1-SNAPSHOT (Java/17.0.12) > DEBUG [requester-dispatch-1][org.apache.hc.core5.http.headers] > c-0000000000 << host: localhost:32916 > ... > DEBUG [requester-dispatch-1][org.apache.hc.core5.http.headers] > c-0000000000 << :status: 200 > DEBUG [requester-dispatch-1][org.apache.hc.core5.http.headers] > c-0000000000 << last-modified: Sat, 12 Oct 2024 10:33:15 GMT > DEBUG [requester-dispatch-1][org.apache.hc.core5.http.headers] > c-0000000000 << etag: "15-624452194b0c0" > DEBUG [requester-dispatch-1][org.apache.hc.core5.http.headers] > c-0000000000 << accept-ranges: bytes > DEBUG [requester-dispatch-1][org.apache.hc.core5.http.headers] > c-0000000000 << content-length: 21 > DEBUG [requester-dispatch-1][org.apache.hc.core5.http.headers] > c-0000000000 << date: Sat, 12 Oct 2024 10:33:18 GMT > DEBUG [requester-dispatch-1][org.apache.hc.core5.http.headers] > c-0000000000 << server: Apache/2.4.54 (Unix) > DEBUG [requester-dispatch-1][org.apache.hc.core5.http2.frame] c-0000000000 > << stream 1 frame: DATA (0x0); flags: END_STREAM (0x1); length: 21 > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org > For additional commands, e-mail: dev-h...@hc.apache.org > >
