Hi, On 8/13/21, Michael McMahon <michael.x.mcma...@oracle.com> wrote: > Hi, > > A question about this issue. Can you explain why the server/proxy is > sending a response body to a HEAD request? > > My reading of the RFCs suggests this is not allowed.
Thanks for your comment and sorry for the late reply. To put aside the question about the support for non-compliant proxy servers, consider the scenario with HTTPS tunneling where proxy server never sees the HEAD request (it receives CONNECT). Please see the following abridged interaction where HEAD request is initiated from java code to HTTPS host some.hostname.com with proxy enabled: Transmission Control Protocol, Src Port: 53335, Dst Port: 8080, Seq: 1, Ack: 1, Len: 185 Hypertext Transfer Protocol CONNECT some.hostname.com:443 HTTP/1.1\r\n User-Agent: Java/1.8.0_302\r\n Host: some.hostname.com\r\n Proxy-Connection: keep-alive\r\n \r\n Transmission Control Protocol, Src Port: 8080, Dst Port: 53335, Seq: 7245, Ack: 186, Len: 413 Hypertext Transfer Protocol HTTP/1.1 407 Proxy Authentication Required\r\n Proxy-Authenticate: NTLM\r\n Proxy-Connection: close\r\n Connection: close\r\n Content-Length: 7384\r\n \r\n File Data: 7384 bytes Line-based text data: text/html (39 lines) <HTML><HEAD>\r\n [...] Transmission Control Protocol, Src Port: 53336, Dst Port: 8080, Seq: 1, Ack: 1, Len: 281 Hypertext Transfer Protocol CONNECT some.hostname.com:443 HTTP/1.1\r\n User-Agent: Java/1.8.0_302\r\n Host: some.hostname.com\r\n Proxy-Connection: keep-alive\r\n Proxy-authorization: NTLM TlRM[...]\r\n \r\n Transmission Control Protocol, Src Port: 8080, Dst Port: 53336, Seq: 7245, Ack: 282, Len: 690 Hypertext Transfer Protocol HTTP/1.1 407 Proxy Authentication Required\r\n Proxy-Authenticate: NTLM TlRM[...]\r\n Proxy-Connection: Keep-Alive\r\n Connection: Keep-Alive\r\n Content-Length: 7401\r\n \r\n File Data: 7401 bytes Line-based text data: text/html (39 lines) <HTML><HEAD>\r\n [...] Transmission Control Protocol, Src Port: 53336, Dst Port: 8080, Seq: 282, Ack: 7935, Len: 781 Hypertext Transfer Protocol CONNECT some.hostname.com:443 HTTP/1.1\r\n User-Agent: Java/1.8.0_302\r\n Host: some.hostname.com\r\n Proxy-Connection: keep-alive\r\n Proxy-authorization: NTLM TlRML[...]\r\n \r\n Transmission Control Protocol, Src Port: 8080, Dst Port: 53336, Seq: 7935, Ack: 1063, Len: 39 Hypertext Transfer Protocol HTTP/1.1 200 Connection established\r\n \r\n In this case the response code from "200 Connection established" response cannot be read by jdk because response body from the last CONNECT response was not fully read from the socket, jdk master will fail with the following trace: java.util.NoSuchElementException at java.base/java.util.StringTokenizer.nextToken(StringTokenizer.java:347) at java.base/sun.net.www.protocol.http.HttpURLConnection.doTunneling0(HttpURLConnection.java:2191) [...] This can be reproduced running NTLMHeadTest.java with TUNNEL argument. SERVER and PROXY modes were added to the test for completeness, it may be better to remove them. > > [...] > >> PR: https://git.openjdk.java.net/jdk/pull/4753 > -- -Alex