Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-5958

HTTP/1.1 request without Host header should be reported with 400 (Bad request)

    XMLWordPrintable

Details

    • Bug
    • Status: Verified (View Workflow)
    • Major
    • Resolution: Done
    • 7.1.0.DR4
    • 7.1.0.DR8
    • Undertow
    • None

    Description

      For a HTTP/1.1 client request there is requirement that it has defined Host header either with empty or non-empty value, see RFC 2616 here, here and here.

      If client performs the HTTP/1.1 request with no Host header defined, server MUST response with 400 (Bad request):

      Servers MUST report a 400 (Bad Request) error if an HTTP/1.1
      request does not include a Host request-header.

      Currently EAP7 response with actual page content when HTTP/1.1 request without Host header is performed, try:

      telnet localhost 8080
      Trying 127.0.0.1...
      Connected to localhost.
      Escape character is '^]'.
      GET / HTTP/1.1
      

      Expected behaviour: server respondes with 400 (Bad request) as specification says so.

      Attachments

        Issue Links

          Activity

            People

              sdouglas1@redhat.com Stuart Douglas
              jstourac@redhat.com Jan Stourac
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: