- From: Adrien de Croy <adrien@qbik.com>
- Date: Wed, 17 Jun 2009 22:29:10 +1200
- To: Daniel Stenberg <dast@haxx.se>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
the interesting thing is that for the CONNECT method, RFC2616 doesn't say explicitly what part of the request provides the host information for the connection. It only does this for AbsoluteURI and abs_path, not authority or "*" ( since Request-URI := "*" | AbsoluteURI | abs_path | authority ) The RFC for tunnelling does however. So basically we're saying the Host header must be there, but it must be ignored. I guess there are still enough proxies out there willing to honour an HTTP/1.1 CONNECT request without one, else the vendors of this software would have fixed it by now. Cheers Adrien Daniel Stenberg wrote: > On Wed, 17 Jun 2009, Adrien de Croy wrote: > >> I recently updated our proxy to reject all HTTP/1.1 messages from >> clients that lack a Host header. >> >> This has been found to break a number of clients which use the >> CONNECT method. > > Let me also mention that I remember that back in the days when I wrote > my first CONNECT requests, they were being ignored or not at least not > treated well by many proxies when we did them without Host: header. > > I haven't checked this situation in a long time, but I would assume > that this is still at least partly the case. Thus, doing CONNECTs > host-less is already non functional in the real world. > -- Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
Received on Wednesday, 17 June 2009 10:26:26 UTC