[jira] [Commented] (TS-2614) Response to invalid Content-Length for POST should be a 400 error
[ https://issues.apache.org/jira/browse/TS-2614?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13949600#comment-13949600 ] ASF GitHub Bot commented on TS-2614: Github user Humbedooh closed the pull request at: https://github.com/apache/trafficserver/pull/55 Response to invalid Content-Length for POST should be a 400 error - Key: TS-2614 URL: https://issues.apache.org/jira/browse/TS-2614 Project: Traffic Server Issue Type: Bug Components: HTTP Reporter: Ron Barber Assignee: James Peach Labels: review Fix For: 5.0.0 Attachments: 0001-TS-2614-Response-to-invalid-Content-Length-for-POST-.patch We have some users attempting to POST where the content length is -1. POST /services/rest HTTP/1.1\r\n Host: api.flickr.com\r\n Accept: */*\r\n Content-Length: -1\r\n Content-Type: application/x-www-form-urlencoded\r\n Expect: 100-continue\r\n ATS goes ahead with this request and connects to the origin and passes the invalid content length. Preferable, and consistent with the spec, ATS should immediately respond to the client with an error. RFC-2616 Section 14.13 says 'Any Content-Length greater than or equal to zero is a valid value.' I interpret that as a negative content length value is invalid. I propose that ATS respond with a '400 Invalid Request' for PUT/POST/PUSH requests when the user provided content-length is less than 0. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TS-2614) Response to invalid Content-Length for POST should be a 400 error
[ https://issues.apache.org/jira/browse/TS-2614?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13948694#comment-13948694 ] ASF GitHub Bot commented on TS-2614: Github user jpeach commented on the pull request: https://github.com/apache/trafficserver/pull/55#issuecomment-38756145 This request was pulled as e5b8b1dbd0694060871c7c45e7b80640e5ac766f. Please verify and close. Thanks! Response to invalid Content-Length for POST should be a 400 error - Key: TS-2614 URL: https://issues.apache.org/jira/browse/TS-2614 Project: Traffic Server Issue Type: Bug Components: HTTP Reporter: Ron Barber Assignee: James Peach Labels: review Fix For: 5.0.0 Attachments: 0001-TS-2614-Response-to-invalid-Content-Length-for-POST-.patch We have some users attempting to POST where the content length is -1. POST /services/rest HTTP/1.1\r\n Host: api.flickr.com\r\n Accept: */*\r\n Content-Length: -1\r\n Content-Type: application/x-www-form-urlencoded\r\n Expect: 100-continue\r\n ATS goes ahead with this request and connects to the origin and passes the invalid content length. Preferable, and consistent with the spec, ATS should immediately respond to the client with an error. RFC-2616 Section 14.13 says 'Any Content-Length greater than or equal to zero is a valid value.' I interpret that as a negative content length value is invalid. I propose that ATS respond with a '400 Invalid Request' for PUT/POST/PUSH requests when the user provided content-length is less than 0. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TS-2614) Response to invalid Content-Length for POST should be a 400 error
[ https://issues.apache.org/jira/browse/TS-2614?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13924113#comment-13924113 ] ASF subversion and git services commented on TS-2614: - Commit e5b8b1dbd0694060871c7c45e7b80640e5ac766f in trafficserver's branch refs/heads/master from [~rwbarber2] [ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=e5b8b1d ] TS-2614: response to invalid Content-Length for POST should be a 400 error Response to invalid Content-Length for POST should be a 400 error - Key: TS-2614 URL: https://issues.apache.org/jira/browse/TS-2614 Project: Traffic Server Issue Type: Bug Components: HTTP Reporter: Ron Barber Labels: review Fix For: 5.0.0 Attachments: 0001-TS-2614-Response-to-invalid-Content-Length-for-POST-.patch We have some users attempting to POST where the content length is -1. POST /services/rest HTTP/1.1\r\n Host: api.flickr.com\r\n Accept: */*\r\n Content-Length: -1\r\n Content-Type: application/x-www-form-urlencoded\r\n Expect: 100-continue\r\n ATS goes ahead with this request and connects to the origin and passes the invalid content length. Preferable, and consistent with the spec, ATS should immediately respond to the client with an error. RFC-2616 Section 14.13 says 'Any Content-Length greater than or equal to zero is a valid value.' I interpret that as a negative content length value is invalid. I propose that ATS respond with a '400 Invalid Request' for PUT/POST/PUSH requests when the user provided content-length is less than 0. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TS-2614) Response to invalid Content-Length for POST should be a 400 error
