Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
Make Host header be always the first in requests #723
I observed that some servers (Cloudflare, for instance) will fail the request or will respond with redirects to the same URL if the Host header comes too late in the request.
I think this actually make sense from a security perspective, as having Host late in the request would mean a server with virtual hosts would have to buffer everything before the Host header before deciding where the request will land and whether the virtual host is even valid.
RFC 7230 section 5.4 supports this, stating that:
I propose here this changes that always lifts the Host header to be the first one sent. By looking at the previous lines, the
What do you think? Happy to discuss solutions.
Would be also nice if someone could point me into which file I could add tests/specs :)