W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2016

HTTP/2 examples SHOULD use :authority

From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Thu, 1 Dec 2016 09:54:59 -0700
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <4ea740d1-1df8-5a76-5198-dfd45b46955e@measurement-factory.com>

    This question is inspired be an interoperability problem between Web
Polygraph benchmark and a [MitM] HTTP/2 proxy. Inside a CONNECT tunnel
to a Polygraph server, Polygraph clients were violating the following
RFC 7540 SHOULD by sending a Host header instead of the :authority

>   Clients
>   that generate HTTP/2 requests directly SHOULD use the ":authority"
>   pseudo-header field instead of the Host header field.

When forwarding the requests, the proxy dropped the Host header without
adding :authority... While investigating who is at fault, I noticed that
Polygraph [accidentally] follows RFC 7540 examples: *All* Section 8.3
examples show HTTP/2 requests with a Host header instead of :authority!

> GET /resource HTTP/1.1       HEADERS
> Host: example.org       ==>    + END_STREAM
> Accept: image/jpeg             + END_HEADERS
>                                  :method = GET
>                                  :scheme = https
>                                  :path = /resource
>                                  host = example.org
>                                  accept = image/jpeg

One could argue that the RFC examples are meant to illustrate how to
mechanically translate an HTTP/1 message to HTTP/2, with as little
information loss as possible, even at the expense of violating a SHOULD.
I do not think that is a valid argument because the Examples section
does not disclose that intent and most readers will expect the [only]
Example section to illustrate genuine HTTP/2 messages rather than
unusual HTTP version translation peculiarities (unless explicitly noted

AFAICT, the Examples section talks about and shows various generated
HTTP/2 messages that meet version-agnostic prose specifications. The
HTTP/1 messages are probably also included just because most [early] RFC
readers were expected to be more familiar with HTTP/1 than HTTP/2.

Do you think the RFC examples should use ":authority" instead of "host"?

Thank you,

Received on Thursday, 1 December 2016 16:55:33 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 1 December 2016 16:55:36 UTC