- From: Mark Thomas <markt@apache.org>
- Date: Wed, 13 Dec 2023 09:31:01 +0000
- To: ietf-http-wg@w3.org
On 12/12/2023 16:59, Julian Reschke wrote: > On 12.12.2023 15:12, Mark Thomas wrote: >> Hi all, >> >> A (hopefully) quick question. >> >> In RFC 9112, section it states that: >> >> "If the target URI includes an authority component, then a client MUST >> send a field value for Host that is identical to that authority >> component..." >> >> Given that host is case insensitive, is the intention that "identical" >> in the text above means "identical, ignoring differences in case"? >> >> I can't think of any reason why this particular check needs to be case >> sensitive but wanted to check in case I was missing something. >> ... > > The text seems to lack clarity here. > > Are you concerned about client requirements, or do you want to add > strict checks to a server? Tomcat currently checks this in a case sensitive manner. A user has reported that this is causing issues for a client. Before I relax the check to be case insensitive I wanted to check I wasn't missing anything. If relaxing was OK, a follow-up question was going to be should I file an erratum or follow some other process to clarify this requirement. Kind regards, Mark
Received on Wednesday, 13 December 2023 09:31:10 UTC