W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2022

RFC 9113 and :authority header field

From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Wed, 29 Jun 2022 00:20:45 +0900
Message-ID: <CAPyZ6=+q+MoOOwoCxbtFjt+gqsjHBqTzz9KXNVcs3EP-4VFp=Q@mail.gmail.com>
To: HTTP <ietf-http-wg@w3.org>
Now RFC 9113 is published, we have updated :authority header field
description,
basically it says host and :authority cannot disagree.
My question is, is it still valid to omit :authority and use host?
RFC 9113 says "client must use :authority header field", but :authority is
not listed in mandatory header fields.
I checked a few major sites, and it looks like www.fastly.com and
www.google.com complain about the missing :authority.  www.fastly.com sends
back RST_STREAM.  www.google.com returns 400 bad request.
www.google.com still returns 400 if both :authority and host are present.

Best,

Tatsuhiro Tsujikawa
Received on Tuesday, 28 June 2022 16:28:31 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:44:07 UTC