Skip to content

fix: canonicalize Host header into :authority for outbound HTTP/2 #877

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
magurotuna wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix: canonicalize Host header into :authority for outbound HTTP/2 #877

magurotuna wants to merge 1 commit into from
+481 −8

Conversation

@magurotuna
Copy link
Contributor

@magurotuna magurotuna commented Feb 12, 2026

When sending HTTP/2 requests or push promises, promote the first valid Host header value to :authority and strip all Host headers from regular fields. This prevents emitting conflicting :authority and Host on the wire, aligning with RFC 9113 and the behavior of other HTTP/2 client implementations such as curl, Go's std, and Python's httpx.

Fixes #876

@magurotuna
fix: canonicalize Host header into :authority for outbound HTTP/2
bd48b82 
When sending HTTP/2 requests or push promises, promote the first valid
Host header value to :authority and strip all Host headers from regular
fields. This prevents emitting conflicting :authority and Host on the
wire, aligning with RFC 9113 and the behavior of other HTTP/2 client
implementations such as curl, Go's std, and Python's httpx.

Fixes hyperium#876
@magurotuna magurotuna force-pushed the canonicalize-authority-and-host branch from 5508e4e to bd48b82 Compare February 12, 2026 11:58
@magurotuna magurotuna mentioned this pull request Feb 12, 2026
Open
@seanmonstar
Copy link
Member

seanmonstar commented Feb 12, 2026

@cratelyn @olix0r I feel like we considered this a long time ago, and for transparent proxy purposes, chose not to normalize? But I can't remember if we decided that explicitly, or not. Checking if you have cases where this would be problematic.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@0x676e67 0x676e67 0x676e67 approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Outbound HTTP/2 frames can emit conflicting :authority and host headers

3 participants

@magurotuna @seanmonstar @0x676e67