libcurl violates RFC7230 when constructing a proxy request with an explicit port ":80" in the URL #6769
I did this
With anything listening locally on port 3128 (e.g.
This violates RFC 7230 section 5.4, which states in part that
This discrepancy between target URI authority portion and
Within curl, the
and the target URI is constructed to exclude the userinfo subcomponent but will leave the port number present even if it would be omitted from the
For reference, the relevant code within HAProxy that rejects the mismatched request target URI and
I expected the following
curl should construct a request that conforms to RFC 7230. This could be achieved by any of:
I am happy to put together a pull request if a maintainer could indicate which of the above would be the preferred approach.
Linux 5.10.16-200.fc33.x86_64 #1 SMP Sun Feb 14 03:02:32 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered:
The S3 uploader will currently always include an explicit port number within URIs (e.g. "http://mybucket.s3.us-east-1.amazonaws.com:80") even when using the default HTTP port 80. This is not incorrect, but unfortunately triggers a bug within libcurl (see curl/curl#6769) that causes it to construct requests that will be rejected if they happen to pass through HAProxy. Work around this libcurl bug by omitting an explicit port number from the constructed URI when the default port is used. Signed-off-by: Michael Brown <email@example.com>
Let me address the three suggestions one by one for completeness:
This doesn't work on the Internet. Servers out there will break on port numbers for default ports in the
I fear that this will end up in the same bucket as the above, since the
I believe this alternative has the highest chance of working with the least amount of friction and problems.