Network intercepts and the Host header

[hbenl]

The BiDi implementations in Chrome and Firefox disagree on how to handle the Host header in network intercepts that override headers:

• Chrome removes the Host header from the network.beforeRequestSent event and expects no Host header in the network.continueRequest command, otherwise the request will fail.
• Firefox includes the Host header in the network.beforeRequestSent event and expects it to be present in the network.continueRequest command, otherwise the request will fail.

The spec should specify whether the Host header is required, optional or forbidden in network events and commands.

[juliandescottes]

Thanks for filing the issue.

expects no Host header in the network.continueRequest command, otherwise the request will fail.

List of headers forbidden in Chrome: https://source.chromium.org/chromium/chromium/src/+/main:services/network/public/cpp/header_util.cc;l=32-61;drc=98344435860d41977208fb875298162993ea091f

At the moment Chrome fails continueRequest commands with an InvalidArgumentException if any of those headers is provided.

Chrome removes the Host header from the network.beforeRequestSent event

On that topic I don't know, I do see the header in chrome when testing with wdspec tests?

[juliandescottes]

Notes from the working group meeting:

18:27 jdescottes: Chrome prohibits some headers in continue request are prohibited, like Host. This creates critical differences in browsers' behavior.
18:27 *** whimboo (~whimboo@9cd7628a.publics.cloak) has quit (whimboo)
18:27 https://source.chromium.org/chromium/chromium/src/+/main:services/network/public/cpp/header_util.cc;l=32-61;drc=98344435860d41977208fb875298162993ea091f
18:28 accroding to the spec, we should update them
18:30 sadym: from Chrome perspective, we have some workarounds for some headers like Referer, but IDK about Host. We should consider data from the BiDi client safe, and provide whatever they want to.
18:31 jdescottes: I'm going to check if it works like that wit hCDP
18:31 jdescottes: I'm going to check if it works like that with CDP
18:32 let's continue discussion in the issue