Ron Barber created TS-2614:
------------------------------
Summary: Response to invalid Content-Length for POST should be a
400 error
Key: TS-2614
URL: https://issues.apache.org/jira/browse/TS-2614
Project: Traffic Server
Issue Type: Bug
Components: HTTP
Reporter: Ron Barber
We have some users attempting to POST where the content length is -1.
POST /services/rest HTTP/1.1\r\n
Host: api.flickr.com\r\n
Accept: */*\r\n
Content-Length: -1\r\n
Content-Type: application/x-www-form-urlencoded\r\n
Expect: 100-continue\r\n
ATS goes ahead with this request and connects to the origin and passes the
invalid content length.
Preferable, and consistent with the spec, ATS should immediately respond to the
client with an error.
RFC-2616 Section 14.13 says 'Any Content-Length greater than or equal to zero
is a valid value.' I interpret that as a negative content length value is
invalid.
I propose that ATS respond with a '400 Invalid Request' for PUT/POST/PUSH
requests when the user provided content-length is less than 0.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
