Re: RFC 9113 and :authority header field
Willy Tarreau <w@1wt.eu> Mon, 04 July 2022 06:57 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96A71C14F728 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 3 Jul 2022 23:57:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.662
X-Spam-Level:
X-Spam-Status: No, score=-7.662 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.25, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mge_mXkxhD5q for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 3 Jul 2022 23:57:51 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 733D5C14F724 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 3 Jul 2022 23:57:51 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1o8FyX-00AnQd-Or for ietf-http-wg-dist@listhub.w3.org; Mon, 04 Jul 2022 06:54:29 +0000
Resent-Date: Mon, 04 Jul 2022 06:54:29 +0000
Resent-Message-Id: <E1o8FyX-00AnQd-Or@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <w@1wt.eu>) id 1o8FyV-00AnPE-CR for ietf-http-wg@listhub.w3.org; Mon, 04 Jul 2022 06:54:27 +0000
Received: from wtarreau.pck.nerim.net ([62.212.114.60] helo=1wt.eu) by mimas.w3.org with esmtp (Exim 4.94.2) (envelope-from <w@1wt.eu>) id 1o8FyT-009uPY-IP for ietf-http-wg@w3.org; Mon, 04 Jul 2022 06:54:27 +0000
Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id 2646s9rN028872; Mon, 4 Jul 2022 08:54:09 +0200
Date: Mon, 04 Jul 2022 08:54:09 +0200
From: Willy Tarreau <w@1wt.eu>
To: Kazuho Oku <kazuhooku@gmail.com>
Cc: Martin Thomson <mt@lowentropy.net>, HTTP Working Group <ietf-http-wg@w3.org>, Ian Swett <ianswett@google.com>
Message-ID: <20220704065409.GA28855@1wt.eu>
References: <CAPyZ6=+q+MoOOwoCxbtFjt+gqsjHBqTzz9KXNVcs3EP-4VFp=Q@mail.gmail.com> <D7142A8A-5B80-46F5-A653-2307EE2DC5D8@gbiv.com> <CAPyZ6=LCSDAsPoFCQ2cRO-i+dpo5vnp2L5A7ZLw8dvRtDs6HUg@mail.gmail.com> <741f3592-4d20-45fc-9658-8c4c71f08e5b@beta.fastmail.com> <CANatvzwLo=QT6n8f2gjAgf+03gQACo0rLkMetBMGER35RoVayA@mail.gmail.com> <CANatvzy5S7+T9VPGehT72de+xz7C+MpSKpMATmxhfYXymg6e4A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CANatvzy5S7+T9VPGehT72de+xz7C+MpSKpMATmxhfYXymg6e4A@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Received-SPF: pass client-ip=62.212.114.60; envelope-from=w@1wt.eu; helo=1wt.eu
X-W3C-Hub-Spam-Status: No, score=-4.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1o8FyT-009uPY-IP fb7d7a263c710bf2c3b164e72a2c0a5b
X-Original-To: ietf-http-wg@w3.org
Subject: Re: RFC 9113 and :authority header field
Archived-At: <https://www.w3.org/mid/20220704065409.GA28855@1wt.eu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40236
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hi Kazuho, On Mon, Jul 04, 2022 at 10:42:27AM +0900, Kazuho Oku wrote: > > "An intermediary that forwards a request over HTTP/2 MUST construct an " > > :authority" pseudo-header field using the authority information from the > > control data of the original request, unless the original request's target > > URI does not contain authority information (in which case it MUST NOT > > generate ":authority")." > > > > This MUST seems to come from > https://github.com/httpwg/http2-spec/pull/845/files. > > As of #845, we mandate intermediaries forward origin-form requests (e.g., a > "GET / HTTP/1.1" + Host) using an `:authority` request header field. > > Maybe these changes have been unintentional. No, reread carefully what it says, it's the opposite, so there's no problem: - If the control data in the original request contains authority information, an intermediary MUST include a <tt>:authority</tt> pseudo-header field. - If control data does not contain authority, an intermediary MUST NOT add an <tt>:authority</tt> pseudo-header field. For reference, an HTTP/1.1 <xref target="HTTP11" section="3.2">request target</xref> in authority-form always includes authority, a request target in absolute-form includes authority if the target URI includes authority, and request targets in origin- or asterisk-form do not include authority. I.e. "GET / HTTP/1.1 + Host" must NOT create a ":authority", so that's fine. > Regarding H2O, we did not intend to enforce the use of `:authority` pseudo > header field, so I have no problem in reverting the behavior. Then it's already fine and you don't need to change it :-) > But > nevertheless, I think it's worth discussing the state of the specification. It's important to preserve the original information when you chain several layers of gateways in different versions, and the current state of the spec allows to do that as unambiguously as possible, by clearly distinguishing the Host header field and :authority (the one being part of the request line). Cheers, Willy
- RFC 9113 and :authority header field Tatsuhiro Tsujikawa
- Re: RFC 9113 and :authority header field Roy T. Fielding
- Re: RFC 9113 and :authority header field Tatsuhiro Tsujikawa
- Re: RFC 9113 and :authority header field Martin Thomson
- Re: RFC 9113 and :authority header field Willy Tarreau
- Re: RFC 9113 and :authority header field Tatsuhiro Tsujikawa
- Re: RFC 9113 and :authority header field Stefan Eissing
- Re: RFC 9113 and :authority header field Tatsuhiro Tsujikawa
- Re: RFC 9113 and :authority header field Roy T. Fielding
- Re: RFC 9113 and :authority header field David Schinazi
- Re: RFC 9113 and :authority header field Martin Thomson
- Re: RFC 9113 and :authority header field Willy Tarreau
- Re: RFC 9113 and :authority header field Willy Tarreau
- Re: RFC 9113 and :authority header field Willy Tarreau
- Re: RFC 9113 and :authority header field Stefan Eissing
- Re: RFC 9113 and :authority header field Willy Tarreau
- Re: RFC 9113 and :authority header field Roy T. Fielding
- Re: RFC 9113 and :authority header field Willy Tarreau
- Re: RFC 9113 and :authority header field David Schinazi
- Re: RFC 9113 and :authority header field Kazuho Oku
- Re: RFC 9113 and :authority header field Kazuho Oku
- Re: RFC 9113 and :authority header field Willy Tarreau