Closed NilsRenaud closed 4 months ago
I've not added any tests since I'm not really sure it's the right place to have this check.
Maybe we could add a new place such as verifyRequest()
to handle such things.
Any thoughts ?
Is there a reason why it's handled in vert.x web rather than Vert.x core ?
a couple of reasons:
We might revisit that later I think.
Ok, though I would love to have a flag like .permitInvalidInput(boolean)
to have 2 versions of Vert.x core:
true
: for testing purposefalse
: in production (default)I think instead we should try in vertx-web to move this code to a validation handler that would be executed first to make things more clear
An HTTP/1.1 message MUST be rejected with an HTTP 400 error code when no Host header is present. See https://datatracker.ietf.org/doc/html/rfc9112#section-3.2
See https://github.com/eclipse-vertx/vert.x/issues/5204 for details.