When I write middleware-style components that pass an incoming request on to an upstream, I use into_request() to turn them into WASI requests.
This always fails because the incoming request has Connection and Host headers which are FORBIDDEN. I have to remove those manually to be able to into_request() it. E.g. https://github.com/spinframework/http-auth-middleware/blob/main/github-oauth/src/api/authenticate.rs#L35C1-L37C54. I don't know if other headers are FORBIDDEN but I live in fear that one day a varlet will send me a request that contains such a header and my middleware will crash because I didn't know to remove it.
How terrible would it be to make into_request() quietly ignore forbidden headers, or not forbid them and instead let WASI get mad if it needs to, or in some other way make header-related-forbiddances not the app developer's problem?
Or should we make it so that these headers are not forbidden when used in the middleware/composition scenario? Really I'd expect that headers like these should be passed through the composition chain without anyone caring.
When I write middleware-style components that pass an incoming request on to an upstream, I use
into_request()to turn them into WASI requests.This always fails because the incoming request has
ConnectionandHostheaders which are FORBIDDEN. I have to remove those manually to be able tointo_request()it. E.g. https://github.com/spinframework/http-auth-middleware/blob/main/github-oauth/src/api/authenticate.rs#L35C1-L37C54. I don't know if other headers are FORBIDDEN but I live in fear that one day a varlet will send me a request that contains such a header and my middleware will crash because I didn't know to remove it.How terrible would it be to make
into_request()quietly ignore forbidden headers, or not forbid them and instead let WASI get mad if it needs to, or in some other way make header-related-forbiddances not the app developer's problem?Or should we make it so that these headers are not forbidden when used in the middleware/composition scenario? Really I'd expect that headers like these should be passed through the composition chain without anyone caring.