> + Status: rbb committed a fix to http_protocol.c, but we still need > to > + figure out what to do with ap_discard_request_body. > Should > + we still rearrange it like the patches below have it? > Or, > + can we remove all callers of ap_discard_request_body and > + only do it in ap_finalize_request_protocol? (rbb hinted > that > + we can't do it in ap_finalize_request_protocol because of > + potential 413 errors which would be detected too late.) > For the core and various modules: > <[EMAIL PROTECTED]> > For mod_dav:
To explain in detail. I did this work yesterday, but when I ran the test suite, the limits tests all failed. Why, because we didn't run ap_discard_request_body until after the response had been sent, which means that we didn't notice that we had been sent too much data until it was too late to respond with an error. All calls to ap_discard_request_body that don't use the return code can be removed (I got too busy to do that yesterday, but I'll do it today). For the limits stuff, we need to decide if we want to return 413 if the server doesn't care about the request. For example, default_handler always just discards the request body, so is it an error if the user sends 100 Meg of data with a request that is just going to ignore it? Probably, and if that is the case, then ap_discard_request_body has to stay in all of the handlers. Ryan
