6

HTTP 1.1 states: "A client MUST include a Host header field in all HTTP/1.1 request messages"

However, the machines I am working on send out this exact POST (containing coordinates), which I do not have access to change:

POST /touch HTTP/1.1
Content-type: application/x-www-form-urlencoded
Content-Length: <n>

x=<int x>&y=<int y>

Tomcat 7 immediately responds with 400 Bad Request due to the lack of a Host header field, and the POST never gets to my servlet. Is there any way I can avoid this error response and handle the POST with the servlet to support these older machines?

user1684196
  • 61
  • 1
  • 3

1 Answers1

6

As you already noted, HTTP 1.1 spec says (bold mine):

A client MUST include a Host header field in all HTTP/1.1 request messages. [...] An HTTP/1.1 proxy MUST ensure that any request message it forwards does contain an appropriate Host header field that identifies the service being requested by the proxy. All Internet-based HTTP/1.1 servers MUST respond with a 400 (Bad Request) status code to any HTTP/1.1 request message which lacks a Host header field.

The client is using HTTP 1.1 protocol incorrectly, you should not try to work around that on the server side. What you can do is setup some custom HTTP proxy that will just add the Host header. But that's a dirty workaround. Alternatively downgrade the protocol to 1.0.

Also note that even if you somehow manage to make Tomcat accept such requests (which is against the specification), you'll still run into some issues if any HTTP proxy is between ends.

Tomasz Nurkiewicz
  • 334,321
  • 69
  • 703
  • 674
  • This is for a testing tool at work, so intermediate proxies are not an issue. I'd rather have some kind of work around in tomcat, like a filter or a valve, rather than setting up a proxy, but I don't think the valve can intercept the request before it is denied. – user1684196 Oct 09 '12 at 21:29