Fix Kestrel host header mismatch handling when port in Url by BrennanConroy · Pull Request #59352 · dotnet/aspnetcore (original) (raw)

When using the KestrelServerOptions.AllowHostHeaderOverride option, if a port was included in the request URL and the Host header didn't match, the request would still fail with a 400 Bad Request due to us double including the port in the computed Host string.

Fails with Invalid Host header: 'www.foo.com🔢1234'

GET https://localhost:1234 HTTP/1.1
Host: localhost

Worked

GET https://localhost HTTP/1.1
Host: localhost:1234

Since Uri.Authority doesn't include the default port (80 for http, 443 for https), we should only append the port in the computed host header if it's not the default port for the scheme.