- From: Daniel DuBois <dan@spyglass.com>
- Date: Mon, 03 Jun 1996 12:58:29 -0500
- To: Shel Kaphan <sjk@amazon.com>, jg@w3.org
- Cc: Dave Kristol <dmk@allegra.att.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
At 10:54 AM 6/3/96 -0700, Shel Kaphan wrote:
> > o Host request-headers are required in HTTP/1.1 requests.
>Sorry if I'm being dense here or repeating past arguments, but...
>
>If a client has determined that a given server speaks HTTP 1.1, should
>it really be considered illegal to omit the HOST header if an absolute
>URI is included in the request?
I'll quote myself:
********
At 04:33 PM 4/24/96 EDT, Dave Kristol wrote:
>Words to that effect appear in Sect. 8 and App.D.1. They should say,
>instead, that either an absoluteURI or Host request-header must
>accompany all HTTP/1.1 requests.
For now it's probably safer to require that Host: appear on ALL 1.1
requests, regardless of whether or not the Request-URI includes the Host
information. there's more assurance this way that some people won't screw
it up.
More importantly: consider what happens if ClientFoo does not send the
Host:, instead deciding to send absoluteURI, and ClientFoo is talking to a
proxy. If that proxy is old, it will strip the host info out of the
Reqest-URI and pass it on. Now our 1.1 origin server gets no Host: and no
absoluteURI. Sure - we could make special case language saying "You have to
send Host:, unless you are talking to a 1.1 server you dont have to, but you
do have to if your talking to a proxy." What was it JG was saying?:
"Protocols can only stand so many special purpose hacks."
As such, I think we have good reason, and rough consensus, for Host: header
to be mandatory on all 1.1 requests. Which is why the issue was closed, and
the language exists in the spec.
********
-----
Daniel DuBois, Software Animal
dan@spyglass.com
http://www.spyglass.com/~ddubois/
Received on Monday, 3 June 1996 11:04:37 UTC