Coder Social home page Coder Social logo

Comments (3)

hiddenalpha avatar hiddenalpha commented on June 28, 2024

Edit: There we go -> #397

WARN: The Host header has lots of behavior specified by the HTTP protocol. So we need to take care when implementing some behavior here. See eg rfc7230_section_5.4, rfc2616_sec14.23, rfc2616_sec5.2, rfc2616_sec19.6.1.1.

We MUST make sure we do not violate any of them if we want gateleen to be compatible to HTTP.

For example. The suggested behavior:

  1. Fill in target host:post if Host header is missing

IMHO is invalid. As HTTP/1.1 says:

A server MUST respond with a 400 (Bad Request) status code to any
HTTP/1.1 request message that lacks a Host header field

Therefore filling this header would only be allowed for a HTTP/1.0 (or older) request.

So given our request is a HTTP/1.1 request, we should respond 400 as silently put in a header would violate HTTP/1.1.

Some (randomly picked by me) citations for example:

When a proxy receives a request with an absolute-form of
request-target, the proxy MUST ignore the received Host header field
(if any) and instead replace it with the host information of the
request-target

A proxy that forwards such a request MUST generate a
new Host field-value based on the received request-target rather than
forward the received Host field-value

A server MUST respond with a 400 (Bad Request) status code to any
HTTP/1.1 request message that lacks a Host header field and to any
request message that contains more than one Host header field or a
Host header field with an invalid field-value

from gateleen.

Kusig avatar Kusig commented on June 28, 2024

Yep, this is mostly known but not really treated today by Gateleen anyhow. It simply just overwrites any Host header with the target host which sounds rather strange.

However, I will not remove this but just use it as fallback if there is no incoming host (from Proxy or Browser) or if there is no specific host in the route configured.

The assumption is that most of the backends behind gateleen just don't care about this Host:xxx heaeder currently. That's why this never popped up so far.

from gateleen.

mcweba avatar mcweba commented on June 28, 2024

Released in v1.1.77

from gateleen.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.