You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ic...@apache.org on 2016/03/14 11:48:55 UTC

svn commit: r1734910 - in /httpd/httpd/trunk: CHANGES modules/http2/h2_request.c modules/http2/h2_util.c

Author: icing
Date: Mon Mar 14 10:48:54 2016
New Revision: 1734910

URL: http://svn.apache.org/viewvc?rev=1734910&view=rev
Log:
mod_http2: allowing requests without :authority header

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/http2/h2_request.c
    httpd/httpd/trunk/modules/http2/h2_util.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1734910&r1=1734909&r2=1734910&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Mar 14 10:48:54 2016
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_http2: fixes incorrect denial of requests without :authority header.
+     [Stefan Eissing]
+     
   *) mod_include: Add variable DOCUMENT_ARGS, with the arguments to the
      request for the SSI document.  [Jeff Trawick]
 

Modified: httpd/httpd/trunk/modules/http2/h2_request.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http2/h2_request.c?rev=1734910&r1=1734909&r2=1734910&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http2/h2_request.c (original)
+++ httpd/httpd/trunk/modules/http2/h2_request.c Mon Mar 14 10:48:54 2016
@@ -238,11 +238,20 @@ apr_status_t h2_request_end_headers(h2_r
         return APR_EINVAL;
     }
 
-    /* Always set the "Host" header from :authority, see rfc7540, ch. 8.1.2.3 */
+    /* rfc7540, ch. 8.1.2.3:
+     * - if we have :authority, it overrides any Host header 
+     * - :authority MUST be ommited when converting h1->h2, so we
+     *   might get a stream without, but then Host needs to be there */
     if (!req->authority) {
-        return APR_BADARG;
+        const char *host = apr_table_get(req->headers, "Host");
+        if (!host) {
+            return APR_BADARG;
+        }
+        req->authority = host;
+    }
+    else {
+        apr_table_setn(req->headers, "Host", req->authority);
     }
-    apr_table_setn(req->headers, "Host", req->authority);
 
     s = apr_table_get(req->headers, "Content-Length");
     if (s) {

Modified: httpd/httpd/trunk/modules/http2/h2_util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http2/h2_util.c?rev=1734910&r1=1734909&r2=1734910&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http2/h2_util.c (original)
+++ httpd/httpd/trunk/modules/http2/h2_util.c Mon Mar 14 10:48:54 2016
@@ -1070,7 +1070,6 @@ typedef struct {
 #define H2_LIT_ARGS(a)      (a),H2_ALEN(a)
 
 static literal IgnoredRequestHeaders[] = {
-    H2_DEF_LITERAL("host"),
     H2_DEF_LITERAL("expect"),
     H2_DEF_LITERAL("upgrade"),
     H2_DEF_LITERAL("connection"),