IETF Logo Mail Archive

Re: RFC 9113 and :authority header field

"Roy T. Fielding" <fielding@gbiv.com> Thu, 30 June 2022 17:36 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE7C7C14CF15 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 30 Jun 2022 10:36:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.758
X-Spam-Level:
X-Spam-Status: No, score=-2.758 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gbiv.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v5oOQbN0xhk6 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 30 Jun 2022 10:36:13 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C4B1C14F606 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 30 Jun 2022 10:36:12 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1o6y2D-001Qqk-As for ietf-http-wg-dist@listhub.w3.org; Thu, 30 Jun 2022 17:32:57 +0000
Resent-Date: Thu, 30 Jun 2022 17:32:57 +0000
Resent-Message-Id: <E1o6y2D-001Qqk-As@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <fielding@gbiv.com>) id 1o6y2C-001Qps-Vk for ietf-http-wg@listhub.w3.org; Thu, 30 Jun 2022 17:32:56 +0000
Received: from beige.elm.relay.mailchannels.net ([23.83.212.16]) by mimas.w3.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <fielding@gbiv.com>) id 1o6y2B-007zlh-FL for ietf-http-wg@w3.org; Thu, 30 Jun 2022 17:32:55 +0000
X-Sender-Id: dreamhost|x-authsender|fielding@gbiv.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 5F7DCC1EE4; Thu, 30 Jun 2022 17:32:38 +0000 (UTC)
Received: from pdx1-sub0-mail-a247.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 0C5E5C19AA; Thu, 30 Jun 2022 17:32:37 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1656610357; a=rsa-sha256; cv=none; b=8yYysHyxwVyanz7GdT8BCa3/63nmEc1nEBr1WNwhsXP3GFUfr7c6QxBVjwrZuQR8d6s2Hw +RsCGb5XbJ+mEuIID/soJ7mShxDWQGWQBVoHO1iEgUBXEsQWLCYkH4eCoalMTde7zPJsxr 9DGmBTWzeKHQQtAxekH/7mT0Wk//Bpp7aLXcCvbWusQEiTTU+M5/VsGKTl+qmdpoyQIvEo ouV3vucX+agUVULeLgAyCV4pqjITsLYiO+sinhtHnNa/DrjoEUrOCzPIr67siuNAksIV1H bIs4rYffY2IORvOx4S+mpoqGGFFWikOqB5LaqMSghHgI4sYQwxmJaNRPbzczCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1656610357; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=6PjLhPN13b0gPzaq5El/pKDb0N5UwW+EFCHPdSw3tpg=; b=R3wZs2hvECAKd8oagZkF2JXeKVA+RfeHP5InN//KwN9qJD1+mVfALMFKE/vbKqqHb8Wau1 +1ka4c52+DXFP7hPdzQeVF6q1WQAtV/R10DHWSGkVm17ww6DCGFPMJVYHZ0BobtexV68W5 N8Rdg/NLB948RnPHs5uBFTAUGpYsBTo+lcv6VXBWB1PLpHbiTWRQzhMAP+lygdM3nTguNL Xox/G4tDFgQj8YqPianJZiMaELprSVJ4xgzhprx379hlI04ywxtC1XR0uh5vfinuOsZpix NXvBbIKIEGJOYGhXH+4NGxVCOgXxf+YFnOaJJRWgIarqFITLNS1O47Ci+qheLw==
ARC-Authentication-Results: i=1; rspamd-689699966c-4qvt6; auth=pass smtp.auth=dreamhost smtp.mailfrom=fielding@gbiv.com
X-Sender-Id: dreamhost|x-authsender|fielding@gbiv.com
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|fielding@gbiv.com
X-MailChannels-Auth-Id: dreamhost
X-Invention-Thread: 264e44542aa6f2bb_1656610358143_4015277040
X-MC-Loop-Signature: 1656610358143:2160626613
X-MC-Ingress-Time: 1656610358143
Received: from pdx1-sub0-mail-a247.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.127.95.103 (trex/6.7.1); Thu, 30 Jun 2022 17:32:38 +0000
Received: from smtpclient.apple (ip72-194-77-117.oc.oc.cox.net [72.194.77.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: fielding@gbiv.com) by pdx1-sub0-mail-a247.dreamhost.com (Postfix) with ESMTPSA id 4LYllS3ry3z66; Thu, 30 Jun 2022 10:32:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gbiv.com; s=dreamhost; t=1656610356; bh=vMpYjPUK6km1NVYUsZEuNjYk9k96eNy07JGrhLREYUw=; h=Content-Type:Subject:From:Date:Cc:Content-Transfer-Encoding:To; b=fTAU8D9L+s+Hg6cmJyYE4TJ4jfTCwXiPI9aSieJGZvu3wqUHpdVGAWulomQYvhVCK 87/qRzY1SuYKK4kqJ0Pq2l6Ohw8sdNtNlFzGJ+FKbXflLj6dXc7xJ4AHB8/g5tEpku KBJFAzuqCMnzLR3nhIypOfF1hPUI0Oai/LcCs/L+sF/O9Qlt5XTm4iK3dR+1GWOd/L +wQhHe5SeosxLgT1/TqDRmmPxBaOAew+r2jobHJtkFQa89PxYOeHP/ojNOXIyO3ZTs FvPmsLqEC3Z5m92lIieasOcrj1edvNU7TOlRD87Dg0+ST0Fyvx5TYgXryZ7AgLbn0C x15++jaig4vbQ==
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.100.31\))
From: "Roy T. Fielding" <fielding@gbiv.com>
In-Reply-To: <20220630090233.GA20747@1wt.eu>
Date: Thu, 30 Jun 2022 10:32:35 -0700
Cc: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>, HTTP <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <1233090A-E62F-4D4F-8F9B-1F14785386A8@gbiv.com>
References: <CAPyZ6=+q+MoOOwoCxbtFjt+gqsjHBqTzz9KXNVcs3EP-4VFp=Q@mail.gmail.com> <D7142A8A-5B80-46F5-A653-2307EE2DC5D8@gbiv.com> <CAPyZ6=LCSDAsPoFCQ2cRO-i+dpo5vnp2L5A7ZLw8dvRtDs6HUg@mail.gmail.com> <20220629055254.GA18881@1wt.eu> <34B74169-9A07-4003-8F76-1B518DE3A3A0@gbiv.com> <20220630070123.GA20552@1wt.eu> <20220630090233.GA20747@1wt.eu>
To: Willy Tarreau <w@1wt.eu>
X-Mailer: Apple Mail (2.3696.100.31)
Received-SPF: pass client-ip=23.83.212.16; envelope-from=fielding@gbiv.com; helo=beige.elm.relay.mailchannels.net
X-W3C-Hub-DKIM-Status: validation passed: (address=fielding@gbiv.com domain=gbiv.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-9.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1o6y2B-007zlh-FL deebf5463e05435b85a8e20b74dffdf6
X-Original-To: ietf-http-wg@w3.org
Subject: Re: RFC 9113 and :authority header field
Archived-At: <https://www.w3.org/mid/1233090A-E62F-4D4F-8F9B-1F14785386A8@gbiv.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40228
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

