2.2.3. Authority
2.2.3. Authority
The @authority derived component refers to the authority component of the target URI of the HTTP request message, as defined in [HTTP], Section 7.2. In HTTP/1.1, this is usually conveyed using the Host header field, while in HTTP/2 and HTTP/3 it is conveyed using the :authority pseudo-header. The value is the fully qualified authority component of the request, comprised of the host and, optionally, port of the request target, as a string. The component value MUST be normalized according to the rules provided in [HTTP], Section 4.2.3. Namely, the hostname is normalized to lowercase, and the default port is omitted.
For example, the following request message:
POST /path?param=value HTTP/1.1 Host: www.example.com
would result in the following @authority component value:
and the following signature base line:
"@authority": www.example.com
The @authority derived component SHOULD be used instead of signing the Host header field directly. See Section 7.2.4.