bryancall opened a new issue, #12960: URL: https://github.com/apache/trafficserver/issues/12960
## Summary ATS returns `411 Content Length Required` for a POST request that has neither `Content-Length` nor `Transfer-Encoding` headers. Per RFC 9110 Section 6.4.1, a request with no `Content-Length` and no `Transfer-Encoding` has a message body length of zero — it should not be rejected. ## How to reproduce ```bash curl -v -X POST http://ats-host/some-endpoint ``` ATS responds: ``` HTTP/1.1 411 Content Length Required ``` Adding `Content-Length: 0` makes it work: ```bash curl -v -X POST -H "Content-Length: 0" http://ats-host/some-endpoint ``` ## Expected behavior ATS should accept the request and treat the body length as zero, the same way Nginx and Apache httpd do. ## Context This affects browser `fetch()` calls with `method: "POST"` and no body — browsers send neither `Content-Length` nor `Transfer-Encoding` in this case. Common patterns like snooze/toggle/action endpoints that take no body are broken when proxied through ATS. ## Spec reference RFC 9110 Section 6.4.1: > If a message is received without Transfer-Encoding and with an invalid or missing Content-Length, and the message's semantics could include a payload body, the recipient might still be able to determine the body length by other means [...] A server MAY reject a request that contains a message body but not a Content-Length by responding with 411 (Length Required). The key phrase is "contains a message body" — a POST with no body at all does not contain a message body, so 411 should not apply. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
