wasmtime
wasmtime copied to clipboard
`wasmtime-wasi-http` shouldn't add the default port to outbound `host` header
The outbound HTTP implementation will add a default port to the URI authority if not present:
https://github.com/bytecodealliance/wasmtime/blob/1fa8de140fce161ed5d77cf939558de79d3956c1/crates/wasi-http/src/http_impl.rs#L68-L69
As reported on Zulip and as a Spin issue, this causes breakage with AWS signed requests, which include the exact host header value in the signature payload.
I believe the current behavior is incorrect. Per the HTTP/1.1 spec:
If the target URI includes an authority component, then a client MUST send a field value for Host that is identical to that authority component
cc @elliottt