Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-7144

HTTP/1.1 request without Host header should be reported with 400 (Bad request)

    XMLWordPrintable

Details

    Description

      For a HTTP/1.1 client request there is requirement that it has defined Host header either with empty or non-empty value, see RFC 2616 here, here and here.

      If client performs the HTTP/1.1 request with no Host header defined, server MUST response with 400 (Bad request):

      Servers MUST report a 400 (Bad Request) error if an HTTP/1.1
      request does not include a Host request-header.

      Currently EAP7 response with actual page content when HTTP/1.1 request without Host header is performed, try:

      telnet localhost 8080
      Trying 127.0.0.1...
      Connected to localhost.
      Escape character is '^]'.
      GET / HTTP/1.1
      

      Expected behaviour: server respondes with 400 (Bad request) as specification says so.

      Attachments

        Issue Links

          Activity

            People

              sdouglas1@redhat.com Stuart Douglas
              sdouglas1@redhat.com Stuart Douglas
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: