Stream: git-wasmtime

Topic: wasmtime / issue #8430 `wasmtime-wasi-http` shouldn't add...


view this post on Zulip Wasmtime GitHub notifications bot (Apr 22 2024 at 12:56):

lann opened issue #8430:

The outbound HTTP implementation will add a default port to the URI authority if not present:

https://github.com/bytecodealliance/wasmtime/blob/1fa8de140fce161ed5d77cf939558de79d3956c1/crates/wasi-http/src/http_impl.rs#L68-L69

As reported on Zulip and as a Spin issue, this causes breakage with AWS signed requests, which include the exact host header value in the signature payload.

I believe the current behavior is incorrect. Per the HTTP/1.1 spec:

If the target URI includes an authority component, then a client MUST send a field value for Host that is identical to that authority component

view this post on Zulip Wasmtime GitHub notifications bot (Apr 22 2024 at 17:41):

alexcrichton commented on issue #8430:

cc @elliottt

view this post on Zulip Wasmtime GitHub notifications bot (Apr 22 2024 at 18:38):

lann edited issue #8430:

The outbound HTTP implementation will add a default port to the URI authority if not present:

https://github.com/bytecodealliance/wasmtime/blob/1fa8de140fce161ed5d77cf939558de79d3956c1/crates/wasi-http/src/http_impl.rs#L68-L69

As reported on Zulip and as a Spin issue, this causes breakage with AWS signed requests, which include the exact host header value in the signature payload.

I believe the current behavior is incorrect. Per the HTTP/1.1 spec:

If the target URI includes an authority component, then a client MUST send a field value for Host that is identical to that authority component

view this post on Zulip Wasmtime GitHub notifications bot (May 06 2024 at 22:41):

alexcrichton closed issue #8430:

The outbound HTTP implementation will add a default port to the URI authority if not present:

https://github.com/bytecodealliance/wasmtime/blob/1fa8de140fce161ed5d77cf939558de79d3956c1/crates/wasi-http/src/http_impl.rs#L68-L69

As reported on Zulip and as a Spin issue, this causes breakage with AWS signed requests, which include the exact host header value in the signature payload.

I believe the current behavior is incorrect. Per the HTTP/1.1 spec:

If the target URI includes an authority component, then a client MUST send a field value for Host that is identical to that authority component


Last updated: Dec 23 2024 at 12:05 UTC