Node: HTTP/2 Host header disallowed

Created on 6 Oct 2019  路  5Comments  路  Source: nodejs/node

Node.JS currently treats Host as a connection header, and connection headers can't be used in an HTTP/2 request.

TypeError [ERR_HTTP2_INVALID_CONNECTION_HEADERS]: HTTP/1 Connection specific headers are forbidden: "host"

I'm not sure it should be considered a connection header. The HTTP/2 spec recommends using the Host header instead of :authority if you are converting from an HTTP/1 request. This is an excerpt of the examples section:

   This section shows HTTP/1.1 requests and responses, with
   illustrations of equivalent HTTP/2 requests and responses.

   An HTTP GET request includes request header fields and no payload
   body and is therefore transmitted as a single HEADERS frame, followed
   by zero or more CONTINUATION frames containing the serialized block
   of request header fields.  The HEADERS frame in the following has
   both the END_HEADERS and END_STREAM flags set; no CONTINUATION frames
   are sent.

     GET /resource HTTP/1.1           HEADERS
     Host: example.org          ==>     + END_STREAM
     Accept: image/jpeg                 + END_HEADERS
                                          :method = GET
                                          :scheme = https
                                          :path = /resource
                                          host = example.org
                                          accept = image/jpeg

I think the correct behaviour would be for Node.JS to allow host, and omit auto-filling :authority if it's supplied.

The current behaviour was there from the very introduction of http2 (#14239), so I'm not sure if there was a special motivation for considering host a connection header? Does it interact with something else?

I don't know what we should do... But I strongly think we should at least give users a way to supply host without an error.

http2
Source
picture mildsunrise

Most helpful comment

@codedrift Fortunately they also seem to allow :authority :) The catch is, you need to use Host when signing, then rename the header to :authority when sending the request.
If it's useful, here's a demo on accessing the Transcribe Streaming API, which uses my a4s library for signing.

picture mildsunrise on 28 Jul 2020
👍2

All 5 comments

@mildsunrise +1 for this.

ejames17 picture ejames17 on 27 Mar 2020

+1

I'm trying to use AWS transcribe streaming which requires a host header to be present because it is signed before sending the request. See https://docs.aws.amazon.com/transcribe/latest/dg/how-streaming.html -> "Required Headers"

codedrift picture codedrift on 28 Jul 2020

@codedrift Fortunately they also seem to allow :authority :) The catch is, you need to use Host when signing, then rename the header to :authority when sending the request.
If it's useful, here's a demo on accessing the Transcribe Streaming API, which uses my a4s library for signing.

mildsunrise picture mildsunrise on 28 Jul 2020
👍2

@codedrift Fortunately they also seem to allow :authority :) The catch is, you need to use Host when signing, then rename the header to :authority when sending the request.
If it's useful, here's a demo on accessing the Transcribe Streaming API, which uses my a4s library for signing.

Awesome! Thank you very much!

codedrift picture codedrift on 28 Jul 2020

@mildsunrise So i adapted your library and it works perfectly! :rocket:

codedrift picture codedrift on 28 Jul 2020
1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Icemic picture Icemic  路  3Comments
dfahlander picture dfahlander  路  3Comments
addaleax picture addaleax  路  3Comments
sandeepks1 picture sandeepks1  路  3Comments
vsemozhetbyt picture vsemozhetbyt  路  3Comments