Is Port Number Required in HTTP “Host” Header Para

2019-01-10 17:06发布

问题:

Say I make an HTTP request to: foosite.com but the port I actually send the request to is 6103 and I DON'T put that port in the Host header for example:

GET /barpage HTTP/1.1
Host: foosite.com
Method: GET

Should http server then recognize that I'm trying to talk to it on port 6103? Or since it was omitted in the request header am I gambling on if the server actually recognizes this?

I ask that question to say this: I've found that browsers, at least firefox + chrome, put the port int he Host header. But the Java app I'm using does not. And when the port is not passed in the Host the server responds back thinking I'm on port 80. So who do I need to badger? The server operator, or the Java programmer?

回答1:

See section 14.23 of the HTTP spec which specifies that the port # should be included if its not the default port of 80.



回答2:

UPDATED for modern day browsers:

Browsers (and curl) will add the port only when it is not the standard port, as required by the HTTP spec and noted in @superfell's answer.

Browsers this day (2013), will actually strip the port from the Host Header when the port is the standard (http port 80, https port 443). Some clients, which use their own method, like the Baidu Spider, include the port number even when the port is 80.

Whether this is proper or not, I don't know. The spec doesn't say whether it's OK or not to include the port number when the port used IS the default.

To answer your comment, servers will do whatever they need to do to comply with the spec, and the spec suggests only the cases WHEN it's needed. Because of this, I feel It's not really a question of how the server deals with it - it's more how the client issues the request: includes the port number in the Host Header, or not.



回答3:

RFC2616 states that

A "host" without any trailing port information implies the default port for the service requested (e.g., "80" for an HTTP URL). For example, a request on the origin server for http://www.w3.org/pub/WWW/ would properly include:

GET /pub/WWW/ HTTP/1.1
Host: www.w3.org

This means that https://example.com would not need a trailing port as well since the default port is known for https. I have checked the HTTP requests from Firefox, Chrome and Edge and found that none of them added the port number for the host header when the domain protocole was https. For sure the port number is added when the port number was also added to the URL. The following screenshots below come from Google chrome



回答4:

Sample headers of an actual request to a hopefully non existent server 'http://myhost.com:3003/content/page.htm'

Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US;q=0.9,en;q=0.8,nb;q=0.7,de;q=0.6
Connection: keep-alive
Host: myhost.com:3244
Referer: http://myhost.com:3244/content/page.htm

The RFC https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html requires some training to read.

Section 14:24 not so easy to translate all elements to the simple reality:

Host = "Host" ":" host [ ":" port ] ;