[ https://issues.apache.org/jira/browse/TS-2614?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13922838#comment-13922838 ]
ASF GitHub Bot commented on TS-2614: ------------------------------------ GitHub user rwbarber2 opened a pull request: https://github.com/apache/trafficserver/pull/55 TS-2614 - Response to invalid Content-Length for POST should be a 400 er... ...ror Responds w/HTTP 400 Invalid Request when content length is < 0 Created new body_factory response for when Content-Length header is < 0 Created some regression tests You can merge this pull request into a Git repository by running: $ git pull https://github.com/rwbarber2/trafficserver issues/TS-2614 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/trafficserver/pull/55.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #55 ---- commit 582887d1c526b02fd47fcee7dc8bae0cebe7f260 Author: Ron Barber <rbar...@yahoo-inc.com> Date: 2014-03-06T18:16:58Z TS-2614 - Response to invalid Content-Length for POST should be a 400 error ---- > Response to invalid Content-Length for POST should be a 400 error > ----------------------------------------------------------------- > > Key: TS-2614 > URL: https://issues.apache.org/jira/browse/TS-2614 > Project: Traffic Server > Issue Type: Bug > Components: HTTP > Reporter: Ron Barber > Labels: review > Fix For: 5.0.0 > > Attachments: > 0001-TS-2614-Response-to-invalid-Content-Length-for-POST-.patch > > > We have some users attempting to POST where the content length is -1. > POST /services/rest HTTP/1.1\r\n > Host: api.flickr.com\r\n > Accept: */*\r\n > Content-Length: -1\r\n > Content-Type: application/x-www-form-urlencoded\r\n > Expect: 100-continue\r\n > ATS goes ahead with this request and connects to the origin and passes the > invalid content length. > Preferable, and consistent with the spec, ATS should immediately respond to > the client with an error. > RFC-2616 Section 14.13 says 'Any Content-Length greater than or equal to zero > is a valid value.' I interpret that as a negative content length value is > invalid. > I propose that ATS respond with a '400 Invalid Request' for PUT/POST/PUSH > requests when the user provided content-length is less than 0. -- This message was sent by Atlassian JIRA (v6.2#6252)