[ https://issues.apache.org/jira/browse/TS-2902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14098383#comment-14098383 ]
Feifei Cai commented on TS-2902: -------------------------------- If server only handles HTTP/1.0 requests, the user agent MUST send a valid "Content-Length" header, as specified in RFC7230; if server handles HTTP/1.1 (or later) requests, the "Content-Length" header is no longer a MUST, because HTTP/1.1 introduced "Transfer-Encoding". For HTTP/1.1 requests, if both these two headers are not included, server also should response 400/411. [http://tools.ietf.org/html/rfc7230#section-3.3] {quote} The presence of a message body in a request is signaled by a Content-Length or Transfer-Encoding header field. {quote} We can add a configuration option for this change, and disable it by default, not breaking other use cases. However, I hope to be conservative and keep the handle logic align with RFC. Maybe I still have some misunderstanding with RFC7230, so I wish we can discuss this more clear before we start to patch it to ATS. > Allow POST requests without a Content-Length header > --------------------------------------------------- > > Key: TS-2902 > URL: https://issues.apache.org/jira/browse/TS-2902 > Project: Traffic Server > Issue Type: Improvement > Reporter: Masakazu Kitajo > Assignee: Bryan Call > Labels: review > Fix For: 5.1.0 > > Attachments: make_it_configuarable.patch > > > I get "*400* Content Length Required" when user agents send a POST request > that doesn't contain any body data without a Content-Length header. > (The header is omitted because the length is zero, I think) > According to RFC2730 Section 3.3.2, presence of Content-Length is not MUST. > http://tools.ietf.org/html/rfc7230#section-3.3.2 > {quote} > A user agent SHOULD send a Content-Length in a request message when > no Transfer-Encoding is sent and the request method defines a meaning > for an enclosed payload body. > {quote} > Also according to section 3.3.3, a server are allowed to reject similar > request with 411 Length Required, but not *400*. > http://tools.ietf.org/html/rfc7230#section-3.3.2 > {quote} > A server MAY reject a request that contains a message body but not a > Content-Length by responding with 411 (Length Required). > {quote} > Traffic Server should accept the requests, no body data without > Content-Length header, or reject it with *411*. I think the former one is > better for interoperability. -- This message was sent by Atlassian JIRA (v6.2#6252)