> On Jun 30, 2022, at 2:02 AM, Willy Tarreau <w@1wt.eu> wrote:
> 
> On Thu, Jun 30, 2022 at 09:01:23AM +0200, Willy Tarreau wrote:
>>>> What we're
>>>> doing in haproxy is that both Host and :authority are used interchangeably
>>>> after having been checked for proper matching, and are modified at the
>>>> same time if needed, and we have a flag indicating if an authority was
>>>> present in the incoming request to know if we have to produce one on
>>>> output or not. That's in the end what seems to preserve the most accurate
>>>> representation along a chain of multiple versions. This allows us to emit
>>>> a Host field only if one was present, and an authority only if one was
>>>> present, regardless of the HTTP version. I don't think that RFC9113 brings
>>>> any changes regarding this, it might only be a matter of what constitutes
>>>> "control data".
>>> 
>>> Sorry, that is a broken implementation. You need to send Host regardless
>>> of the original request version.
>> 
>> I can guarantee you that each time we accidently failed to do this because
>> of a tiny change or some strengthening of the checks of host vs authority,
>> we got instant reports of various 1.0 applications getting broken. And
>> actually I did verify carefully that the updated set of RFCs continued to
>> cover that compatibility requirement with these old components, i.e. Host
>> remains Host and :authority remains :authority along all the chain, and
>> only when both are set, they must match and we can simplify (e.g. drop
>> authority when passing to an HTTP/1.x server).
> 
> BTW, I think I just understood the case that concerned you and I was
> partially incorrect above, as we do *always* create a Host header on
> output since it's obviously always valid, we only make the difference
> on the authority to decide whether to rebuild and absolute or origin
> form for the URI.
> 
> Sorry for this confusion.
> 
> Willy

Heh, no worries ... I was wondering how it could possibly work, unless
you happened to be testing on single-origin default servers. It makes me
wonder what happens when a hostless request hits a CDN -- I haven't
even tested that in ages.

Cheers,

....Roy

v2.23.0 | Report a Bug | By Email