Details
-
Bug
-
Resolution: Done
-
Major
-
None
-
None
Description
For a HTTP/1.1 client request there is requirement that it has defined Host header either with empty or non-empty value, see RFC 2616 here, here and here.
If client performs the HTTP/1.1 request with no Host header defined, server MUST response with 400 (Bad request):
Servers MUST report a 400 (Bad Request) error if an HTTP/1.1
request does not include a Host request-header.
Currently EAP7 response with actual page content when HTTP/1.1 request without Host header is performed, try:
telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET / HTTP/1.1
Expected behaviour: server respondes with 400 (Bad request) as specification says so.
Attachments
Issue Links
- clones
-
JBEAP-5958 HTTP/1.1 request without Host header should be reported with 400 (Bad request)
- Verified