httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: POST without Content-Length
Date Sat, 07 Aug 2004 19:38:19 GMT
On Sat, 7 Aug 2004, Jan Kratochvil wrote:

> Hi,
>
> Thanks for the great support - httpd-2.0 HEAD 2004-08-07 really fixes it.
> It even provides env variable "proxy-sendchunks" to select between compatible
> "Content-Length" (default) and performance-wise "chunked".

Sounds pretty complete to me.  Of course you'd need to stick to C-L unless
you *know* the backend accepts chunks.

It occurs to me that a similar situation arises with CGI and chunked
input.  The CGI spec guarantees a content-length header, so presumably(?)
the code for dealing with that is already there somewhere, and will figure
in the AP_CHUNKED_DECHUNK option to the old handler-read functions.

> > We have a lot of proxy updates in 2.1, which are presumably getting
> > test-driven over time.  How would one go about proposing a wholesale
> > backport?
>
> FYI Fedora Core 2 httpd already backports httpd-2.1 version of proxy_http.c
> although it was not so new snapshot to include resolving of my issues.
> Current CVS snapshot I Bugzilled them as
> 	https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=129391
>
> FYI backport of current mod_proxy is technically trivia - just copying raw
> 	mod_proxy.c
> 	mod_proxy.h
> 	proxy_http.c

It would also need proxy_util.c.  Not sure about ftp or connect.

> although it brings new domain-remapping functionality there.

Indeed.

> Although the proxy is OK now there still remains one problem:
>
> I think HTTP server MUST accept the request:
> 	POST ... HTTP/1.0 or HTTP/1.1
> 	[ no Content-Length ]
> 	[ no Transfer-Encoding ]
> 	Connection: close [ or even no Connection header at all]
> 	\r\n
> 	DATA
>
> according to RFC2616 section 4.4. Even httpd-2.1/CVS just assumes empty body.
> squid up to squid/2.5.STABLE5 at least responds by "411 Length Required".

Surely that only applies if the server can infer there's a request body.
How does it do that with neither C-L nor T-E to indicate a body?

If we could infer a body in such a case, then AIUI the following applies:
	"If a
   request contains a message-body and a Content-Length is not given,
   the server SHOULD respond with 400 (bad request) if it cannot
   determine the length of the message, or with 411 (length required) if
   it wishes to insist on receiving a valid Content-Length."

Maybe we should infer a body (and hence apply the above logic) in any
POST or PUT request?  If we do that, it begs the question of how to treat
unknown HTTP/extension methods (cf DAV), and suggests perhaps
RequireRequestBody should be made a configuration directive.

-- 
Nick Kew

Mime
View raw message