Return-Path: Delivered-To: apmail-httpd-modules-dev-archive@locus.apache.org Received: (qmail 36045 invoked from network); 31 Jan 2008 04:11:28 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 31 Jan 2008 04:11:28 -0000 Received: (qmail 96308 invoked by uid 500); 31 Jan 2008 04:11:19 -0000 Delivered-To: apmail-httpd-modules-dev-archive@httpd.apache.org Received: (qmail 96275 invoked by uid 500); 31 Jan 2008 04:11:19 -0000 Mailing-List: contact modules-dev-help@httpd.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: modules-dev@httpd.apache.org Delivered-To: mailing list modules-dev@httpd.apache.org Received: (qmail 96266 invoked by uid 99); 31 Jan 2008 04:11:18 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Jan 2008 20:11:18 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of brian@briansmith.org designates 216.86.168.179 as permitted sender) Received: from [216.86.168.179] (HELO mxout-04.mxes.net) (216.86.168.179) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 31 Jan 2008 04:11:04 +0000 Received: from T60 (unknown [71.11.170.77]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTP id 50B40D05A1; Wed, 30 Jan 2008 23:10:56 -0500 (EST) From: "Brian Smith" To: Cc: "'Web SIG'" References: <88e286470801291628g6460053ejeed734de499784e9@mail.gmail.com> <003901c863b4$1111ee30$0501a8c0@T60> <88e286470801301922n162b955at431b0354c1a30597@mail.gmail.com> Subject: RE: Reading of input after headers sent and 100-continue. Date: Wed, 30 Jan 2008 20:10:56 -0800 Message-ID: <003b01c863bf$47eff270$0501a8c0@T60> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 In-Reply-To: <88e286470801301922n162b955at431b0354c1a30597@mail.gmail.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 Thread-Index: AchjuJJR8sDV7psDRN2HRPtdLWjTqAAALUsQ X-Virus-Checked: Checked by ClamAV on apache.org Graham Dumpleton wrote: > Effectively, if a 200 response came back, it seems to suggest > that the client still should send the request body, just that > it 'SHOULD NOT wait for an indefinite period'. It doesn't say > explicitly for the client that it shouldn't still send the > request body if another response code comes back. This behavior is to support servers that don't understand the Expect: header. Basically, if the server responds with a 100, the client must send the request body. If the server responds with a 4xx or 5xx, the client must not send the request body. If the server responds with a 2xx or a 3xx, then the client should must send (the rest of) the request body, on the assumption that the server doesn't understand "Expect:". To be completely compliant, a server should always respond with a 100 in front of a 2xx or 3xx, I guess. Thanks for clarifying that for me. I guess the rules make sense after all. > So technically, if the client has to still send the request > content, something could still read it. It would not be ideal > that there is a delay depending on what the client does, but > would still be possible from what I read of this section. You are right. To avoid confusion, you should probably force mod_wsgi to send a 100-continue in front of any 2xx or 3xx response. > It MUST NOT perform the requested method if it returns a final status code. The implication is that the only time it will avoid sending a 100 is when it is sending a 4xx, and it should never perform the requested method if it already said the method failed. The only excuse for not sending a 100 is that you don't know about "Expect: 100-continue". But, that can't be true if you are reading this part of the spec! > """If it responds with a final status > code, it MAY close the transport connection or it MAY continue > to read and discard the rest of the request.""" If the client receives a 2xx or 3xx without a 100 first, it has to send the request body (well, depending on which 3xx it is, that is not true). But, the server doesn't have to read it! But, again, the assumption is that the server will only send a response without a 100 if it is a 4xx or 5xx. > It seems by what you are saying that if 100-continue is > present this wouldn't be allowed, and that to ensure correct > behaviour the handler would have to read at least some of the > request body before sending back the response headers. You are right, I was wrong. > > Since ap_http_filter is an input filter only, it should be > enough to > > just avoid reading from the input brigade. (AFAICT, anyway.) > > In other words block the handler from reading, potentially > raise an error in the process. Except to be fair and > consistent, you would have to apply the same rule even if > 100-continue isn't present. Whether that would break some > existing code in doing that is the concern I have, even if it > is some simple test program that just echos back the request > body as the response body. Technically, even if the server returns a 4xx, it can still read the request body, but it might not get anything or it might only get part of it. I guess, the change to the WSGI spec that is needed is to say that the gateway must not send the "100 continue" if it has already sent some headers, and that it should send a "100 continue" before any 2xx or 3xx code, which is basically what James Knight suggested (sorry James). The gateway must indicate EOF if only a partial request body was received. I don't think the gateway should be required to provide any of the partial request content on a 4xx, though. - Brian