Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-7144

HTTP/1.1 request without Host header should be reported with 400 (Bad request)

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 11.0.0.Alpha1
    • None
    • Web (Undertow)
    • None

    Description

      For a HTTP/1.1 client request there is requirement that it has defined Host header either with empty or non-empty value, see RFC 2616 here, here and here.

      If client performs the HTTP/1.1 request with no Host header defined, server MUST response with 400 (Bad request):

      Servers MUST report a 400 (Bad Request) error if an HTTP/1.1
      request does not include a Host request-header.

      Currently EAP7 response with actual page content when HTTP/1.1 request without Host header is performed, try:

      telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET / HTTP/1.1

      Expected behaviour: server respondes with 400 (Bad request) as specification says so.

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-5958 HTTP/1.1 request without Host header should be reported with 400 (Bad request)

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              sdouglas1@redhat.com Stuart Douglas
              sdouglas1@redhat.com Stuart Douglas
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: