On 6/22/05, Paul Querna <[EMAIL PROTECTED]> wrote: > Joe Orton wrote: > > >On Wed, Jun 22, 2005 at 03:02:50PM -0500, William Rowe wrote: > > > > > >>Prior to either patch we totally mishandled such requests. So the > >>only question which remains is; which behavior do we prefer? > >>As the RFC states this is not acceptable, my gut says reject ANY > >>request with both C-L and T-E of non-identity. > >> > >> > > > >I don't see any reason to reject anything, 2616 dictates precisely how > >to handle requests which are malformed in this way. I do think the > >check against "identity" is actually redundant, though; not least > >because the 2616 errata remove all references to the word. > > > >I think correct behaviour is to just follow the letter of Section 4.4, > >point 3, as below: > > > > If a message is received with both a > > Transfer-Encoding header field and a Content-Length header field, > > the latter MUST be ignored. > > > >(and it's also going to be better to check for T-E before C-L since > >99.99% of requests received are not going to have a T-E header so it'll > >fall through slightly quicker) > > > > > > > +1 to the posted patch.
+1 here as well What about proxy reading from origin server? Origin server sends this to Apache acting as proxy: HTTP/1.1 200 OK\r\n Content-Length: 99\r\n Transfer-Encoding: chunked\r\n \r\n 0A\r\n aaaaaaaaaa\r\n 00\r\n \r\n Client receives this: HTTP/1.1 200 OK Date: Wed, 22 Jun 2005 23:12:31 GMT Content-Length: 99 Content-Type: text/plain; charset=ISO-8859-1 aaaaaaaaaa(END) Add this patch: Index: modules/proxy/mod_proxy_http.c =================================================================== --- modules/proxy/mod_proxy_http.c (revision 191655) +++ modules/proxy/mod_proxy_http.c (working copy) @@ -1128,7 +1128,17 @@ r->headers_out, save_table); } - + + /* can't have both Content-Length and Transfer-Encoding */ + if (apr_table_get(r->headers_out, "Transfer-Encoding") + && apr_table_get(r->headers_out, "Content-Length")) { + /* 2616 section 4.4, point 3: "if both Transfer-Encoding + * and Content-Length are received, the latter MUST be + * ignored"; so unset it here to prevent any confusion + * later. */ + apr_table_unset(r->headers_out, "Content-Length"); + } + /* strip connection listed hop-by-hop headers from response */ backend->close += ap_proxy_liststr(apr_table_get(r->headers_out, "Connection"), Client now gets this: HTTP/1.1 200 OK Date: Wed, 22 Jun 2005 23:22:19 GMT Transfer-Encoding: chunked Content-Type: text/plain; charset=ISO-8859-1 a aaaaaaaaaa 0