Add support for overriding connect address

[lann]

This is primarily useful in testing or private networking scenarios where the client wants to nominally connect to a host but use a different address than DNS would resolve, e.g.:

• An override is configured for api.example.com -> test-api.example.com
• Guest makes a request to https://api.example.com
• TCP connection is established to test-api.example.com
• TLS establishment uses api.example.com as the server name
• HTTP Host header is api.example.com

This effect is sometimes achieved instead by overriding the HTTP Host header, but this will typically cause server certificate validation to fail which then requires separate TLS config changes (often just e.g. --insecure).

I see two (not necessarily exclusive) approaches:

Override in runtime config

Something like:

[outbound_networking.hosts."api.example.com"]
override_resolution = "test-api.example.com"

This would be relatively straightforward to implement and would cover many use cases but might not work well where more dynamic configuration is needed.

Override in the guest

I think the most "component-y" way to implement this would be with a new WIT interface(s) that would be sort of "extension(s)" to WASI:

package spin:wasi-extensions;

interface http-extensions {
  use wasi:http/types@0.3.0-rc-2026-03-15.{request};

  set-connect-host(request: borrow<request>, connect-host: string) -> result<_, some-error>;
}

The connect-host would need to be covered by an allowed_outbound_hosts entry or some new manifest (allowed_host_overrides?) and/or runtime config allowlist mechanism.

[itowlson]

I recall in an earlier discussion of this, you noted that "override address" would probably require "override port" as well, although I forget the context - perhaps this is a more limited scenario?

It seems like the use cases would drive whether to prioritise runtime config or WASI approaches. WASI seems like it would fit where the override is part of application logic, where you want it to be available through to production (and the alternate hosts to be allowed from production), and controllable via code. Runtime config would fit with cases where it's more environmental, e.g. my local dev doesn't have access to the real bank database, so I need to test with a tragically fake one. But I don't understand the use case enough to have a sense for which scenarios are motivating this.

[lann]

I recall in an earlier discussion of this, you noted that "override address" would probably require "override port" as well, although I forget the context - perhaps this is a more limited scenario?

There are cases where that would be helpful but it would also make things more complicated to implement since you'd have to hook in at a point where the port can be manipulated rather than just DNS resolution. TLS validation doesn't care about ports so the developer can always change the port in the guest code as well.

It seems like the use cases would drive whether to prioritise runtime config or WASI approaches. [...] But I don't understand the use case enough to have a sense for which scenarios are motivating this.

There have been multiple use cases over time and indeed the best approach probably depends on which use cases you prioritize. Broadly I'd say the runtime config approach is friendlier but the guest approach is more usefuler.

Pragmaticially, I think the specific guest approach outlined above might not even be possible without upstream changes in wasmtime-wasi-http, which might answer the question for us at least in the short term...

[lann]

without upstream changes in wasmtime-wasi-http

Just to get this written this down somewhere I might actually find it again some day... this seems workable:

• Add an http::Extensions (or equivalent) field to the wasmtime-wasi-http Request
• The set-connect-host impl would (should) have access to this, so it can insert its data into that field
• In wasmtime-wasi-http implementation of send, move the Extensions into the constructed http::Request
• That should make those Extensions available in spin's impl of send_request 😵‍💫