diff --git a/http2/transport.go b/http2/transport.go index 4f08ccba9..da53e83cb 100644 --- a/http2/transport.go +++ b/http2/transport.go @@ -1880,6 +1880,9 @@ func (cc *ClientConn) encodeHeaders(req *http.Request, addGzipHeader bool, trail if err != nil { return nil, err } + if !httpguts.ValidHostHeader(host) { + return nil, errors.New("http2: invalid Host header") + } var path string if req.Method != "CONNECT" {