Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Questions about Jetty 11.0.12 #9012

Closed
headlamp-software opened this issue Dec 6, 2022 · 1 comment
Closed

Questions about Jetty 11.0.12 #9012

headlamp-software opened this issue Dec 6, 2022 · 1 comment
Labels
Bug For general bugs on Jetty side

Comments

@headlamp-software
Copy link

headlamp-software commented Dec 6, 2022
edited by joakime
Loading

Jetty Version
11.0.12

Java version
17 SDK

OS
Windows 10

This may or may not be an issue. I was using Jetty 9.4.49 for a long time. I switched to Jetty 11.0.12. I found that Jetty 9.4.49 created a Host header in an inbound HTTP2 request if a Host header was not present. It appears that Jetty 11.0.12 does not do this. Should it? Some sources suggest that the 9.4.49 behavior was correct. See nodejs/node#29858 for an opinion on the subject.

A closely related point is accessing the HTTP2 pseudo-headers. An HTTP2 client (such as Google Chrome) does not send a Host header (nor should it). It does send an Authority (actually ':authority') pseudo-header. Is their a way to access the pseudo-headers? I never found an API for doing so.

Thank you

Peter Schaeffer
@headlamp-software headlamp-software added the Bug For general bugs on Jetty side label Dec 6, 2022
@joakime
Copy link
Contributor

joakime commented Dec 6, 2022

Host header is a mess of conflicting history and confusing specs.

When HTTP/2 was being worked on, all of those issues ("What is the authority of this request?") were going to be resolved once and for all.
The solution was to split the 4 pieces of information coming from 2 overlapping places in HTTP/1 into 3 pseudo headers.

  • :authority is host (with optional port) - required
  • :scheme is just the scheme - required
  • :path is just the path - required

In HTTP/1, the authority can come from the Request Line AND the Host header, and when they don't match, then what?
Also, how do you resolve the authority on HTTP/1 reliably when you mix the Request Line + Host header + Proxy headers?
In HTTP/2 there's no ambiguity.

That (in a nutshell) is why HTTP/2 doesn't have a Host header.
(FYI: HTTP/2 also doesn't have other headers from HTTP/2, like Content-Length and Connection)

It is far wiser, and far more future proof, to not rely on the Host header and properly update your application for HTTP/2.

As for how to access the pseudo headers, use the Servlet API, don't try to access the headers directly.

Pseudo Header Servlet API
:authority HttpServletRequest.getServerName() / HttpServletRequest.getServerPort() / URI.create(HttpServletRequest.getRequestURL()).getAuthority()
:scheme URI.create(HttpServletRequest.getRequestURL()).getScheme()
:path HttpServletRequest.getRequestURI() / URI.create(HttpServletRequest.getRequestURL()).getPath()

To limp along with the Jetty 9.x behavior you can add the HostHeaderCustomizer to your HttpConfiguration

@joakime joakime closed this as completed Dec 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug For general bugs on Jetty side
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joakime @headlamp-software