Comments (3)
Edit: There we go -> #397
WARN: The Host
header has lots of behavior specified by the HTTP protocol. So we need to take care when implementing some behavior here. See eg rfc7230_section_5.4, rfc2616_sec14.23, rfc2616_sec5.2, rfc2616_sec19.6.1.1.
We MUST make sure we do not violate any of them if we want gateleen to be compatible to HTTP.
For example. The suggested behavior:
- Fill in target host:post if Host header is missing
IMHO is invalid. As HTTP/1.1 says:
A server MUST respond with a 400 (Bad Request) status code to any
HTTP/1.1 request message that lacks a Host header field
Therefore filling this header would only be allowed for a HTTP/1.0 (or older) request.
So given our request is a HTTP/1.1 request, we should respond 400 as silently put in a header would violate HTTP/1.1.
Some (randomly picked by me) citations for example:
When a proxy receives a request with an absolute-form of
request-target, the proxy MUST ignore the received Host header field
(if any) and instead replace it with the host information of the
request-target
A proxy that forwards such a request MUST generate a
new Host field-value based on the received request-target rather than
forward the received Host field-value
A server MUST respond with a 400 (Bad Request) status code to any
HTTP/1.1 request message that lacks a Host header field and to any
request message that contains more than one Host header field or a
Host header field with an invalid field-value
from gateleen.
Yep, this is mostly known but not really treated today by Gateleen anyhow. It simply just overwrites any Host header with the target host which sounds rather strange.
However, I will not remove this but just use it as fallback if there is no incoming host (from Proxy or Browser) or if there is no specific host in the route configured.
The assumption is that most of the backends behind gateleen just don't care about this Host:xxx heaeder currently. That's why this never popped up so far.
from gateleen.
Released in v1.1.77
from gateleen.
Related Issues (20)
- Use RedisAPI through a provider HOT 1
- Hooks on forwarded requests
- LoggingHandler does not log JsonArray payloads HOT 1
- ContextImpl Unhandled java.lang.UnsupportedOperationException
- EventBusAppender instance pollution in Java Heap Space HOT 1
- Option to split items for a queue in multiple sub-queues HOT 6
- gateleen-hook-js build not portable to non-glibc systems
- Not implemented HttpClientRequest.connection() gets called
- Better handling for unmatched delegate executions HOT 1
- Json serialization blocking EventLoop for too long
- Wrong request logging for delta requests HOT 1
- MonitoringHandler blocking EventLoop
- Some unknown actor blocks EventLoop by doing blocking IO
- QueueProcessor is blocking EventLoop
- KafkaProducerRecordBuilder is blocking EventLoop with JSON serialization
- IllegalStateException without any useful details when trying to register endHandler
- Router.createForwarders() blocks EventLoop
- Blocking IO in Forwarder?
- StackWalker takes suspiciously long during getLogger call
- Hook handling blocks EventLoop by searching for regex matches in a loop
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gateleen.