Re: [Django] #35051: HEAD Responses Drop Headers

[Django]

#35051: HEAD Responses Drop Headers
---------------------------------+------------------------------------
     Reporter:  Paul Bailey      |                    Owner:  nobody
         Type:  Bug              |                   Status:  new
    Component:  Uncategorized    |                  Version:  5.0
     Severity:  Release blocker  |               Resolution:
     Keywords:                   |             Triage Stage:  Accepted
    Has patch:  0                |      Needs documentation:  0
  Needs tests:  0                |  Patch needs improvement:  0
Easy pickings:  0                |                    UI/UX:  0
---------------------------------+------------------------------------
Changes (by Natalia Bidart):

 * cc: Sarah Boyce, Jannik Schürg (added)
 * severity:  Normal => Release blocker
 * stage:  Unreviewed => Accepted


Comment:

 I did some research on the topic and from [https://www.rfc-
 editor.org/rfc/rfc9110.html#name-content-length the corresponding RFC] it
 seems that this report is valid and should be accepted:

 > A server MAY send a Content-Length header field in a response to a HEAD
 request (Section 9.3.2); a server MUST NOT send Content-Length in such a
 response unless its field value equals the decimal number of octets that
 would have been sent in the content of a response if the same request had
 used the GET method.

 The removal of the `Content-Length` seems to be located in this code:
 {{{#!diff
 diff --git a/django/core/servers/basehttp.py
 b/django/core/servers/basehttp.py
 index 6afe17cec4..e327974708 100644
 --- a/django/core/servers/basehttp.py
 +++ b/django/core/servers/basehttp.py
 @@ -131,11 +131,6 @@ class ServerHandler(simple_server.ServerHandler):

      def cleanup_headers(self):
          super().cleanup_headers()
 -        if (
 -            self.environ["REQUEST_METHOD"] == "HEAD"
 -            and "Content-Length" in self.headers
 -        ):
 -            del self.headers["Content-Length"]
          # HTTP/1.1 requires support for persistent connections. Send
 'close' if
          # the content length is unknown to prevent clients from reusing
 the
          # connection.
 }}}

 This code was added while fixing ticket #28054, and while it's correct not
 to return the body of the response, it seems that the `Content-Length`
 should be kept.

 Regression in 8acc433e415cd771f69dfe84e57878a83641e78b

-- 
Ticket URL: <https://code.djangoproject.com/ticket/35051#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/0107018c83ea2be6-1b67a3bd-d49d-4f15-8246-a114d3a2e53a-000000%40eu-central-1.amazonses.com.