RFC 9113 and :authority header field
Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> Tue, 28 June 2022 16:32 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 315B7C14F74C for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 28 Jun 2022 09:32:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.455
X-Spam-Level:
X-Spam-Status: No, score=-2.455 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (body has been altered)" header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PxFEl-Ts-mqC for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 28 Jun 2022 09:32:07 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FFB2C14F743 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 28 Jun 2022 09:32:07 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1o6E4o-00AdRD-Ss for ietf-http-wg-dist@listhub.w3.org; Tue, 28 Jun 2022 16:28:34 +0000
Resent-Date: Tue, 28 Jun 2022 16:28:34 +0000
Resent-Message-Id: <E1o6E4o-00AdRD-Ss@lyra.w3.org>
Received: from www-data by lyra.w3.org with local (Exim 4.94.2) (envelope-from <tatsuhiro.t@gmail.com>) id 1o6E4l-00AdQE-OR for ietf-http-wg@listhub.w3.org; Tue, 28 Jun 2022 16:28:31 +0000
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <tatsuhiro.t@gmail.com>) id 1o6D1b-00ASCJ-Af for ietf-http-wg@listhub.w3.org; Tue, 28 Jun 2022 15:21:10 +0000
Received: from mail-ej1-x629.google.com ([2a00:1450:4864:20::629]) by titan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from <tatsuhiro.t@gmail.com>) id 1o6D1a-0067MH-7U for ietf-http-wg@w3.org; Tue, 28 Jun 2022 15:21:10 +0000
Received: by mail-ej1-x629.google.com with SMTP id cw10so26513082ejb.3 for <ietf-http-wg@w3.org>; Tue, 28 Jun 2022 08:21:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=yfWOaQNLSRHHQ9y+JAtchvTXyTk5H2znQdb9uo/A0Qs=; b=RTFNuLSATbuodR8P79GVBtTJ5hA/4Snrjnnyt90dUYfOa7ymxixrX+sSZM9MgR/5s2 XnUk2jdJI/7azvkWhA1YQBj81zvSImD9yennJLQOUb6XNDJO33TCG40xtJ1H0M9cfxok tdaAWWIXvS4yZK1f1wuKlXTA5JdAerFi4QKbrOq35cADEs6yZasnU/qftnLTsD+3At5n Ke9h349rsum/clORKUBwx8D90ZH/sC09fL5WtJ7PGShHpIqaoMU4yMAqA2KRKQdWDzvr C+D676hEEtCIm4Xl+wLRzvDeypme4aAie/WnIBt/11vYbK2T+KSe98YI4zovSuwn/ewd RgMQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=yfWOaQNLSRHHQ9y+JAtchvTXyTk5H2znQdb9uo/A0Qs=; b=PAcpUkuGb/fcW/ige9wonXSaxLuO4hg/ZLC544E2pEvZcn5s6NISurAQhSff3Dsd+2 9PkrjuH5OBKiFoFJKfontvJreFrCA86QpQ2UIiHMgbKfd67zF2wgEjte0+o4sbkxvzrE ioeMfLnpcbkblFH80QAcKsHZZrsiYSsidobRCq+Eu/lD6qnOQgTR2LZU7FRXIQRqOOYN /HBmeEJrgcEXpU4CExTMtKjB7pWGdtvIeiZgv2xcjQYWUZZ4jVpavM8v74Hyz1xILWdz SPgevfYqneDg5VB6OKX3tEIaOxR2FC+mGzL8XiHD6BUMruZNFh4VZ3HX2dh9Kr8Mc9RP GuQA==
X-Gm-Message-State: AJIora9X8cQvob1pStxnIoAzmKVQJlj/CmtBD8Q21Z57uHUk0lSktgA0 C4B0DC++fbV4VQLobcm2iMCjMb8y9JtcZTNu0Js6Lx5FehQ=
X-Google-Smtp-Source: AGRyM1vxJJCpZgLGfAVNhi4r1DJGF4v3qNIEAsJ6razmASznTu2nnz5zx0ggahOZOW2mlfmYS8VWoPehH0ts7+QdWII=
X-Received: by 2002:a17:906:b1c1:b0:726:b009:4b63 with SMTP id bv1-20020a170906b1c100b00726b0094b63mr8902280ejb.24.1656429656297; Tue, 28 Jun 2022 08:20:56 -0700 (PDT)
MIME-Version: 1.0
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Wed, 29 Jun 2022 00:20:45 +0900
Message-ID: <CAPyZ6=+q+MoOOwoCxbtFjt+gqsjHBqTzz9KXNVcs3EP-4VFp=Q@mail.gmail.com>
To: HTTP <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="000000000000425b2605e28395ff"
Received-SPF: pass client-ip=2a00:1450:4864:20::629; envelope-from=tatsuhiro.t@gmail.com; helo=mail-ej1-x629.google.com
X-W3C-Hub-DKIM-Status: validation passed: (address=tatsuhiro.t@gmail.com domain=gmail.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-1.4
X-W3C-Hub-Spam-Report: BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1o6D1a-0067MH-7U 81ab713de9a8e048d0f7d75fcb0ddc3f
X-caa-id: 5bd1eea06a
X-Original-To: ietf-http-wg@w3.org
Subject: RFC 9113 and :authority header field
Archived-At: <https://www.w3.org/mid/CAPyZ6=+q+MoOOwoCxbtFjt+gqsjHBqTzz9KXNVcs3EP-4VFp=Q@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40211
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Now RFC 9113 is published, we have updated :authority header field description, basically it says host and :authority cannot disagree. My question is, is it still valid to omit :authority and use host? RFC 9113 says "client must use :authority header field", but :authority is not listed in mandatory header fields. I checked a few major sites, and it looks like www.fastly.com and www.google.com complain about the missing :authority. www.fastly.com sends back RST_STREAM. www.google.com returns 400 bad request. www.google.com still returns 400 if both :authority and host are present. Best, Tatsuhiro Tsujikawa
- RFC 9113 and :authority header field Tatsuhiro Tsujikawa
- Re: RFC 9113 and :authority header field Roy T. Fielding
- Re: RFC 9113 and :authority header field Tatsuhiro Tsujikawa
- Re: RFC 9113 and :authority header field Martin Thomson
- Re: RFC 9113 and :authority header field Willy Tarreau
- Re: RFC 9113 and :authority header field Tatsuhiro Tsujikawa
- Re: RFC 9113 and :authority header field Stefan Eissing
- Re: RFC 9113 and :authority header field Tatsuhiro Tsujikawa
- Re: RFC 9113 and :authority header field Roy T. Fielding
- Re: RFC 9113 and :authority header field David Schinazi
- Re: RFC 9113 and :authority header field Martin Thomson
- Re: RFC 9113 and :authority header field Willy Tarreau
- Re: RFC 9113 and :authority header field Willy Tarreau
- Re: RFC 9113 and :authority header field Willy Tarreau
- Re: RFC 9113 and :authority header field Stefan Eissing
- Re: RFC 9113 and :authority header field Willy Tarreau
- Re: RFC 9113 and :authority header field Roy T. Fielding
- Re: RFC 9113 and :authority header field Willy Tarreau
- Re: RFC 9113 and :authority header field David Schinazi
- Re: RFC 9113 and :authority header field Kazuho Oku
- Re: RFC 9113 and :authority header field Kazuho Oku
- Re: RFC 9113 and :authority header field Willy Tarreau