[jira] [Commented] (TS-2902) Allow POST requests without a Content-Length header

Mon, 18 Aug 2014 02:34:47 -0700 

    [ 
https://issues.apache.org/jira/browse/TS-2902?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14100477#comment-14100477
 ] 

Masakazu Kitajo commented on TS-2902:
-------------------------------------

At least, Apache httpd accepts the POST request.

I found this issue when I set up an ATS in front of a working Apache httpd. The 
httpd and an application on it had handle the POST request, but the ATS blocks 
the request, and I confirmed it works fine with the patch I attached.

Technically, this httpd's behavior depends on implementation of modules, so 
some modules would not accept the request. Because ATS (or any proxy) doesn't 
know whether original server accepts the request, ATS should block only if we 
know original server doesn't accept the request, and as you pointed out, 
changing the behavior is aggressive a little, so providing configurable option 
would be reasonable.

> Allow POST requests without a Content-Length header
> ---------------------------------------------------
>
>                 Key: TS-2902
>                 URL: https://issues.apache.org/jira/browse/TS-2902
>             Project: Traffic Server
>          Issue Type: Improvement
>            Reporter: Masakazu Kitajo
>            Assignee: Bryan Call
>              Labels: review
>             Fix For: 5.1.0
>
>         Attachments: make_it_configuarable.patch
>
>
> I get "*400* Content Length Required" when user agents send a POST request 
> that doesn't contain any body data without a Content-Length header.
> (The header is omitted because the length is zero, I think)
> According to RFC2730 Section 3.3.2, presence of Content-Length is not MUST.
> http://tools.ietf.org/html/rfc7230#section-3.3.2
> {quote}
> A user agent SHOULD send a Content-Length in a request message when
>    no Transfer-Encoding is sent and the request method defines a meaning
>    for an enclosed payload body.
> {quote}
> Also according to section 3.3.3,  a server are allowed to reject similar 
> request with 411 Length Required, but not *400*.
> http://tools.ietf.org/html/rfc7230#section-3.3.2
> {quote}
>   A server MAY reject a request that contains a message body but not a
>    Content-Length by responding with 411 (Length Required).
> {quote}
> Traffic Server should accept the requests, no body data without 
> Content-Length header, or reject it with *411*. I think the former one is 
> better for interoperability.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to