Bug #2442
closedPlease allow literal ipv6 address with scope id in host header field
Description
Hi
Some clients include the scope-id in the host header field when using literal link-local addresses. Lighttpd responds with "400 - Bad Request" in this case. Examples of such host header fields are:
Host: [fe80::123:45ff:fe67:89ab%br0] Host: [fe80::0123:45ff:fe67:89ab%eth0]:8080
Clients I've found with this behaviour are elinks and cadaver.
Altough the scope-id is of no use for the server, it is still needed if you want to do redericts with absolute urls in some web applications.
Cheers, Adi
Updated by stbuehler over 12 years ago
- Status changed from New to Invalid
The RFCs are pretty clear on the syntax; the "old" RFC 2616 refers to RFC 2396 for the definition of "host", the current draft to update it (http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-21#section-5.4) refers to RFC 3986 (which also obsoleted 2396).
RFC 3986 defines "host": http://tools.ietf.org/html/rfc3986#section-3.2.2
It uses an explicit definition for IPv6address, and I don't see scope in it.
A draft to change this (http://tools.ietf.org/html/draft-fenner-literal-zone-02) expired.
I think the basic concept of scope ids is that you should never send them someone else, and never use scope ids another host sent you - you have to derive the scope id from your own "localhost" context, i.e. use the scope of the interface you got the message from.
Updated by gstrauss about 8 years ago
x-ref: related 38139fa1 in lighttpd 1.4.40
Also available in: Atom