From: Stefan Eissing <icing@apache.org>
Date: Mon, 14 Mar 2016 10:48:54 +0000 (+0000)
Subject: mod_http2: allowing requests without :authority header
X-Git-Tag: 2.5.0-alpha~1905
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b76ba37de11271f830a4390e3f5ffe7cef0d4b9d;p=apache

mod_http2: allowing requests without :authority header

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1734910 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index b3e2f2b403..16cd6ab2cf 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_http2: fixes incorrect denial of requests without :authority header.
+     [Stefan Eissing]
+     
   *) mod_include: Add variable DOCUMENT_ARGS, with the arguments to the
      request for the SSI document.  [Jeff Trawick]
 
diff --git a/modules/http2/h2_request.c b/modules/http2/h2_request.c
index 2e358cdb14..923b62554f 100644
--- a/modules/http2/h2_request.c
+++ b/modules/http2/h2_request.c
@@ -238,11 +238,20 @@ apr_status_t h2_request_end_headers(h2_request *req, apr_pool_t *pool,
         return APR_EINVAL;
     }
 
-    /* Always set the "Host" header from :authority, see rfc7540, ch. 8.1.2.3 */
+    /* rfc7540, ch. 8.1.2.3:
+     * - if we have :authority, it overrides any Host header 
+     * - :authority MUST be ommited when converting h1->h2, so we
+     *   might get a stream without, but then Host needs to be there */
     if (!req->authority) {
-        return APR_BADARG;
+        const char *host = apr_table_get(req->headers, "Host");
+        if (!host) {
+            return APR_BADARG;
+        }
+        req->authority = host;
+    }
+    else {
+        apr_table_setn(req->headers, "Host", req->authority);
     }
-    apr_table_setn(req->headers, "Host", req->authority);
 
     s = apr_table_get(req->headers, "Content-Length");
     if (s) {
diff --git a/modules/http2/h2_util.c b/modules/http2/h2_util.c
index 71a3ff90a6..904349658c 100644
--- a/modules/http2/h2_util.c
+++ b/modules/http2/h2_util.c
@@ -1070,7 +1070,6 @@ typedef struct {
 #define H2_LIT_ARGS(a)      (a),H2_ALEN(a)
 
 static literal IgnoredRequestHeaders[] = {
-    H2_DEF_LITERAL("host"),
     H2_DEF_LITERAL("expect"),
     H2_DEF_LITERAL("upgrade"),
     H2_DEF_LITERAL("connection"),