-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) mod_http2: fixes incorrect denial of requests without :authority header.
+ [Stefan Eissing]
+
*) mod_include: Add variable DOCUMENT_ARGS, with the arguments to the
request for the SSI document. [Jeff Trawick]
return APR_EINVAL;
}
- /* Always set the "Host" header from :authority, see rfc7540, ch. 8.1.2.3 */
+ /* rfc7540, ch. 8.1.2.3:
+ * - if we have :authority, it overrides any Host header
+ * - :authority MUST be ommited when converting h1->h2, so we
+ * might get a stream without, but then Host needs to be there */
if (!req->authority) {
- return APR_BADARG;
+ const char *host = apr_table_get(req->headers, "Host");
+ if (!host) {
+ return APR_BADARG;
+ }
+ req->authority = host;
+ }
+ else {
+ apr_table_setn(req->headers, "Host", req->authority);
}
- apr_table_setn(req->headers, "Host", req->authority);
s = apr_table_get(req->headers, "Content-Length");
if (s) {
#define H2_LIT_ARGS(a) (a),H2_ALEN(a)
static literal IgnoredRequestHeaders[] = {
- H2_DEF_LITERAL("host"),
H2_DEF_LITERAL("expect"),
H2_DEF_LITERAL("upgrade"),
H2_DEF_LITERAL("connection"),
projects / apache / commitdiff