[jira] [Commented] (TS-2902) Allow POST requests without a Content-Length header

Fri, 15 Aug 2014 02:37:53 -0700 

    [ 
https://issues.apache.org/jira/browse/TS-2902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14098383#comment-14098383
 ] 

Feifei Cai commented on TS-2902:
--------------------------------

If server only handles HTTP/1.0 requests, the user agent MUST send a valid 
"Content-Length" header, as specified in RFC7230; if server handles HTTP/1.1 
(or later) requests, the "Content-Length" header is no longer a MUST, because 
HTTP/1.1 introduced "Transfer-Encoding". For HTTP/1.1 requests, if both these 
two headers are not included, server also should response 400/411.
[http://tools.ietf.org/html/rfc7230#section-3.3]
{quote}
The presence of a message body in a request is signaled by a
   Content-Length or Transfer-Encoding header field.
{quote}
We can add a configuration option for this change, and disable it by default, 
not breaking other use cases. However, I hope to be conservative and keep the 
handle logic align with RFC. Maybe I still have some misunderstanding with 
RFC7230, so I wish we can discuss this more clear before we start to patch it 
to ATS.

> Allow POST requests without a Content-Length header
> ---------------------------------------------------
>
>                 Key: TS-2902
>                 URL: https://issues.apache.org/jira/browse/TS-2902
>             Project: Traffic Server
>          Issue Type: Improvement
>            Reporter: Masakazu Kitajo
>            Assignee: Bryan Call
>              Labels: review
>             Fix For: 5.1.0
>
>         Attachments: make_it_configuarable.patch
>
>
> I get "*400* Content Length Required" when user agents send a POST request 
> that doesn't contain any body data without a Content-Length header.
> (The header is omitted because the length is zero, I think)
> According to RFC2730 Section 3.3.2, presence of Content-Length is not MUST.
> http://tools.ietf.org/html/rfc7230#section-3.3.2
> {quote}
> A user agent SHOULD send a Content-Length in a request message when
>    no Transfer-Encoding is sent and the request method defines a meaning
>    for an enclosed payload body.
> {quote}
> Also according to section 3.3.3,  a server are allowed to reject similar 
> request with 411 Length Required, but not *400*.
> http://tools.ietf.org/html/rfc7230#section-3.3.2
> {quote}
>   A server MAY reject a request that contains a message body but not a
>    Content-Length by responding with 411 (Length Required).
> {quote}
> Traffic Server should accept the requests, no body data without 
> Content-Length header, or reject it with *411*. I think the former one is 
> better for interoperability.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to