- From: Lucas Pardue <lucas@lucaspardue.com>
- Date: Thu, 17 Jul 2025 01:51:22 +0100
- To: "HTTP Working Group" <ietf-http-wg@w3.org>
- Message-Id: <d224fbaf-6646-4ab5-97b3-a6345e0a4762@app.fastmail.com>
Hi folks, A colleague asked me a question and I couldn't land on a conclusive answer for them, so wondered what the rest of you might think. We're fully aware that H2 and H3 allow situations where there could be an :authority and/or host. The language in RFC 9114 [1] is pretty clear on what to do when one, none, or both are present. However, the question is what should happen if an H2 or H3 request contains multiple Host headers. RFC 9112 (HTTP/1.1) says [2] > A server MUST respond with a 400 (Bad Request) status code to any HTTP/1.1 request message that lacks a Host header field and to any request message that contains more than one Host header field line or a Host header field with an invalid field value. We're H2 and H3 "relaxed" in this sense due to the interchangability of :authority and Host? Even so, it seems weird to me to allow multiple Hosts like this. If there is guthub archaeology on this Inapplgie but a cursory check couldn't land me on anything useful. Cheers Lucas [1] https://datatracker.ietf.org/doc/html/rfc9114#section-4.3.1 [2] https://www.rfc-editor.org/rfc/rfc9112.html#section-3.2-6
Received on Thursday, 17 July 2025 00:51:48 UTC