[Django] #28081: django.test.client:conditional_content_removal() is not compliant with RFC7230

[Django]

#28081: django.test.client:conditional_content_removal() is not compliant with
RFC7230
---------------------------------------------+------------------------
               Reporter:  Ed Morley          |          Owner:  nobody
                   Type:  Bug                |         Status:  new
              Component:  Testing framework  |        Version:  master
               Severity:  Normal             |       Keywords:
           Triage Stage:  Unreviewed         |      Has patch:  0
    Needs documentation:  0                  |    Needs tests:  0
Patch needs improvement:  0                  |  Easy pickings:  0
                  UI/UX:  0                  |
---------------------------------------------+------------------------
 [https://tools.ietf.org/html/rfc7230#section-3.3.2 RFC7230 section 3.3.2]
 says:
 > A server MAY send a Content-Length header field in a 304 (Not Modified)
 response to a conditional GET request (Section 4.1 of [RFC7232]); a server
 MUST NOT send Content-Length in such a response unless its field-value
 equals the decimal number of octets that would have been sent in the
 payload body of a 200 (OK) response to the same request.
 >
 > A server MUST NOT send a Content-Length header field in any response
 with a status code of 1xx (Informational) or 204 (No Content).  A server
 MUST NOT send a Content-Length header field in any 2xx (Successful)
 response to a CONNECT request (Section 4.3.6 of [RFC7231]).

 However `conditional_content_removal()` sets `Content-Type: 0` in these
 cases:
 
https://github.com/django/django/blob/941b8691351d4739cd9391b0a1326abd0b1c29c0/django/test/client.py#L91-L108

 ...which is not compliant with the specification.

 The fix is to not set  `Content-Type` at all in
 `conditional_content_removal()`.

 Note: After #26052 `conditional_content_removal()` is only used by the
 `django.test.client`, though that caused the regression #28054, for which
 the fix will be making runserver use it too.

--
Ticket URL: <https://code.djangoproject.com/ticket/28081>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/051.f4dded684a8d2b6e1661434b5b9c0632%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.