Re: Verification of :authority in push promise requests too strict?
Date: Fri, 13 Sep 2019 16:59:39 +0200 (CEST)
On Wed, 11 Sep 2019, Christoph M. Becker via curl-library wrote:
> As of curl 7.64.1 one test case[1] in the PHP test suite is failing,
> which is caused by
> <https://github.com/curl/curl/pull/3581/commits/228cb2511e00badc78eb2356232b40eee54d0dbc>.
>
> The problem is that the server sends
>
> :authority http2.golang.org
>
> while libcurl expects
>
> :authority http2.golang.org:443
>
> So obviously only the (default) port number is missing. I wonder whether
> the check for the :authority pseudo is too strict.
I certainly seems so. Without a port number present it is supposed to be the
default for the scheme so for a typical HTTPS URL "http2.golang.org" and
"http2.golang.org:443" should match for all I can see.
Do you agree? You up to work on a fix?
--
/ daniel.haxx.se | Get the best commercial curl support there is - from me
| Private help, bug fixes, support, ports, new features
| https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-09-13