httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Malo ...@perlig.de>
Subject Re: POST without Content-Length
Date Sat, 07 Aug 2004 22:22:23 GMT
* Roy T. Fielding <fielding@gbiv.com> wrote:

> On Saturday, August 7, 2004, at 01:17  PM, André Malo wrote:
> 
> > * Nick Kew <nick@webthing.com> wrote:
> >
> >> It occurs to me that a similar situation arises with CGI and chunked
> >> input.  The CGI spec guarantees a content-length header,
> >
> > ah, no.
> >
> > | * CONTENT_LENGTH
> > |
> > | The length of the said content as given by the client.
> >
> > That's rather, *if* the client says something about the length, then
> > CONTENT_LENGTH tells about it. One should not trust it anyway, since 
> > inflating
> > compressed content with mod_deflate (for example), changes the length, 
> > but
> > neither changes the Header nor the environment variable.
> 
> CGI would happen after mod_deflate.  If mod_deflate changes the request
> body without also (un)setting content-length, then it is broken.  

Huh? Input filters are pulled, so they run *after* the handler has been
started. And - CONTENT_LENGTH (if any - It's unset for chunked as well) still
reflects the Content-Length sent by the client. So the current behaviour is
correct in all cases.

A CGI script therefore should never trust Content-Length, but just read
stdin until it meets an EOF.

> However,
> I suspect you are thinking of a response body, not the request.

No.

nd
-- 
package Hacker::Perl::Another::Just;print
qq~@{[reverse split/::/ =>__PACKAGE__]}~;

#  André Malo  #  http://www.perlig.de  #

Mime
View raw message