-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jorge Arellano Cid wrote:
2. joining hostname and port for the Host: header
a_Http_make_query_str used to build the Host: header by concatenating the url->hostname with the port number in case it's not the default port. Unfortunately this breaks with numeric ipv6 addresses since an ipv6 literal has to be enclosed with square brackets when used in urls and Host: header fields (according to my experiments and my interpretation of rfc 2616 section 14.23 ("Host header") and 3.2.2 ("http URL")).
I would therefore suggest to use the original authority string obtained from the url. Patch is attached.
AFAIR, the "remove default port" part was added because some sites answer 404 when receiving it. Yes, that's what your comment says. But my proposal does not break those cases in general.
The current behavior is to construct the authority string for the host header using the parsed hostname and the port number in case it differs from 80. I proposed to use the authority part from the url the user entered. This may break some sites _if_ the user explicitly entered ":80" in the url. Btw, I just checked firefox and it seems to do it this way. Entering "http://localhost:80" in firefox url bar yields the following request: root@thinkbox:/var/tmp# nc -l -p 80 GET / HTTP/1.1 Host: localhost:80 [...]
I'd prefer a patch that handles IPv6 like you suggest, and IPv4 as now. While this is certainly doable, I can't see anything gained by assembling the authority string besides stripping the default port in case the user explicitly entered it.
Justus -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkj0r1oACgkQoPmwNWhsaZYwrACdGJanS3yoXudr/Dir/3q9jR2U w2wAoJJiFj6E5zGmO+ILNTcLzhxIfyJR =uX/b -----END PGP SIGNATURE-----