Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Support no-value Host header in HttpParser #592
Please review and confirm,
A client MUST include a Host header field in all HTTP/1.1 request messages . If the requested URI does not include an Internet host name for the service being requested, then the Host header field MUST be given with an empty value. An HTTP/1.1 proxy MUST ensure that any request message it forwards does contain an appropriate Host header field that identifies the service being requested by the proxy. All Internet-based HTTP/1.1 servers MUST respond with a 400 (Bad Request) status code to any HTTP/1.1 request message which lacks a Host header field.
This seems to be a bug from Jetty 9.2, as per HttpParser.java code snippet of Jetty Source
method name : handleKnownHeaders
It expects host header to have a value instead of just being empty. However, the HTTP 1.1 spec says, send at least an empty header.
As per HTTP 1.1 spec, sending empty host header is valid but Jetty considers it as a bad request.
RFC2616 is obsolete.
Replaced with RFC7230 - https://tools.ietf.org/html/rfc7230#section-5.4
Request URI's without an authority are exceedingly rare (usually only seen in interprocess requests on the same server). With the Servlet security model, not having an authority is probably forbidden (have to see if the Servlet spec has that detail).
HTTPS, TLS, and HTTP/2 has mandatory authority.
Thank you for the inputs, so the scenario we are facing is Http client in a load balancer polling the Jetty which hosts the web apps. It is as good as inter process requests.
Jetty returns 400 Bad host header response.
So will it be addressed by Jetty ?