RFR: 8292876: Do not include the deprecated userinfo component of the URI in HTTP/2 headers [v5]
Jaikiran Pai
jpai at openjdk.org
Thu Oct 13 05:21:09 UTC 2022
On Tue, 11 Oct 2022 13:25:45 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
>>> Should we be doing something similar here while constructing the authority header, to be consistent?
>>
>> Well https://www.rfc-editor.org/rfc/rfc9113.html#name-simple-request has an example where authority doesn't have the port - so I don't think we need to add it. FWIW the HTTP/1.1 code seems to be *removing* the port when it's the default one. Probably for normalization of the host string?
>
>> So it has specific text about the scheme being "http" or "https". Should we add a check here to check the scheme, before creating this authority header with just the host:port?
>
> I don't see how we could reach here if the scheme isn't "http" or "https". Do you have anything in mind Jaikiran? Oh websocket - I see. We don't support websocket over HTTP/2. We could possibly in the future, and if we did, we probably still wouldn't want to send the user-info in the upgrade request?
> > Should we be doing something similar here while constructing the authority header, to be consistent?
>
> Well https://www.rfc-editor.org/rfc/rfc9113.html#name-simple-request has an example where authority doesn't have the port - so I don't think we need to add it. FWIW the HTTP/1.1 code seems to be _removing_ the port when it's the default one. Probably for normalization of the host string?
Hello Daniel, you are right - the HTTP/1.1 code is removing the port for default ports. I agree - it's fine to leave this new code in the current form here, without trying to match what's in HTTP/1.1 code.
-------------
PR: https://git.openjdk.org/jdk/pull/10592
More information about the net-dev
mailing list