Login/Register
Should the HTTP/2 `:authority` header include port number?
Asked Answered
Solved http2
K

1

6

Following on from Is Port Number Required in HTTP "Host" Header Parameter?, does the same logic apply to HTTP/2?

i.e. if a browser makes a request to https://server.com:1234/, should the :authority header be server.com or server.com:1234?

Kakapo answered 26/4, 2018 at 4:21 Comment(0)
L
11

It should, :authority is defined by RFC 7540 (https://www.rfc-editor.org/rfc/rfc7540#section-8.1.2.3) as a :

pseudo-header field includes the authority portion of the target URI ([RFC3986], Section 3.2). The authority MUST NOT include the deprecated "userinfo" subcomponent for "http" or "https" schemed URIs.

RFC 3986 in turn describes authority as:

  authority   = [ userinfo "@" ] host [ ":" port ]

It then clarifies in 3.2.3. Port":

A scheme may define a default port. For example, the "http" scheme defines a default port of "80", corresponding to its reserved TCP port number. [...] URI producers and normalizers should omit the port component and its ":" delimiter if port is empty or if its value would be the same as that of the scheme's default.

So yes, it should include the port, if the port isn't the default for the scheme.

Lankton answered 26/4, 2018 at 5:15 Comment(2)
What is less clear from the RFCs is whether the port is required. RFC 7540 Section 8.3 sends you to RFC 7230 Section 5.3.3 which says to use what CONNECT uses (as per RFC 7231 Section 4.3.6), and the language there is not completely clear: "i.e., the request-target consists of only the host name and port number ... separated by a colon". And, their example shows ":80" (it's from the "http" era). That would seem to imply the port is required. But, real HTTP/2 requests from real browsers seem to omit ":443", so it seems, in practice, it is optional when it is the default port for the scheme.Kistner
Yeah, I should have added this bit from RFC 3986: rfc-editor.org/rfc/rfc3986#section-3.2.3 which addresses the point more directly: " scheme may define a default port. For example, the "http" scheme defines a default port of "80" [...] scheme may define a default port. For example, the "http" scheme defines a default port of "80"Lankton

© 2022 - 2024 — McMap. All rights reserved.