nodejs · Nov 28, 2022
diff --git a/‎doc/api/http.md
+4 b/‎doc/api/http.md
+4
diff --git a/‎lib/_http_server.js
+19-1 b/‎lib/_http_server.js
+19-1
@@ -3185,6 +3185,10 @@ changes:
   * `uniqueHeaders` {Array} A list of response headers that should be sent only
     once. If the header's value is an array, the items will be joined
     using `; `.
+  * `requireHostHeader` {boolean} It forces the server to respond with
+    a 400 (Bad Request) status code to any HTTP/1.1 request message
+    that lacks a Host header (as mandated by the specification).
+    **Default:** `true`.
 
 * `requestListener` {Function}
 
 
@@ -473,6 +473,14 @@ function storeHTTPOptions(options) {
   } else {
     this.connectionsCheckingInterval = 30_000; // 30 seconds
   }
+
+  const requireHostHeader = options.requireHostHeader;
+  if (requireHostHeader !== undefined) {
+    validateBoolean(requireHostHeader, 'options.requireHostHeader');
+    this.requireHostHeader = requireHostHeader;
+  } else {
+    this.requireHostHeader = true;
+  }
 }
 
 function setupConnectionsTracking(server) {
@@ -1022,7 +1030,18 @@ function parserOnIncoming(server, socket, state, req, keepAlive) {
 
   let handled = false;
 
+
   if (req.httpVersionMajor === 1 && req.httpVersionMinor === 1) {
+
+    // From RFC 7230 5.4 https://datatracker.ietf.org/doc/html/rfc7230#section-5.4
+    // A server MUST respond with a 400 (Bad Request) status code to any
+    // HTTP/1.1 request message that lacks a Host header field
+    if (server.requireHostHeader && req.headers.host === undefined) {
+      res.writeHead(400, ['Connection', 'close']);
+      res.end();
+      return 0;
+    }
+
     const isRequestsLimitSet = (
       typeof server.maxRequestsPerSocket === 'number' &&
       server.maxRequestsPerSocket > 0
@@ -1045,7 +1064,6 @@ function parserOnIncoming(server, socket, state, req, keepAlive) {
 
       if (RegExpPrototypeExec(continueExpression, req.headers.expect) !== null) {
         res._expect_continue = true;
-
         if (server.listenerCount('checkContinue') > 0) {
           server.emit('checkContinue', req, res);
         } else {