Ticket #6 (closed defect: fixed)

Opened 6 years ago

Last modified 5 years ago

simpleHTTP and friends sometimes generate Host headers missing ports

Reported by: j3h@… Owned by: sof
Priority: major Milestone:
Component: component1 Version:
Keywords: Cc: sof

Description

When requesting a URL with an explicit, non-standard port, the Host: header should contain the port. simpleHTTP_ when not given a request with a host header will never generate a Host header with a port.

It looks like the bug is in normalizeRequestURI, which does not use the request URI to build the host header, and instead relies on a value passed in. It also seems odd that it does not just call normalizeHostHeader.

normalizeHostHeader has a different problem, which is that if the URI has a username or password, then that *will* get added to the host header.

From the HTTP/1.1 spec (RFC 2616 section 14.23):

The Host field value MUST represent the naming authority of the origin server or gateway given by the original URL. This allows the origin server or gateway to differentiate between internally-ambiguous URLs, such as the root "/" URL of a server for multiple host names on a single IP address.

Host = "Host" ":" host [ ":" port ] ; Section 3.2.2

A "host" without any trailing port information implies the default port for the service requested (e.g., "80" for an HTTP URL).

Change History

Changed 5 years ago by sof

  • owner changed from somebody to sof
  • status changed from new to assigned

Changed 5 years ago by sof

  • cc sof added

Changed 5 years ago by sof

The various pieces of library code that handled have been brought together as Network.HTTP.Base.normalizeRequest. Included with this are fixes to have Host: headers relay port numbers (but not user/pass.)

Checked into the repository, and fixes slated to be included in 4000.0.5

Changed 5 years ago by sof

  • status changed from assigned to closed
  • resolution set to fixed

Changed 5 years ago by j3h@…

Thanks!

Note: See TracTickets for help on using tickets.