diff options
| author | Andrew Clayton <a.clayton@nginx.com> | 2025-12-13 07:05:27 +0000 |
|---|---|---|
| committer | Andrew Clayton <a.clayton@nginx.com> | 2026-01-15 23:04:38 +0000 |
| commit | 8ea6eb5108f72f40975a812fa084703b21198cb4 (patch) | |
| tree | ed42e48631bc1a52e175da8cbe90ea2597866243 /misc | |
| parent | d8d092a49da88c42b192b7b5d88f7e628ab30560 (diff) | |
| download | nginx-8ea6eb5108f72f40975a812fa084703b21198cb4.tar.gz nginx-8ea6eb5108f72f40975a812fa084703b21198cb4.tar.bz2 | |
Uwsgi: ensure HTTP_HOST is set to the requested target host.
Previously, the HTTP_HOST environment variable was constructed from the
Host request header field, which doesn't work well with HTTP/2 and
HTTP/3 where Host may be supplanted by the ":authority" pseudo-header
field per RFC 9110, section 7.2. Also, it might give an incorrect
HTTP_HOST value from HTTP/1.x requests given in the absolute form, in
which case the Host header must be ignored by the server, per RFC 9112,
section 3.2.2.
The fix is to redefine the HTTP_HOST default from a protocol-specific
value given in the $host variable. This will now use the Host request
header field, ":authority" pseudo-header field, or request line target
URI depending on request HTTP version.
Also the CGI specification (RFC 3875, 4.1.18) notes
The server SHOULD set meta-variables specific to the protocol and
scheme for the request. Interpretation of protocol-specific
variables depends on the protocol version in SERVER_PROTOCOL.
Diffstat (limited to 'misc')
0 files changed, 0 insertions, 0 deletions