Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[HTTP server] Should :authority be higher on the list than Host? #451

Closed
mateuszrzeszutek opened this issue Oct 26, 2023 · 1 comment · Fixed by #455
Closed

[HTTP server] Should :authority be higher on the list than Host? #451

mateuszrzeszutek opened this issue Oct 26, 2023 · 1 comment · Fixed by #455
Assignees
@jsuereth

Comments

@mateuszrzeszutek
Copy link
Member

The current spec says:

HTTP server instrumentations SHOULD do the best effort when populating server.address and server.port attributes and SHOULD determine them by using the first of the following that applies:

  • The original host which may be passed by the reverse proxy in the [Forwarded#host][Forwarded], [X-Forwarded-Host][X-Forwarded-Host], or a similar header.
  • The [Host][Host header] header.
  • The [:authority][HTTP/2 authority] pseudo-header in case of HTTP/2 or HTTP/3

However, the RFC says something different:

The ":authority" pseudo-header field conveys the authority portion (Section 3.2 of [RFC3986]) of the target URI (Section 7.1 of [HTTP]). The recipient of an HTTP/2 request MUST NOT use the Host header field to determine the target URI if ":authority" is present.

To me it sounds that when an HTTP 2.0 server receives an incoming request, the :authority header has higher priority than Host.
@trask trask moved this to Blocker for stability in Spec: HTTP Semantic Conventions Oct 26, 2023
@lmolkova
Copy link
Contributor

lmolkova commented Oct 26, 2023
edited
Loading

I put it after Host because from RFC9113 they SHOULD be the same and the order does not matter.

A server SHOULD treat a request as malformed if it contains a Host header field that identifies an entity that differs from the entity in the ":authority" pseudo-header field.

So I'm totally open to changing the order if it feels better.

@trask trask mentioned this issue Oct 26, 2023
Merged
2 tasks
@github-project-automation github-project-automation bot moved this from Blocker for stability to Done in Spec: HTTP Semantic Conventions Oct 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jsuereth jsuereth

Labels
None yet
Projects
Spec: HTTP Semantic Conventions
Status: Done
Milestone
No milestone
3 participants
@jsuereth @lmolkova @mateuszrzeszutek