KestrelServerOptions.AllowHostHeaderOverride Property
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
In HTTP/1.x, when a request target is in absolute-form (see RFC 9112 Section 3.2.2), for example
GET http://www.example.com/path/to/index.html HTTP/1.1
the Host header is redundant. In fact, the RFC says
When an origin server receives a request with an absolute-form of request-target, the origin server MUST ignore the received Host header field (if any) and instead use the host information of the request-target.
However, it is still sensible to check whether the request target and Host header match because a mismatch might indicate, for example, a spoofing attempt. Setting this property to true bypasses that check and unconditionally overwrites the Host header with the value from the request target.
public bool AllowHostHeaderOverride { get; set; }member this.AllowHostHeaderOverride : bool with get, setPublic Property AllowHostHeaderOverride As BooleanProperty Value
Remarks
This option does not apply to HTTP/2 or HTTP/3.
Applies to
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for