fn resolve_host(req: &Request, http_host_name: Option<&str>) -> Option<String>Expand description
Resolves the host string to embed in published absolute URLs.
Prefers the operator-configured http_host_name; falls back to the
request’s Host header. Never consults X-Forwarded-*. See the
module-level “Host derivation” notes.
The returned value is parsed through http::uri::Authority before
it is returned, so it is guaranteed to be a syntactically valid
host[:port] per RFC 3986. This is the second layer of defense
against header-smuggling attacks: even if a future change accepts a
malicious value as input, the parser rejects anything containing
characters outside the URI host grammar (notably ", whitespace,
;, etc.) so the value cannot break out of the quoted
resource_metadata="..." parameter in a WWW-Authenticate challenge
or smuggle additional fields into the published resource URL.