HTTP/2 examples SHOULD use :authority


    This question is inspired be an interoperability problem between Web
Polygraph benchmark and a [MitM] HTTP/2 proxy. Inside a CONNECT tunnel
to a Polygraph server, Polygraph clients were violating the following
RFC 7540 SHOULD by sending a Host header instead of the :authority

>   Clients
>   that generate HTTP/2 requests directly SHOULD use the ":authority"
>   pseudo-header field instead of the Host header field.

When forwarding the requests, the proxy dropped the Host header without
adding :authority... While investigating who is at fault, I noticed that
Polygraph [accidentally] follows RFC 7540 examples: *All* Section 8.3
examples show HTTP/2 requests with a Host header instead of :authority!

> GET /resource HTTP/1.1       HEADERS
> Host:       ==>    + END_STREAM
> Accept: image/jpeg             + END_HEADERS
>                                  :method = GET
>                                  :scheme = https
>                                  :path = /resource
>                                  host =
>                                  accept = image/jpeg

One could argue that the RFC examples are meant to illustrate how to
mechanically translate an HTTP/1 message to HTTP/2, with as little
information loss as possible, even at the expense of violating a SHOULD.
I do not think that is a valid argument because the Examples section
does not disclose that intent and most readers will expect the [only]
Example section to illustrate genuine HTTP/2 messages rather than
unusual HTTP version translation peculiarities (unless explicitly noted

AFAICT, the Examples section talks about and shows various generated
HTTP/2 messages that meet version-agnostic prose specifications. The
HTTP/1 messages are probably also included just because most [early] RFC
readers were expected to be more familiar with HTTP/1 than HTTP/2.

Do you think the RFC examples should use ":authority" instead of "host"?

Thank you,


Received on Thursday, 1 December 2016 16:55:33 UTC