From c2fab212e648e9a59bd0153bb5059bb1d66e50ff Mon Sep 17 00:00:00 2001
From: Pat Hickey
Date: Fri, 17 Jul 2026 14:34:36 -0700
Subject: [PATCH 1/2] header map translation: do not set FORBIDDEN_HEADERS
the set of FORBIDDEN_HEADERS is derived from wasmtime, with the addition
of Content-Length, and Expect.
---
src/http/fields.rs | 23 +++++++++++++++++++----
1 file changed, 19 insertions(+), 4 deletions(-)
diff --git a/src/http/fields.rs b/src/http/fields.rs
index de6df16..d5a07ec 100644
--- a/src/http/fields.rs
+++ b/src/http/fields.rs
@@ -18,10 +18,25 @@ pub(crate) fn header_map_from_wasi(wasi_fields: Fields) -> Result Result {
let wasi_fields = Fields::new();
for (key, value) in header_map {
- // Unwrap because `HeaderMap` has already validated the headers.
- wasi_fields
- .append(key.as_str(), value.as_bytes())
- .with_context(|| format!("wasi rejected header `{key}: {value:?}`"))?
+ if !FORBIDDEN_HEADERS.contains(key) {
+ wasi_fields
+ .append(key.as_str(), value.as_bytes())
+ .with_context(|| format!("wasi rejected header `{key}: {value:?}`"))?
+ }
}
Ok(wasi_fields)
}
+
+const FORBIDDEN_HEADERS: [HeaderName; 11] = [
+ http::header::CONNECTION,
+ HeaderName::from_static("keep-alive"),
+ http::header::PROXY_AUTHENTICATE,
+ http::header::PROXY_AUTHORIZATION,
+ HeaderName::from_static("proxy-connection"),
+ http::header::TRANSFER_ENCODING,
+ http::header::UPGRADE,
+ http::header::HOST,
+ HeaderName::from_static("http2-settings"),
+ http::header::EXPECT,
+ http::header::CONTENT_LENGTH,
+];
From 0b0692c178c8005e06dd9aa31e49d8f1fd3a4924 Mon Sep 17 00:00:00 2001
From: Pat Hickey
Date: Fri, 17 Jul 2026 14:39:23 -0700
Subject: [PATCH 2/2] server: do not add a Content-Length header
---
src/http/server.rs | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/src/http/server.rs b/src/http/server.rs
index 9fb6ff4..c9a396c 100644
--- a/src/http/server.rs
+++ b/src/http/server.rs
@@ -19,7 +19,6 @@
//! [`http_server`]: crate::http_server
use super::{Body, Error, Response, error::ErrorCode, fields::header_map_to_wasi};
-use http::header::CONTENT_LENGTH;
use wasip2::exports::http::incoming_handler::ResponseOutparam;
use wasip2::http::types::OutgoingResponse;
@@ -44,14 +43,6 @@ impl Responder {
// Consume the `response` and prepare to write the body.
let body = response.into_body().into();
- // Automatically add a Content-Length header.
- if let Some(len) = body.content_length() {
- let mut buffer = itoa::Buffer::new();
- wasi_headers
- .append(CONTENT_LENGTH.as_str(), buffer.format(len).as_bytes())
- .unwrap();
- }
-
let wasi_response = OutgoingResponse::new(wasi_headers);
// Unwrap because `StatusCode` has already validated the status.