RFC 9113 and :authority header field from Tatsuhiro Tsujikawa on 2022-06-28 (ietf-http-wg@w3.org from April to June 2022)

From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Wed, 29 Jun 2022 00:20:45 +0900
To: HTTP <ietf-http-wg@w3.org>
Message-ID: <CAPyZ6=+q+MoOOwoCxbtFjt+gqsjHBqTzz9KXNVcs3EP-4VFp=Q@mail.gmail.com>

Now RFC 9113 is published, we have updated :authority header field
description,
basically it says host and :authority cannot disagree.
My question is, is it still valid to omit :authority and use host?
RFC 9113 says "client must use :authority header field", but :authority is
not listed in mandatory header fields.
I checked a few major sites, and it looks like www.fastly.com and
www.google.com complain about the missing :authority.  www.fastly.com sends
back RST_STREAM.  www.google.com returns 400 bad request.
www.google.com still returns 400 if both :authority and host are present.

Best,

Tatsuhiro Tsujikawa

Received on Tuesday, 28 June 2022 16:28:31 UTC