Hi, I saw that too. But if you take that stance, if you change the test to send more than one request per connection it will now fail. I think the refreshed rfcs are impossible to implement and it’s an oversight.
> On Jan 6, 2025, at 12:25 AM, Jaikiran Pai <jai.forums2...@gmail.com> wrote: > > I've now raised a PR to address the test issue. As for the following part: > >> On 03/01/25 9:11 pm, robert engels wrote: >> ... >> >> sends an invalid http request according to the specification here >> https://datatracker.ietf.org/doc/html/rfc2616#section-4.4 >> >> specifically "When a Content-Length is given in a message where a >> message-body is >> allowed, its field value MUST exactly match the number of OCTETs in >> the message-body. HTTP/1.1 user agents MUST notify the user when an >> invalid length is received and detected." >> >> ... >> >> It currently passes, only because the server is not fully implementing the >> http specification. > > I read that section again today and (like you note) it states that "HTTP/1.1 > user agents MUST notify the user when an invalid length is received and > detected." However, RFC-2616 (the one quoted above) is obsoleted by > RFC-9110. RFC-9110 no longer has that above sentence for the Content-Length > semantics in section 8.6 > (https://www.rfc-editor.org/rfc/rfc9110#name-content-length). Furthermore, > RFC-9110 section 3.5 > (https://www.rfc-editor.org/rfc/rfc9110#name-user-agents), defines an user > agent as: > > "The term "user agent" refers to any of the various client programs that > initiate a request." > > So, given all this, I don't think the JDK's current implementation of the > HttpServer is in violation of the RFC. > > -Jaikiran > > >
