Sanitize Host header value across all requests #173
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR makes sure to sanitize the
Host
header value across all requests.This means that all of these examples now correctly return the same URI and also the same
Host
header valueexample.com
without the default port in this case:Also, HTTP/1.0 allows requests with no
Host
header at all. In this case, it will simply use the local socket address as the host value. This ensures thatgetUri()
always returns a full URI.This PR may look a bit heavy, but most of the changes are actually added tests and some of the existing URI validation logic moved from the
Server
to theRequestHeaderParser
.Builds on top of #169, which builds on top of #167, #158 and #157.