http: do not strip incoming request headers

As discussed with @pchickey

See also
bytecodealliance/wasmtime#7538 (comment) and following discussion

Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net>

Author: rvolosatovs

crates/test-programs/src/bin/api_0_3_proxy.rs

@@ -32,11 +32,6 @@ impl test_programs::p3::proxy::exports::wasi::http::handler::Guest for T {
             "append of forbidden header succeeded"
         );
 
-        assert!(
-            !req_hdrs.has("host"),
-            "forbidden host header present in incoming request"
-        );
-
         let hdrs = Headers::new();
         let (mut contents_tx, contents_rx) = wit_stream::new();
         let (trailers_tx, trailers_rx) = wit_future::new();

crates/wasi-http/src/p3/host/types.rs

@@ -79,24 +79,6 @@ fn delete_request_options(
         .context("failed to delete request options from table")
 }
 
-/// Returns `true` when the header is forbidden according to this [`WasiHttpView`] implementation.
-fn is_forbidden_header(view: &mut impl WasiHttpView, name: &http::header::HeaderName) -> bool {
-    static FORBIDDEN_HEADERS: [http::header::HeaderName; 10] = [
-        http::header::CONNECTION,
-        http::header::HeaderName::from_static("keep-alive"),
-        http::header::PROXY_AUTHENTICATE,
-        http::header::PROXY_AUTHORIZATION,
-        http::header::HeaderName::from_static("proxy-connection"),
-        http::header::TE,
-        http::header::TRANSFER_ENCODING,
-        http::header::UPGRADE,
-        http::header::HOST,
-        http::header::HeaderName::from_static("http2-settings"),
-    ];
-
-    FORBIDDEN_HEADERS.contains(name) || view.is_forbidden_header(name)
-}
-
 fn clone_trailer_result(
     res: &Result<Option<Resource<Trailers>>, ErrorCode>,
 ) -> Result<Option<Resource<Trailers>>, ErrorCode> {
@@ -494,7 +476,7 @@ where
             let Ok(header) = header.parse() else {
                 return Ok(Err(HeaderError::InvalidSyntax));
             };
-            if is_forbidden_header(self, &header) {
+            if self.is_forbidden_header(&header) {
                 return Ok(Err(HeaderError::Forbidden));
             }
             let value = match http::header::HeaderValue::from_bytes(&value) {
@@ -538,7 +520,7 @@ where
         let Ok(name) = name.parse() else {
             return Ok(Err(HeaderError::InvalidSyntax));
         };
-        if is_forbidden_header(self, &name) {
+        if self.is_forbidden_header(&name) {
             return Ok(Err(HeaderError::Forbidden));
         }
         let mut values = Vec::with_capacity(value.len());
@@ -567,7 +549,7 @@ where
             Ok(header) => header,
             Err(_) => return Ok(Err(HeaderError::InvalidSyntax)),
         };
-        if is_forbidden_header(self, &header) {
+        if self.is_forbidden_header(&header) {
             return Ok(Err(HeaderError::Forbidden));
         }
         let Some(mut fields) = get_fields_inner_mut(self.table(), &fields)? else {
@@ -585,7 +567,7 @@ where
         let Ok(header) = http::header::HeaderName::from_bytes(name.as_bytes()) else {
             return Ok(Err(HeaderError::InvalidSyntax));
         };
-        if is_forbidden_header(self, &header) {
+        if self.is_forbidden_header(&header) {
             return Ok(Err(HeaderError::Forbidden));
         }
         let Some(mut fields) = get_fields_inner_mut(self.table(), &fields)? else {
@@ -608,7 +590,7 @@ where
             Ok(header) => header,
             Err(_) => return Ok(Err(HeaderError::InvalidSyntax)),
         };
-        if is_forbidden_header(self, &header) {
+        if self.is_forbidden_header(&header) {
             return Ok(Err(HeaderError::Forbidden));
         }
         let value = match http::header::HeaderValue::from_bytes(&value) {

crates/wasi-http/src/p3/mod.rs

@@ -373,6 +373,21 @@ impl<T: ResourceView> ResourceView for WasiHttpImpl<T> {
     }
 }
 
+/// Set of [http::header::HeaderName], that are forbidden by default
+/// for requests and responses originating in the guest.
+pub const DEFAULT_FORBIDDEN_HEADERS: [http::header::HeaderName; 10] = [
+    http::header::CONNECTION,
+    http::header::HeaderName::from_static("keep-alive"),
+    http::header::PROXY_AUTHENTICATE,
+    http::header::PROXY_AUTHORIZATION,
+    http::header::HeaderName::from_static("proxy-connection"),
+    http::header::TE,
+    http::header::TRANSFER_ENCODING,
+    http::header::UPGRADE,
+    http::header::HOST,
+    http::header::HeaderName::from_static("http2-settings"),
+];
+
 /// A trait which provides internal WASI HTTP state.
 pub trait WasiHttpView: ResourceView + Send {
     /// HTTP client
@@ -381,10 +396,11 @@ pub trait WasiHttpView: ResourceView + Send {
     /// Returns a reference to [WasiHttpCtx]
     fn http(&self) -> &WasiHttpCtx<Self::Client>;
 
-    /// Whether a given header should be considered forbidden and not allowed.
+    /// Whether a given header should be considered forbidden and not allowed
+    /// for requests and responses originating in the guest.
+    /// Note: headers of incoming requests and responses are not validated.
     fn is_forbidden_header(&mut self, name: &http::header::HeaderName) -> bool {
-        _ = name;
-        false
+        DEFAULT_FORBIDDEN_HEADERS.contains(name)
     }
 }
 

crates/wasi-http/tests/all/p3/mod.rs

@@ -198,9 +198,7 @@ async fn run_wasi_http<E: Into<ErrorCode> + 'static>(
 
 #[test_log::test(tokio::test)]
 async fn wasi_http_proxy_tests() -> anyhow::Result<()> {
-    let req = hyper::Request::builder()
-        // TODO: remove forbidden headers?
-        //.header("custom-forbidden-header", "yes")
+    let req = http::Request::builder()
         .uri("http://example.com:8080/test-path")
         .method(http::Method::GET);