Ticket #6 (closed defect: fixed)
simpleHTTP and friends sometimes generate Host headers missing ports
| Reported by: | j3h@… | Owned by: | sof |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | component1 | Version: | |
| Keywords: | Cc: | sof |
Description
When requesting a URL with an explicit, non-standard port, the Host: header should contain the port. simpleHTTP_ when not given a request with a host header will never generate a Host header with a port.
It looks like the bug is in normalizeRequestURI, which does not use the request URI to build the host header, and instead relies on a value passed in. It also seems odd that it does not just call normalizeHostHeader.
normalizeHostHeader has a different problem, which is that if the URI has a username or password, then that *will* get added to the host header.
From the HTTP/1.1 spec (RFC 2616 section 14.23):
The Host field value MUST represent the naming authority of the origin server or gateway given by the original URL. This allows the origin server or gateway to differentiate between internally-ambiguous URLs, such as the root "/" URL of a server for multiple host names on a single IP address.
Host = "Host" ":" host [ ":" port ] ; Section 3.2.2
A "host" without any trailing port information implies the default port for the service requested (e.g., "80" for an HTTP URL).
