wasmtime icon indicating copy to clipboard operation
wasmtime copied to clipboard

Published 20 hours ago verified publisher icon bytecodealliance

`wasmtime-wasi-http` shouldn't add the default port to outbound `host` header

Open lann opened this issue 2 months ago • 1 comments

The outbound HTTP implementation will add a default port to the URI authority if not present:

https://github.com/bytecodealliance/wasmtime/blob/1fa8de140fce161ed5d77cf939558de79d3956c1/crates/wasi-http/src/http_impl.rs#L68-L69

As reported on Zulip and as a Spin issue, this causes breakage with AWS signed requests, which include the exact host header value in the signature payload.

I believe the current behavior is incorrect. Per the HTTP/1.1 spec:

If the target URI includes an authority component, then a client MUST send a field value for Host that is identical to that authority component

lann avatar Apr 22 '24 12:04 lann

cc @elliottt

alexcrichton avatar Apr 22 '24 17:04 alexcrichton