- From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
- Date: Wed, 29 Jun 2022 00:20:45 +0900
- To: HTTP <ietf-http-wg@w3.org>
Received on Tuesday, 28 June 2022 16:28:31 UTC
Now RFC 9113 is published, we have updated :authority header field description, basically it says host and :authority cannot disagree. My question is, is it still valid to omit :authority and use host? RFC 9113 says "client must use :authority header field", but :authority is not listed in mandatory header fields. I checked a few major sites, and it looks like www.fastly.com and www.google.com complain about the missing :authority. www.fastly.com sends back RST_STREAM. www.google.com returns 400 bad request. www.google.com still returns 400 if both :authority and host are present. Best, Tatsuhiro Tsujikawa
Received on Tuesday, 28 June 2022 16:28:31 UTC