Skip to content

/go

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/http: HTTP/1.1 requests without Host header should be rejected #13624

Closed
CAFxX opened this issue Dec 15, 2015 · 4 comments

Comments

Assignees

@bradfitz bradfitz

Labels
FrozenDueToAge
Projects
None yet
Milestone
  Go1.6
4 participants
@CAFxX @bradfitz @gopherbot @cgcgbcbc
@CAFxX
Copy link
Contributor

commented Dec 15, 2015

HTTP/1.1 mandates (both in RFC2616 and RFC7230) that requests lacking a Host header should unconditionally receive a 400 Bad Request response.

https://tools.ietf.org/html/rfc2616#section-14.23
All Internet-based HTTP/1.1 servers MUST respond with a 400 (Bad Request)
status code to any HTTP/1.1 request message which lacks a Host header
field.

https://tools.ietf.org/html/rfc7230#section-5.4
A server MUST respond with a 400 (Bad Request) status code to any
HTTP/1.1 request message that lacks a Host header field and to any
request message that contains more than one Host header field or a
Host header field with an invalid field-value.

Right now Go happily accepts such requests without returning 400: as such it's non-conforming to the RFCs.

@bradfitz bradfitz changed the title HTTP/1.1 requests without Host header should be rejected net/http: HTTP/1.1 requests without Host header should be rejected Dec 15, 2015

@bradfitz bradfitz self-assigned this Dec 15, 2015

@bradfitz

This comment has been minimized.

Sign in to view
Copy link
Member

commented Dec 15, 2015

I noticed this too recently in the process of working on #11206

@bradfitz bradfitz added this to the Go1.6 milestone Dec 15, 2015

@gopherbot

This comment has been minimized.

Sign in to view
Copy link

commented Dec 16, 2015

CL https://golang.org/cl/17892 mentions this issue.

@bradfitz bradfitz closed this in 6e11f45 Dec 16, 2015

@calavera calavera referenced this issue Mar 23, 2016

Closed

Pre-golang 1.6 Dockers can't talk to golang 1.6 Docker #20865

This was referenced Apr 4, 2016

Closed
Closed

This was referenced Apr 13, 2016

Closed
Closed

@lrusak lrusak referenced this issue May 12, 2016

Merged

send host header with the GET request #2

@Confusion Confusion referenced this issue Jul 8, 2016

Closed

Docker built with Go 1.6 not supported #415

@cgcgbcbc

This comment has been minimized.

Sign in to view
Copy link

commented Jul 14, 2016

How to accept http 1.0 request then?
@bradfitz

This comment has been minimized.

Sign in to view
Copy link
Member

commented Jul 14, 2016

@cgcgbcbc, HTTP/1.0 requests don't require Host headers. This bug only applies to HTTP/1.1 requests.

@golang golang locked and limited conversation to collaborators Jul 14, 2017

@gopherbot gopherbot added the FrozenDueToAge label Jul 14, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.