Skip to content

MismatchedHost

[Source]

A request's Host header field value disagrees with the request-target authority.

When the request-target carries its own authority (absolute-form, or the authority-form used by CONNECT), RFC 9110 §7.2 requires the client to send a Host value identical to that authority (excluding userinfo). A request that presents two disagreeing host identities is a routing-confusion / request-smuggling vector ("Host of Troubles"): a front-end and an origin can route or authorize on different identities and be desynchronized. No conformant client sends a disagreeing pair, so Stallion answers 400 — a security-over-conformance choice, sibling to the duplicate-Host rule. Comparison is case-insensitive with default-port normalization (see _HostAuthorityMatch). Distinct from BadHostHeader (presence/uniqueness) and InvalidHostValue (value syntax): here the value is well-formed but contradicts the target. Enforced at the protocol layer (where the target and headers are both known).

primitive val MismatchedHost

Constructors

create

[Source]

new val create()
: MismatchedHost val^

Returns

Public Functions

string

[Source]

fun box string()
: String iso^

Returns

eq

[Source]

fun box eq(
  that: MismatchedHost val)
: Bool val

Parameters

Returns

ne

[Source]

fun box ne(
  that: MismatchedHost val)
: Bool val

Parameters

Returns