git.kaiwu.me - nginx.git/commit

author	Sergey Kandaurov <pluknet@nginx.com>
	Wed, 23 Jul 2025 10:54:07 +0000 (14:54 +0400)
committer	pluknet <pluknet@nginx.com>
	Sun, 3 Aug 2025 06:07:07 +0000 (10:07 +0400)
commit	ede5623b1529131fcc3f994e6a6f0692954fa26b
tree	746fd95014dd2cac2c6d395575b74151cdd5e22b	tree \| snapshot
parent	a238bb3d22c251647d04cf07b35c218994ab1ff5	commit \| diff

HTTP/2: fixed handling of the ":authority" header.

Previously, it misused the Host header processing resulting in
400 (Bad Request) errors for a valid request that contains both
":authority" and Host headers with the same value, treating it
after 37984f0be as if client sent more than one Host header.
Such an overly strict handling violates RFC 9113.

The fix is to process ":authority" as a distinct header, similarly
to processing an authority component in the HTTP/1.x request line.
This allows to disambiguate and compare Host and ":authority"
values after all headers were processed.

With this change, the ngx_http_process_request_header() function
can no longer be used here, certain parts were inlined similar to
the HTTP/3 module.

To provide compatibility for misconfigurations that use $http_host
to return the value of the ":authority" header, the Host header,
if missing, is now reconstructed from ":authority".