Re: RFC 9113 and :authority header field

On Wed, Jun 29, 2022 at 9:42 AM Martin Thomson <mt@lowentropy.net> wrote:

> On Wed, Jun 29, 2022, at 09:58, Tatsuhiro Tsujikawa wrote:
> > I think 2) is valid in terms of RFC 7540, but it suddenly becomes
> > invalid in terms of RFC 9113?
> > Is this correct?  https://www.fastly.com and https://www.google.com now
> > reject 2).
>
> My understanding is that both are valid alternatives.  As would a third
> option that contained the same value in both host and :authority.  The 4xx
> responses you are getting are (probably) compliance bugs.
>
> Thankfully we know people who might be closer to someone who is able to
> fix or defend those bugs.  (On CC).
>
> This whole host and :authority thing was an original mistake in HTTP/2.
> It was grounded in the view that HTTP/2 had to faithfully capture every
> weird thing HTTP/1.1 could express, even when it didn't make sense.  At the
> time, that was pragmatic and it might have aided deployment into systems
> that were, on some levels, broken.  In time, we should seek to remove those
> exceptions.  In the revision, we did some of that by disallowing different
> values.
>
>
Thank you for clarification.  Wait and see the deployments are resolved.

Best,

Tatsuhiro Tsujikawa

Received on Wednesday, 29 June 2022 09:14:11 UTC