Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
net/http/httputil: ReverseProxy does not set host header correctly #28168
The HTTP/2 client prefers Request.Host over Request.URL.Host:
ReverseProxy's default Director only sets Request.URL.Host, and not Request.Host, so the request would get proxied to the same host, rather than the proxy target. This resulted in an infinite loop on golang.org (see Issue #28134).
referenced this issue
Oct 12, 2018
It's preferring the req.Host first per the docs on net/http.Request.Host:
// For client requests Host optionally overrides the Host // header to send. If empty, the Request.Write method uses // the value of URL.Host. Host may contain an international // domain name. Host string
I worry it might not be safe to change this without breaking other people. (There's the usual forward-proxy vs reverse-proxy distinction that people often bring up, too, which is kinda related here.) But if we have different behavior already whether we use HTTP/1 vs HTTP/2 to the backend, then I could see changing it.
Hm, would it be safe to set (or unset) Request.Host in the default director?
The workaround I tried for godoc actually didn't work in production (but worked locally). It 502s and logs this: