Actions
Feature #491
closedRequest with empty Host header returns error
Status:
Wontfix
Priority:
Normal
Category:
core
Target version:
-
ASK QUESTIONS IN Forums:
Description
In case of an HTTP 1.1 request like the following:
GET / HTTP/1.1 Host:
...lighttpd returns error 400 (Bad Request). While the RFC doesn't explicitly say what to do in case of an empty header value, neither does it explicitly forbid an empty value. The only requirement seems to be that the header "key" (Host:) must be there.
Other popular HTTP server programs (read: Apache and IIS) pass on such requests to the "default host" i.e. status 200 just like as if it was a HTTP 1.*0* request (where Host: can be left out altogether).
Files
Updated by stbuehler over 16 years ago
- Status changed from New to Fixed
- Resolution set to wontfix
an empty header is as good as no header imho. so i think 400 is the right thing. and this is surely what was intended with the rule "need host header".
Actions
Also available in: Atom