Hyper lets you set `Host` and `:authority` in HTTP/2 requests

[banool]

Version

• hyper 1.7.0
• hyper-tls 0.6.0
• hyper-util 0.1.17

Platform

Darwin Mac.lan 25.0.0 Darwin Kernel Version 25.0.0: Mon Aug 25 21:17:54 PDT 2025; root:xnu-12377.1.9~3/RELEASE_ARM64_T6041 arm64

Description
If you send a request to a server (either as HTTP/2 directly or HTTP/1.x -> HTTP/2 via ALPN upgrade) and also set the host header, the final request will have both the host header and :authority pseudo-header set.

I'm not 100% sure if this qualifies as a bug, but nginx at least treats it as such:

client sent duplicate host header: "host: localnet.dport.me", previous value: "host: localnet.dport.me"

It logs this error and then returns a 400.

This is mostly user error because Hyper attaches the host header itself (for both HTTP/1.x and HTTP/2 requests), I don't need to set it myself. But if you do, you can run into these issues.

I raise this just in case we think this is worth validating against, e.g. if Hyper sets host, don't let the user set it at all. Or throw an error if the request gets negotiated to HTTP/2 and host is set, something like that.

[banool]

Ah I see you address this here: #3676 (reply in thread). So this is nginx being too strict.

[banool]

@ future readers, it in fact goes further. If we're proxying a request from a client we have to strip the host header otherwise we get the same problem.