Ross L Richardson(open...@rlr.id.au) on 2021.10.06 21:48:12 +1100: > Another thing... > > RFC 7231 [HTTP 1.1] states that, for a HEAD request, the server SHOULD > send the same header fields in response to HEAD as it would for GET, > except that payload headers MAY be omitted. Content-Length is such > a header field. > > The CGI on beta.undeadly.org has been modified such that [for some > "action"s only, at this stage] it does not send a body in response to > HEAD requests. We now how: > > #### www.undeadly.org ########## > $ printf "HEAD /cgi?action=front HTTP/1.0\r\nHost: www.undeadly.org\r\n\r\n" \ > | nc -c www.undeadly.org https \ > | head > HTTP/1.0 200 OK > Connection: close > Content-Type: text/html > Date: Wed, 06 Oct 2021 10:24:59 GMT > Server: OpenBSD httpd > Strict-Transport-Security: max-age=31536000; preload > > <!DOCTYPE html> > <html lang="en"> > <head> > > #### beta.undeadly.org ######### > $ printf "HEAD /cgi?action=front HTTP/1.0\r\nHost: beta.undeadly.org\r\n\r\n" > \ > | nc -c beta.undeadly.org https > HTTP/1.0 200 OK > Connection: close > Content-Length: 0 > Content-Type: text/html > Date: Wed, 06 Oct 2021 10:25:01 GMT > Server: OpenBSD httpd > Strict-Transport-Security: max-age=31536000; preload > > So, if the CGI treats HEAD the same way as GET [and returns a body], > httpd does not add a Content-Length header. However, if the CGI behaves > correctly, and does not include the body in the response, httpd _does_ > add a Content-Type header. That's clearly wrong.
Thanks for the update. I glanced a bit at the code in httpd, but have not yet had time to fix it. Want to give it a try? ;) /Benno
