On 6/22/05, Paul Querna <[EMAIL PROTECTED]> wrote:
> Joe Orton wrote:
>
> >On Wed, Jun 22, 2005 at 03:02:50PM -0500, William Rowe wrote:
> >
> >
> >>Prior to either patch we totally mishandled such requests. So the
> >>only question which remains is; which behavior do we prefer?
> >>As the RFC states this is not acceptable, my gut says reject ANY
> >>request with both C-L and T-E of non-identity.
> >>
> >>
> >
> >I don't see any reason to reject anything, 2616 dictates precisely how
> >to handle requests which are malformed in this way. I do think the
> >check against "identity" is actually redundant, though; not least
> >because the 2616 errata remove all references to the word.
> >
> >I think correct behaviour is to just follow the letter of Section 4.4,
> >point 3, as below:
> >
> > If a message is received with both a
> > Transfer-Encoding header field and a Content-Length header field,
> > the latter MUST be ignored.
> >
> >(and it's also going to be better to check for T-E before C-L since
> >99.99% of requests received are not going to have a T-E header so it'll
> >fall through slightly quicker)
> >
> >
> >
> +1 to the posted patch.
+1 here as well
What about proxy reading from origin server?
Origin server sends this to Apache acting as proxy:
HTTP/1.1 200 OK\r\n
Content-Length: 99\r\n
Transfer-Encoding: chunked\r\n
\r\n
0A\r\n
aaaaaaaaaa\r\n
00\r\n
\r\n
Client receives this:
HTTP/1.1 200 OK
Date: Wed, 22 Jun 2005 23:12:31 GMT
Content-Length: 99
Content-Type: text/plain; charset=ISO-8859-1
aaaaaaaaaa(END)
Add this patch:
Index: modules/proxy/mod_proxy_http.c
===================================================================
--- modules/proxy/mod_proxy_http.c (revision 191655)
+++ modules/proxy/mod_proxy_http.c (working copy)
@@ -1128,7 +1128,17 @@
r->headers_out,
save_table);
}
-
+
+ /* can't have both Content-Length and Transfer-Encoding */
+ if (apr_table_get(r->headers_out, "Transfer-Encoding")
+ && apr_table_get(r->headers_out, "Content-Length")) {
+ /* 2616 section 4.4, point 3: "if both Transfer-Encoding
+ * and Content-Length are received, the latter MUST be
+ * ignored"; so unset it here to prevent any confusion
+ * later. */
+ apr_table_unset(r->headers_out, "Content-Length");
+ }
+
/* strip connection listed hop-by-hop headers from response */
backend->close +=
ap_proxy_liststr(apr_table_get(r->headers_out,
"Connection"),
Client now gets this:
HTTP/1.1 200 OK
Date: Wed, 22 Jun 2005 23:22:19 GMT
Transfer-Encoding: chunked
Content-Type: text/plain; charset=ISO-8859-1
a
aaaaaaaaaa
0
