Return-Path: 
 <dev-return-43493-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: (qmail 7928 invoked from network); 7 Aug 2004 22:36:38 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 7 Aug 2004 22:36:38 -0000
Received: (qmail 34092 invoked by uid 500); 7 Aug 2004 22:36:32 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 34060 invoked by uid 500); 7 Aug 2004 22:36:32 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
list-post: <mailto:dev@httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 34045 invoked by uid 99); 7 Aug 2004 22:36:32 -0000
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=FORGED_RCVD_HELO
X-Spam-Check-By: apache.org
Received: from [64.235.234.122] (HELO scorpio.lunarpages.com) (64.235.234.122)
  by apache.org (qpsmtpd/0.27.1) with ESMTP; Sat, 07 Aug 2004 15:36:31 -0700
Received: from ip68-4-71-218.oc.oc.cox.net ([68.4.71.218] helo=gbiv.com)
	by scorpio.lunarpages.com with asmtp (SSLv3:DES-CBC3-SHA:168)
	(Exim 4.34)
	id 1BtZni-00008f-PP
	for dev@httpd.apache.org; Sat, 07 Aug 2004 15:36:30 -0700
Date: Sat, 7 Aug 2004 15:36:33 -0700
Subject: Re: POST without Content-Length
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v553)
From: Roy T. Fielding <fielding@gbiv.com>
To: dev@httpd.apache.org
Content-Transfer-Encoding: 7bit
In-Reply-To: <20040808002223.505ada33@parker>
Message-Id: <3BD1795D-E8C2-11D8-A007-000393753936@gbiv.com>
X-Mailer: Apple Mail (2.553)
X-AntiAbuse: This header was added to track abuse,
 please include it with any abuse report
X-AntiAbuse: Primary Hostname - scorpio.lunarpages.com
X-AntiAbuse: Original Domain - httpd.apache.org
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - gbiv.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 
X-Virus-Checked: Checked
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

>> CGI would happen after mod_deflate.  If mod_deflate changes the 
>> request
>> body without also (un)setting content-length, then it is broken.
>
> Huh? Input filters are pulled, so they run *after* the handler has been
> started. And - CONTENT_LENGTH (if any - It's unset for chunked as 
> well) still
> reflects the Content-Length sent by the client. So the current 
> behaviour is
> correct in all cases.

No, it is broken in all cases.  CGI scripts cannot handle chunked input
and they cannot handle bodies without content-length -- that is how the
interface was designed.  You would have to define a CGI+ interface to
get some other behavior.

> A CGI script therefore should never trust Content-Length, but just read
> stdin until it meets an EOF.

We cannot redefine CGI.  It is a legacy crap interface.  Input filters
either have to be disabled for CGI or replaced with a buffering system
that takes HTTP/1.1 in and supplies CGI with the correct metadata and 
body.

....Roy