[jira] [Commented] (TS-2614) Response to invalid Content-Length for POST should be a 400 error

Thu, 06 Mar 2014 10:25:54 -0800 

    [ 
https://issues.apache.org/jira/browse/TS-2614?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13922838#comment-13922838
 ] 

ASF GitHub Bot commented on TS-2614:
------------------------------------

GitHub user rwbarber2 opened a pull request:

    https://github.com/apache/trafficserver/pull/55

    TS-2614 - Response to invalid Content-Length for POST should be a 400 er...

    ...ror
    
    Responds w/HTTP 400 Invalid Request when content length is < 0
    Created new body_factory response for when Content-Length header is < 0
    Created some regression tests

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/rwbarber2/trafficserver issues/TS-2614

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/trafficserver/pull/55.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #55
    
----
commit 582887d1c526b02fd47fcee7dc8bae0cebe7f260
Author: Ron Barber <rbar...@yahoo-inc.com>
Date:   2014-03-06T18:16:58Z

    TS-2614 - Response to invalid Content-Length for POST should be a 400 error

----


> Response to invalid Content-Length for POST should be a 400 error
> -----------------------------------------------------------------
>
>                 Key: TS-2614
>                 URL: https://issues.apache.org/jira/browse/TS-2614
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: HTTP
>            Reporter: Ron Barber
>              Labels: review
>             Fix For: 5.0.0
>
>         Attachments: 
> 0001-TS-2614-Response-to-invalid-Content-Length-for-POST-.patch
>
>
> We have some users attempting to POST where the content length is -1.
> POST /services/rest HTTP/1.1\r\n
> Host: api.flickr.com\r\n
> Accept: */*\r\n
> Content-Length: -1\r\n
> Content-Type: application/x-www-form-urlencoded\r\n
> Expect: 100-continue\r\n
> ATS goes ahead with this request and connects to the origin and passes the 
> invalid content length.  
> Preferable, and consistent with the spec, ATS should immediately respond to 
> the client with an error.
> RFC-2616 Section 14.13 says 'Any Content-Length greater than or equal to zero 
> is a valid value.'  I interpret that as a negative content length value is 
> invalid.
> I propose that ATS respond with a '400 Invalid Request' for PUT/POST/PUSH 
> requests when the user provided content-length is less than 0.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to