fix(http): fall back to :authority for HTTP/2#827
Merged
Conversation
github-actions
Bot
added
T-test
alexhancock
previously approved these changes
May 1, 2026
DaleSeo
force-pushed
the
fix/h2-authority-fallback
branch
from
9d9f7d1 to
9ec2cec
Compare
DaleSeo
force-pushed
the
fix/h2-authority-fallback
branch
from
9ec2cec to
307d5bc
Compare
Member
Author
|
Hey @alexhancock, I've resolved the conflict with my previous PR, but your approval has been dismissed. Could you approve it again? |
alexhancock
approved these changes
May 1, 2026
Merged
jrmelsha
added a commit
to UserGeneratedLLC/rmcp-rust-sdk
that referenced
this pull request
May 1, 2026
Brings in upstream rmcp v1.6.0: - fix(http): fall back to :authority for HTTP/2 (modelcontextprotocol#827) - fix: add init_timeout for streamable-http sessions (modelcontextprotocol#811) - feat(http): log Host/Origin rejections (modelcontextprotocol#826) Conflict resolution: - crates/rmcp/CHANGELOG.md: kept fork's bare-boolean Unreleased entry, inserted upstream's 1.6.0 release section beneath it - crates/rmcp/src/transport/streamable_http_server/tower.rs: auto-merged upstream's Host/Origin/HTTP-2 logging additions; kept fork's tracing::debug! for "Resume failed" (ab4ccdb) over upstream's tracing::warn! revert - Cargo.toml workspace bumped to 1.6.0; fork's newer dep versions (pastey 0.2.2, schemars 1.2, reqwest 0.13.3, url 2.5, process-wrap 9.1, chrono 0.4.44) preserved; rand stays removed (ed5868d) since fork doesn't use it - docs.rs anthropic-ext feature retained
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation and Context
The DNS-rebinding validator added in PR #764 only checks the
Hostheader. However, in HTTP/2, the host is included in the:authoritypseudo-header. Hyper usually copies:authorityintoHostfor application code, but middleware likeaxum::Router::nestcan remove that header before it gets toStreamableHttpService. This can lead to valid H2 traffic being incorrectly rejected with a 400 error. This update modifiesparse_host_headerto userequest.uri().authority()when theHostheader is missing.How Has This Been Tested?
Added a integration test to cover the new path
Breaking Changes
None. It's a change to a private API that won't affect the public interface, and the existing HTTP/1 path remains unchanged.
Types of changes
Checklist