Changes with Apache 2.4.19
+ *) mod_http2: fixes incorrect denial of requests without :authority header.
+ [Stefan Eissing]
+
*) mod_reqtimeout: Prevent long response times from triggering a timeout once
the request has been fully read. PR 59045. [Yann Ylavic]
return APR_EINVAL;
}
- /* Always set the "Host" header from :authority, see rfc7540, ch. 8.1.2.3 */
+ /* rfc7540, ch. 8.1.2.3:
+ * - if we have :authority, it overrides any Host header
+ * - :authority MUST be ommited when converting h1->h2, so we
+ * might get a stream without, but then Host needs to be there */
if (!req->authority) {
- return APR_BADARG;
+ const char *host = apr_table_get(req->headers, "Host");
+ if (!host) {
+ return APR_BADARG;
+ }
+ req->authority = host;
+ }
+ else {
+ apr_table_setn(req->headers, "Host", req->authority);
}
- apr_table_setn(req->headers, "Host", req->authority);
s = apr_table_get(req->headers, "Content-Length");
if (s) {
#define H2_LIT_ARGS(a) (a),H2_ALEN(a)
static literal IgnoredRequestHeaders[] = {
- H2_DEF_LITERAL("host"),
H2_DEF_LITERAL("expect"),
H2_DEF_LITERAL("upgrade"),
H2_DEF_LITERAL("connection"),
* @macro
* Version number of the http2 module as c string
*/
-#define MOD_HTTP2_VERSION "1.4.0"
+#define MOD_HTTP2_VERSION "1.4.1"
/**
* @macro
* release. This is a 24 bit number with 8 bits for major number, 8 bits
* for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
*/
-#define MOD_HTTP2_VERSION_NUM 0x010400
+#define MOD_HTTP2_VERSION_NUM 0x010401
#endif /* mod_h2_h2_version_h */
projects / apache / commitdiff