W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2009

Re: HTTP/1.1 CONNECT request without Host header

From: David Morris <dwm@xpasc.com>
Date: Tue, 16 Jun 2009 16:47:51 -0700 (PDT)
cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <Pine.LNX.4.64.0906161642460.18882@egate.xpasc.com>

I would note that in a proxy request, the host header is redundant. My
recollection was that host would only be required for direct origin server 
requests.

I would have objected loudly if I had noticed this as a requirement when 
the host header was introduced.

I don't have time to play RFC lawyer, but if this is the actual 
requirement, we should consider relaxing it for HTTPbis's output.

Dave Morris

On Wed, 17 Jun 2009, Adrien de Croy wrote:

>
> I recently updated our proxy to reject all HTTP/1.1 messages from clients 
> that lack a Host header.
>
> This has been found to break a number of clients which use the CONNECT 
> method.
>
> So it's going to be a necessity to relax this particular requirement (in our 
> proxy) at least for CONNECT.
>
> Strictly speaking this is a violation of RFC2616 correct?  I'm sure it states 
> all 1.1 messages MUST include a Host header, and a server receiving such a 
> message MUST respond with 400.
>
> May need to make reference to CONNECT for this, since a number of (non 
> browser) clients seem to be affected.  In fact maybe in HTTPbis it would pay 
> to put a bit more about CONNECT in, even if only a reference to the RFC for 
> it.  Currently its status in RFC2616 is limited to only reserving the method 
> name.
>
> Regards
>
> Adrien
>
> -- 
> Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
>
Received on Tuesday, 16 June 2009 23:48:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:04 GMT