KestrelServerOptions.AllowHostHeaderOverride Property

Reference

Definition

Namespace:: Microsoft.AspNetCore.Server.Kestrel.Core

Assembly:: Microsoft.AspNetCore.Server.Kestrel.Core.dll

Package:: Microsoft.AspNetCore.App.Ref v8.0.0

Package:: Microsoft.AspNetCore.App.Ref v9.0.0-rc.2.24474.3

Source:: KestrelServerOptions.cs

Important

Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

In HTTP/1.x, when a request target is in absolute-form (see RFC 9112 Section 3.2.2), for example

GET http://www.example.com/path/to/index.html HTTP/1.1

the Host header is redundant. In fact, the RFC says

When an origin server receives a request with an absolute-form of request-target, the origin server MUST ignore the received Host header field (if any) and instead use the host information of the request-target.

However, it is still sensible to check whether the request target and Host header match because a mismatch might indicate, for example, a spoofing attempt. Setting this property to true bypasses that check and unconditionally overwrites the Host header with the value from the request target.

public bool AllowHostHeaderOverride { get; set; }

member this.AllowHostHeaderOverride : bool with get, set

Public Property AllowHostHeaderOverride As Boolean

Property Value

Boolean

Remarks

This option does not apply to HTTP/2 or HTTP/3.

Applies to

Share via

KestrelServerOptions.AllowHostHeaderOverride Property

Definition

Property Value

Remarks

Applies to

Feedback

Additional resources