Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Mismatching absolute URI and Host header #191

Closed
Assignees
mnot
@mnot

Description

@mnot

7230 5.4 says:

If the target URI includes an authority component, then a client MUST send a field-value for Host that is identical to that authority component, excluding any userinfo subcomponent and its "@" delimiter (Section 2.7.1).

However, the requirements upon a server receiving a request with a mismatching authority component and Host header are not clearly stated.

Below, it says:

A server MUST respond with a 400 (Bad Request) status code to any HTTP/1.1 request message that lacks a Host header field and to any request message that contains more than one Host header field or a Host header field with an invalid field-value.

However, a mismatching field-value is not clearly labeled to be invalid.

The waters are further muddied by7230 section 5.5:

If the request-target is in absolute-form, the effective request URI is the same as the request-target. Otherwise, the effective request URI is constructed as follows...

... which I've seen people interpret as "the absolute form takes precedence over the Host header."

I think we need to:

  • clarify server behaviour when receiving mismatching absolute form and host header (i.e., tweaking the language around "invalid")
  • modify the beginning of 5.5 to remove the impression outlined above

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions


    [8]ページ先頭

    ©2009-2025 Movatter.jp