Require Host request header for HTTP/1.1 requests #404
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
All HTTP/1.1 requests require a Host request header as per RFC 7230. The
proxy CONNECT method is an exception to this rule because we do not want
to break compatibility with common HTTP proxy clients that do not
strictly follow the RFCs.
This does not affect valid HTTP/1.1 requests and has no effect on
HTTP/1.0 requests.
Additionally, make sure we do not include a default Host request header
in the parsed request object if the incoming request does not make use
of the Host request header.
I've stumbled upon this when writing integration tests for https://twitter.com/x_framework that test common HTTP server behavior. With this changeset applied, this project now behaves just like nginx, Apache and PHP's built-in web server:
I've also checked benchmark results and I'm seeing a consistent, but minor improvement from ~11k rps to ~12k rps on my machine (#162).
Builds on top of #201
Refs #208, golang/go#18215 and others