Commit 03dc86a3 authored by David Golden's avatar David Golden

make custom 'Host' header a fatal exception

parent e0b2ce87
...@@ -2,6 +2,12 @@ Release notes for HTTP-Tiny ...@@ -2,6 +2,12 @@ Release notes for HTTP-Tiny
{{$NEXT}} {{$NEXT}}
[CHANGED]
- Providing a custom 'Host' header is now a fatal exception. Previously, it
was silently ignored, as the RFC mandates that Host be set from the
URL, but ignoring it could lead to unexpected, confusing errors.
0.043 2014-02-20 20:40:23-05:00 America/New_York 0.043 2014-02-20 20:40:23-05:00 America/New_York
[FIXED] [FIXED]
......
...@@ -323,6 +323,10 @@ Valid options are: ...@@ -323,6 +323,10 @@ Valid options are:
A code reference that will be called for each chunks of the response A code reference that will be called for each chunks of the response
body received. body received.
The C<Host> header is generated from the URL in accordance with RFC 2616. It
is a fatal error to specify C<Host> in the C<headers> option. Other headers
may be ignored or overwritten if necessary for transport compliance.
If the C<content> option is a code reference, it will be called iteratively If the C<content> option is a code reference, it will be called iteratively
to provide the content body of the request. It should return the empty to provide the content body of the request. It should return the empty
string or undef when the iterator is exhausted. string or undef when the iterator is exhausted.
...@@ -641,6 +645,11 @@ sub _prepare_headers_and_cb { ...@@ -641,6 +645,11 @@ sub _prepare_headers_and_cb {
$request->{headers}{lc $k} = $v; $request->{headers}{lc $k} = $v;
} }
} }
if (exists $request->{headers}{'host'}) {
die(qq/The 'Host' header must not be provided as header option\n/);
}
$request->{headers}{'host'} = $request->{host_port}; $request->{headers}{'host'} = $request->{host_port};
$request->{headers}{'user-agent'} ||= $self->{agent}; $request->{headers}{'user-agent'} ||= $self->{agent};
$request->{headers}{'connection'} = "close" $request->{headers}{'connection'} = "close"
......
...@@ -35,5 +35,8 @@ for my $c ( @cases ) { ...@@ -35,5 +35,8 @@ for my $c ( @cases ) {
like ($err, qr/\Q$usage{$method}\E/, join("|",@$c) ); like ($err, qr/\Q$usage{$method}\E/, join("|",@$c) );
} }
my $res = $http->get("http://www.example.com/", { headers => { host => "www.example2.com" } } );
like( $res->{content}, qr/'Host' header/, "Providing a Host header is fatal" );
done_testing; done_testing;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment