W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2014

#550 handling mismatches between socket connection and host header field

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 16 Jan 2014 22:53:30 +0100
Message-ID: <52D854DA.7070205@gmx.de>
To: HTTP Working Group <ietf-http-wg@w3.org>
During IESG review, Ted Lemon came up with this interesting DISCUSS 

> In (Part 1 Section) 5.5, suppose I connect to foo.example.org on port 80, and send the following:
>   GET / HTTP/1.1
>   Host: foo.example.org:8080
> This produces an effective URI of ‚Äčhttp://foo.example.org:8080/. What is the server supposed to do at this point? The obvious way to resolve this DISCUSS point is to update the text to address this problem. I think this example has the same property that leads you to require a 301 or 400 status in section 3.1.1.

I (telnet-)tested this with various servers, and they don't seem to 
bother checking the port number.

So we could clarify that this request is invalid, but I'm not sure we 
can add a normative requirement to fail the request.

Feedback appreciated!

Best regards, Julian
Received on Thursday, 16 January 2014 21:54:05 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:23 UTC