Require Host on 1.1 requests #208
Conversation
| @@ -163,6 +163,10 @@ private function parseRequest($headers) | |||
| } | |||
| } | |||
|
|
|||
| if ($request->getProtocolVersion() === '1.1' && !$request->hasHeader('Host')) { | |||
| throw new \InvalidArgumentException('A client must send a host header field in all HTTP/1.1 request messages'); | |||
There was a problem hiding this comment.
The parameter to parseRequest ($headers) is not a valid argument.
Also, all exceptions in this method are InvalidArgumentExceptions so I was just keeping the format.
|
Thanks for filing this PR! 👍 I see where you're coming from and would love to hear some more thoughts on this! I think the (more) relevant quote from the RFC would be this:
A similar patch was filed with #127 which was later reverted partly by #173 and #201 (all by me in fact). This was done both for consistency between HTTP/1.1 and HTTP/1.0 requests and because I've been running this project in production for a few months now and (despite violating RFC 7230) have repeatedly seen HTTP/1.1 requests without a The question actually boils down to: Is a |
|
Ping @aaronbonneau, what's the status here? 👍 |
|
I'm closing this for now as it hasn't received any input in a while and I believe this has been answered. Please come back with more details if this problem persists and we can reopen this 👍 |
RFC 7230 requires "A client MUST send a Host header field in all HTTP/1.1 request messages."