RFC 9113 and :authority header field

Now RFC 9113 is published, we have updated :authority header field
basically it says host and :authority cannot disagree.
My question is, is it still valid to omit :authority and use host?
RFC 9113 says "client must use :authority header field", but :authority is
not listed in mandatory header fields.
I checked a few major sites, and it looks like www.fastly.com and
www.google.com complain about the missing :authority.  www.fastly.com sends
back RST_STREAM.  www.google.com returns 400 bad request.
www.google.com still returns 400 if both :authority and host are present.


Tatsuhiro Tsujikawa

Received on Tuesday, 28 June 2022 16:28:31 UTC