Feature #491
Request with empty Host header returns error
| Status: | Wontfix | Start: | ||
| Priority: | Normal | Due date: | ||
| Assigned to: | - | % Done: | 0% |
|
| Category: | core | |||
| Target version: | - | |||
| Pending: | No |
Resolution: | wontfix |
|
| Patch available: |
Description
In case of an HTTP 1.1 request like the following:
GET / HTTP/1.1 Host:
...lighttpd returns error 400 (Bad Request). While the RFC doesn't explicitly say what to do in case of an empty header value, neither does it explicitly forbid an empty value. The only requirement seems to be that the header "key" (Host:) must be there.
Other popular HTTP server programs (read: Apache and IIS) pass on such requests to the "default host" i.e. status 200 just like as if it was a HTTP 1.*0* request (where Host: can be left out altogether).
History
09/01/2008 04:09 PM - stbuehler
- Status changed from New to Fixed
- Resolution set to wontfix
an empty header is as good as no header imho. so i think 400 is the right thing. and this is surely what was intended with the rule "need host header".