[HTTP server] Should :authority be higher on the list than Host?

[mateuszrzeszutek]

The current spec says:

HTTP server instrumentations SHOULD do the best effort when populating server.address and server.port attributes and SHOULD determine them by using the first of the following that applies:

• The original host which may be passed by the reverse proxy in the [Forwarded#host][Forwarded], [X-Forwarded-Host][X-Forwarded-Host], or a similar header.
• The [Host][Host header] header.
• The [:authority][HTTP/2 authority] pseudo-header in case of HTTP/2 or HTTP/3

However, the RFC says something different:

The ":authority" pseudo-header field conveys the authority portion (Section 3.2 of [RFC3986]) of the target URI (Section 7.1 of [HTTP]). The recipient of an HTTP/2 request MUST NOT use the Host header field to determine the target URI if ":authority" is present.

To me it sounds that when an HTTP 2.0 server receives an incoming request, the :authority header has higher priority than Host.

[lmolkova]

I put it after Host because from RFC9113 they SHOULD be the same and the order does not matter.

A server SHOULD treat a request as malformed if it contains a Host header field that identifies an entity that differs from the entity in the ":authority" pseudo-header field.

So I'm totally open to changing the order if it feels better.