Found while testing signalr on appharbor. The same origin check is failing for normal requests. This is because we have bad url parsing logic in ServerRequest.Owin, in particular:
The request port should be 80 or 443 if a host header is defined but there's no port as part of the host header.
You can observe the effects here:
Doesn't happen on windows azure websites (the port is 80):
Fixed issue with detecting which port to use.
- Always use the default port if the host header exists but there's no