ok2c commented on code in PR #622:
URL:
https://github.com/apache/httpcomponents-core/pull/622#discussion_r2813327968
##########
httpcore5-h2/src/main/java/org/apache/hc/core5/http2/protocol/H2RequestValidateHost.java:
##########
@@ -64,10 +71,57 @@ public void process(
final EntityDetails entity,
final HttpContext context) throws HttpException, IOException {
Args.notNull(context, "HTTP context");
+ Args.notNull(request, "HTTP request");
final ProtocolVersion ver = context.getProtocolVersion();
if (ver.getMajor() < 2) {
super.process(request, entity, context);
+ return;
}
+
+ final URIAuthority requestAuthority = request.getAuthority();
+ final Header hostHeader = request.getHeader(HttpHeaders.HOST);
+ if (hostHeader == null || requestAuthority == null) {
+ return;
+ }
+
+ final URIAuthority hostAuthority;
Review Comment:
> “A server SHOULD treat a request as malformed if it contains a Host header
field … that differs … from the … ":authority" pseudo-header field"
@arturobernalg I read this if "differs at all". I would just do a text
comparison without parsing the values.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
