drupal_http_request() overrides the Host header from the parsed URL host: $options['headers']['Host'] = $uri['host']

However, if the Host header is explicitly set by the caller, drupal_http_request() should honor it.

CommentFileSizeAuthor
#2 drupal-http-request-allow-host-header-2555649-2.patch1.83 KBmvc
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

mfb created an issue. See original summary.

mvc’s picture

mvc
they
Primary language English
Location Montréal, CA
CreditAttribution: mvc at The Linux Foundation commented
Status: Active » Needs review
FileSize
drupal-http-request-allow-host-header-2555649-2.patch1.83 KB

Trivial patch attached.

Note that with this patch, when setting the Host header explicitly, the caller will be responsible for also appending non-default port numbers as per the HTTP/1.1 spec.

Anonymous’s picture

Anonymous (not verified) CreditAttribution: Anonymous commented
Status: Needs review » Reviewed & tested by the community

RTBC. As mentioned, the patch is trivial, won't break anything (it's just some if checks), & it does what it says.

David_Rothstein’s picture

David_Rothstein CreditAttribution: David_Rothstein as a volunteer commented
Issue tags: +Drupal 7.60 target
Dinesh18’s picture

Dinesh18 CreditAttribution: Dinesh18 as a volunteer commented

Verified the patch manually and looks good to me.
+1 to RTBC

David_Rothstein’s picture

David_Rothstein CreditAttribution: David_Rothstein as a volunteer commented
Status: Reviewed & tested by the community » Fixed
Issue tags: -Drupal 7.60 target +7.60 release notes

It seems like it would be of limited usefulness given that you already specify the URL... but if people want it, hey, why not allow it :)

Committed to 7.x - thanks!

  • David_Rothstein committed b09c86e on 7.x 
    Issue #2555649 by mvc, mfb, rhclayto, Dinesh18: drupal_http_request()...
mvc’s picture

mvc
they
Primary language English
Location Montréal, CA
CreditAttribution: mvc commented

Thanks! Sometimes the Host header and the domain name in the URI are in fact different (such as testing a new vhost). You could do this in D8 with Guzzle like this: https://github.com/guzzle/guzzle/issues/1678

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

emilymoi’s picture

emilymoi CreditAttribution: emilymoi commented
Priority: Normal » Critical

This change broke my site after I upgraded to Drupal 7.61.

The issue is that if a redirect occurs to a different host the 'Host' header field will still contain the original host from the first request ($options is passed back into drupal_http_request when following the redirect). So with this change it sees that the 'Host' header field is populated (with the old host information from the first request), and it fails to set the 'Host' header field to the new host we redirected to. This results in an error. If I revert the change from this patch everything works fine.

I can suggest some solutions but wanted to point out this was a problem and needs to be fixed. I have reverted this patch on my site to restore proper functionality.

emilymoi’s picture

emilymoi CreditAttribution: emilymoi commented

I have created a new issue #3018637: [regression] Unset the 'host' header in drupal_http_request() during redirect. and provided a patch for review.

Rhane’s picture

Rhane CreditAttribution: Rhane commented

This needs reopened or at least the bug that it introduced fixed. I can confirm the behavior emily mentioned as well affecting an integration.

Rhane’s picture

Rhane CreditAttribution: Rhane commented
Related issues: +#3018637: [regression] Unset the 'host' header in drupal_http_request() during redirect., +#2986754: drupal_http_request() not properly handling Host header on cross host redirect