Skip to content

[7.0] Allow overriding the host header if doesn't match the absolute-form host #48415

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

[7.0] Allow overriding the host header if doesn't match the absolute-form host #48415

wants to merge 2 commits into from

Conversation

amcasey
Copy link
Member

@amcasey amcasey commented May 24, 2023
edited
Loading

Allow overriding the host header if doesn't match the absolute-form host

Description

Allow overriding the host header if doesn't match the absolute-form host.

This is a cherry-pick of #39334 (plus an explanatory comment).

The same partner that requested this for 6.0 needs it in 7.0 (see #39335).

Customer Impact

Some clients send malformed host headers and the server wants to use the value from the request target instead, as in IIS/httpsys.

Regression?

  • Yes
  • No

Kind of - it was added to 6.0 in servicing and deliberately not ported to 7.0 until there was a request.

Risk

  • High
  • Medium
  • Low

The merge was very easy - just some whitespace changes - and the functionality is opt-in.

Verification

  • Manual (required)
  • Automated

Packaging changes reviewed?

  • Yes
  • No
  • N/A

Tratcher and others added 2 commits May 24, 2023 11:06
@Tratcher @halter73 @amcasey
Allow overriding the host header if doesn't match the absolute-form h…
a802b77 
…ost (dotnet#39334)

* Allow overriding the host header if doesn't match the absolute-form host
* Apply suggestions from code review

Co-authored-by: Stephen Halter <[email protected]>
@amcasey
Add explanatory comment
7e1077d
@ghost ghost added the area-runtime label May 24, 2023
@ghost ghost added this to the 7.0.x milestone May 24, 2023
@ghost
Copy link

ghost commented May 24, 2023

Hi @amcasey. If this is not a tell-mode PR, please make sure to follow the instructions laid out in the servicing process document.
Otherwise, please add tell-mode label.

@amcasey
Copy link
Member Author

amcasey commented May 24, 2023

I'll make a separate PR (and API issue) for the corresponding change in 8.0.

@amcasey
Copy link
Member Author

amcasey commented May 24, 2023

@Tratcher I don't think there are packaging changes (I assume that means shipping different files rather than different file contents).

What's the required manual validation? Make a client send a mangled request?

@Tratcher
Copy link
Member

Yes, just test it locally with one of the sample apps and a raw socket client.

@adityamandaleeka adityamandaleeka changed the title Allow overriding the host header if doesn't match the absolute-form host [7.0] Allow overriding the host header if doesn't match the absolute-form host May 24, 2023
@BrennanConroy BrennanConroy added the Servicing-consider Shiproom approval is required for the issue label May 24, 2023
@ghost
Copy link

ghost commented May 24, 2023

Hi @amcasey. Please make sure you've updated the PR description to use the Shiproom Template. Also, make sure this PR is not marked as a draft and is ready-to-merge.

To learn more about how to prepare a servicing PR click here.

@amcasey
Copy link
Member Author

amcasey commented May 25, 2023

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 3 pipeline(s).

@amcasey amcasey mentioned this pull request May 26, 2023
Merged
4 tasks
@adityamandaleeka adityamandaleeka added Servicing-approved Shiproom has approved the issue and removed Servicing-consider Shiproom approval is required for the issue labels May 26, 2023
@ghost
Copy link

ghost commented May 26, 2023

Hi @amcasey. This PR was just approved to be included in the upcoming servicing release. Somebody from the @dotnet/aspnet-build team will get it merged when the branches are open. Until then, please make sure all the CI checks pass and the PR is reviewed.

@adityamandaleeka
Copy link
Member

Approved over email.

@amcasey
Copy link
Member Author

amcasey commented Jun 2, 2023

Internal partner dropped their request.

@amcasey amcasey closed this Jun 2, 2023
@amcasey amcasey added area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions and removed area-runtime labels Jun 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adityamandaleeka adityamandaleeka adityamandaleeka approved these changes

@Tratcher Tratcher Tratcher approved these changes

@halter73 halter73 Awaiting requested review from halter73

@BrennanConroy BrennanConroy Awaiting requested review from BrennanConroy

@JamesNK JamesNK Awaiting requested review from JamesNK

Assignees
No one assigned
Labels
area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions Servicing-approved Shiproom has approved the issue
Projects
None yet
Milestone
7.0.x
Development

Successfully merging this pull request may close these issues.
4 participants
@amcasey @Tratcher @adityamandaleeka @BrennanConroy