Comments (16)
I think the best option is indeed the second one: not deleting the Host
header, but still extracting it for authority. I don't think that adding it for HTTP/2 makes a lot of sense, although I guess it can be useful for compatibility.
from falcon.
The latest release of falcon now uses http-protocol
which doesn't delete the host header.
That being said, the situation with HTTP/2 is far from clear: https://http2.github.io/http2-spec/#rfc.section.8.1.2.3
I think that #authority
is a good baseline for HTTP/2 and I think that while it's optional, it was very close to being mandatory. Some more details here:
We did not mandate use of :authority so that proxies and gateways
could provide perfect fidelity in their translation from 1.1 to 2.
https://www.ietf.org/mail-archive/web/httpbisa/current/msg28630.html
I will leave this issue until we have actually confirmed that this is fixed and then I believe we should figure out ultimately what the behaviour should be like going forward:
- Should
falcon serve
add ahost
header so that rack apps that expect it continue to work? (alternatively document the current behaviour). - Should
async-http
allow:authority
to be optional (e.g. nil)?
from falcon.
The HOST header doesn't exist with HTTP/2, so it has to be normalised. It's now referred to as #authority
. We could re-inject this back into the rack ENV
if this is required for compatibility.
from falcon.
Here is where you'd want to make a change - probably after this line:
falcon/lib/falcon/adapters/rack.rb
Line 37 in a3fdefd
Can you submit a PR with a failing test case and a fix?
from falcon.
Also, strangely enough, the rack linter isn't complaining, so this might not be a documented requirement of rack. I'm open to other solutions. Adding a host
header which doesn't exist might be the wrong approach.
from falcon.
I kind of agree that adding a host
header which doesn't exist might be the wrong approach: but so is removing a host
header that does exist!
The background here is that I have to deal with signed HTTP requests. That is, requests that come with a special header listing HTTP headers that should be checked for authenticity, and Host
is usually one of them. Removing the Host
header from the environment thus prevent me from checking the request's authenticity.
from falcon.
There are really two options:
- most generic option I can think of is to special case the
host
header to pullrequest.authority
and this will work on both HTTP/1.x and HTTP/2. - more specific but perhaps better option is to not delete
Host
header, but still extract it for authority. The problem is user might get wrong idea about that header and compatibility with HTTP/2.
What do you think?
from falcon.
So, I'm making some changes in the new http-protocol
gem which should provide verbatim the headers, without deleting the host
header. I think ultimately this will solve your problem.
from falcon.
The way the Host header is dropped also messes with RoR's redirect mechanisms, as seen in: https://sentry.sigpipe.me/share/issue/101cd5863ce5461faf0472d82833bbe4/
from falcon.
Thanks for the example. Will this cause problems for HTTP/2?
from falcon.
I'm afraid I don't know!
from falcon.
I guess we will find out soon enough :)
If the presence of the Host
header is required for Rack
apps, perhaps we can emulate it in falcon
. Falcon already does a heap of junk like this so it wouldn't exactly be something out of the ordinary.
from falcon.
The only way I can see this working in the short term is to write authority
to HTTP_HOST
if it wasn't otherwise specified.
from falcon.
Okay, I released this in v0.18.10 which also includes all the other recently closed issues.
from falcon.
Did you explicitly have an issue with a missing host header or HTTP_HOST
in rack?
Because I'm thinking of reverting this behaviour. I think the normalisation, at least some sort, is going to be required to make HTTP/1 and HTTP/2 transparent.
from falcon.
Also, I made it acceptable for :authority to be optional (e.g. nil), but only in some situations.
from falcon.
Related Issues (20)
- Super slowly Time.parse HOT 29
- falcon fails to start with "unsupported signal `SIGHUP'" HOT 1
- warning: 'Rack::Handler is deprecated and replaced by Rackup::Handler' on Rack 3 HOT 1
- Failed to upgrade to WebSocket HOT 19
- upstream hijacking, streamed uploads HOT 2
- Expect continue HOT 10
- crashes on launch with ruby 3.2 HOT 8
- The problem with io-event update to 1.3.0 HOT 7
- Limiting incoming requests queue HOT 3
- Sinatra - cannot load such file -- sinatra/base HOT 2
- Concurrent Database Transaction worries HOT 2
- Getting a Errno::EPIPE: Broken pipe warning HOT 11
- Socket::ResolutionError: getnameinfo: Temporary failure in name resolution HOT 10
- Should the 'virtual' command be changing the Console.logger log level? HOT 4
- Plugin `:tmp_restart` HOT 1
- Falcon not working properly locally on MacOS (m1) in forked mode HOT 12
- Production ready? HOT 1
- How to install? HOT 4
- Falcon 0.44 broken when used with Rack 2 HOT 7
- Falcon no longer respects count, new likely increases memory usage on shared hosts HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from falcon.