Requests using the absolute-form in the request line require the host to match

[Tratcher]

Is there an existing issue for this?

• I have searched the existing issues

Describe the bug

There are known clients that send the request with the full url in the request line, but then also include a malformed Host header that doesn't match. IIS/Http.Sys ignores the invalid host in this scenario, Kestrel rejects it.

Expected Behavior

Ignore the invalid/mismatched Host header.

Steps To Reproduce

GET http://www.foo.com/api/data HTTP/1.1
HOST: www.foo.comConnection: …

Produces a "400 Bad Request".

Exceptions (if any)

No response

.NET Version

6.0

Anything else?

No response

[Tratcher]

Fixed for 6.0.2. It's not clear if we need this in 7.0, or if the customer will be able to resolve the client issue by then. I'm putting this in 7.0-planning to re-visit ~June 2022.

Thanks for contacting us.

We're moving this issue to the .NET 7 Planning milestone for future evaluation / consideration. We would like to keep this around to collect more feedback, which can help us with prioritizing this work. We will re-evaluate this issue, during our next planning meeting(s).
If we later determine, that the issue has no community involvement, or it's very rare and low-impact issue, we will close it - so that the team can focus on more important and high impact issues.
To learn more about what to expect next and how this issue will be handled you can read more about our triage process here.

[adityamandaleeka]

@Tratcher Let's follow up on this one and close it if it's not needed on > 6.

[adityamandaleeka]

Reopening to consider for 7+.