Closed wmorrison365fr closed 4 months ago
I do have mixed feelings about this change because it might break applications although that is the proper way to according to HTTP. Perhaps this could be achieved in vertx-web instead of vertx-core
e.g. in RoutingContextImpl
we already have some checks here:
if (path == null || path.isEmpty()) {
// HTTP paths must start with a '/'
fail(400);
} else if (path.charAt(0) != '/') {
// For compatiblity we return `Not Found` when a path does not start with `/`
fail(404);
}
I believe we should improve this and have this done in this project instead
Version
4.5.7
Context
An error occurred while processing an HTTP/1.1 request with no Host header. The error occurred because we didn't expect the
authority()
to be non-null (and hadn't properly checked):We've fixed this in our application, but were surprised that Vert.x doesn't handle validation of an HTTP/1.1 request with no Host header, especially as the spec RFC9112 indicates that servers should respond with a 400 BadRequest response:
Do you have a reproducer?
Not at the moment but can do so if
Steps to reproduce
We used telnet to fire a request with no Host. Note though that our application reads the
authority()
(trying to align HTTP/1.1 and HTTP/2 requests):Extra
This looks like the likely spot for handling such an error: HttpServerRequest#DEFAULT_INVALID_REQUEST_HANDLER. This would be in collaboration with the connection first checking for a Host header and creating its own
UnknownHostException
if none present.