[ https://issues.apache.org/jira/browse/TS-2614?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13924119#comment-13924119 ] James Peach commented on TS-2614: - Thanks [~rwbarber2] and [~hua zhang] Response to invalid Content-Length for POST should be a 400 error - Key: TS-2614 URL: https://issues.apache.org/jira/browse/TS-2614 Project: Traffic Server Issue Type: Bug Components: HTTP Reporter: Ron Barber Assignee: James Peach Labels: review Fix For: 5.0.0 Attachments: 0001-TS-2614-Response-to-invalid-Content-Length-for-POST-.patch We have some users attempting to POST where the content length is -1. POST /services/rest HTTP/1.1\r\n Host: api.flickr.com\r\n Accept: */*\r\n Content-Length: -1\r\n Content-Type: application/x-www-form-urlencoded\r\n Expect: 100-continue\r\n ATS goes ahead with this request and connects to the origin and passes the invalid content length. Preferable, and consistent with the spec, ATS should immediately respond to the client with an error. RFC-2616 Section 14.13 says 'Any Content-Length greater than or equal to zero is a valid value.' I interpret that as a negative content length value is invalid. I propose that ATS respond with a '400 Invalid Request' for PUT/POST/PUSH requests when the user provided content-length is less than 0. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TS-2614) Response to invalid Content-Length for POST should be a 400 error
[ https://issues.apache.org/jira/browse/TS-2614?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13922848#comment-13922848 ] Ron Barber commented on TS-2614: [~hua zhang] Your patch looks pretty good except its missing the new body_factory response and it uses 's-method', I think, before it's initialized..plus you don't have any regressions ;) My change (pull request) is similar to yours but has the above mentioned issues resolved.. Response to invalid Content-Length for POST should be a 400 error - Key: TS-2614 URL: https://issues.apache.org/jira/browse/TS-2614 Project: Traffic Server Issue Type: Bug Components: HTTP Reporter: Ron Barber Labels: review Fix For: 5.0.0 Attachments: 0001-TS-2614-Response-to-invalid-Content-Length-for-POST-.patch We have some users attempting to POST where the content length is -1. POST /services/rest HTTP/1.1\r\n Host: api.flickr.com\r\n Accept: */*\r\n Content-Length: -1\r\n Content-Type: application/x-www-form-urlencoded\r\n Expect: 100-continue\r\n ATS goes ahead with this request and connects to the origin and passes the invalid content length. Preferable, and consistent with the spec, ATS should immediately respond to the client with an error. RFC-2616 Section 14.13 says 'Any Content-Length greater than or equal to zero is a valid value.' I interpret that as a negative content length value is invalid. I propose that ATS respond with a '400 Invalid Request' for PUT/POST/PUSH requests when the user provided content-length is less than 0. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TS-2614) Response to invalid Content-Length for POST should be a 400 error
[ https://issues.apache.org/jira/browse/TS-2614?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13922838#comment-13922838 ] ASF GitHub Bot commented on TS-2614: GitHub user rwbarber2 opened a pull request: https://github.com/apache/trafficserver/pull/55 TS-2614 - Response to invalid Content-Length for POST should be a 400 er... ...ror Responds w/HTTP 400 Invalid Request when content length is 0 Created new body_factory response for when Content-Length header is 0 Created some regression tests You can merge this pull request into a Git repository by running: $ git pull https://github.com/rwbarber2/trafficserver issues/TS-2614 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/trafficserver/pull/55.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #55 commit 582887d1c526b02fd47fcee7dc8bae0cebe7f260 Author: Ron Barber rbar...@yahoo-inc.com Date: 2014-03-06T18:16:58Z TS-2614 - Response to invalid Content-Length for POST should be a 400 error Response to invalid Content-Length for POST should be a 400 error - Key: TS-2614 URL: https://issues.apache.org/jira/browse/TS-2614 Project: Traffic Server Issue Type: Bug Components: HTTP Reporter: Ron Barber Labels: review Fix For: 5.0.0 Attachments: 0001-TS-2614-Response-to-invalid-Content-Length-for-POST-.patch We have some users attempting to POST where the content length is -1. POST /services/rest HTTP/1.1\r\n Host: api.flickr.com\r\n Accept: */*\r\n Content-Length: -1\r\n Content-Type: application/x-www-form-urlencoded\r\n Expect: 100-continue\r\n ATS goes ahead with this request and connects to the origin and passes the invalid content length. Preferable, and consistent with the spec, ATS should immediately respond to the client with an error. RFC-2616 Section 14.13 says 'Any Content-Length greater than or equal to zero is a valid value.' I interpret that as a negative content length value is invalid. I propose that ATS respond with a '400 Invalid Request' for PUT/POST/PUSH requests when the user provided content-length is less than 0. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Commented] (TS-2614) Response to invalid Content-Length for POST should be a 400 error
[ https://issues.apache.org/jira/browse/TS-2614?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13923475#comment-13923475 ] sherlockhua commented on TS-2614: - Ron Barber, good job! Response to invalid Content-Length for POST should be a 400 error - Key: TS-2614 URL: https://issues.apache.org/jira/browse/TS-2614 Project: Traffic Server Issue Type: Bug Components: HTTP Reporter: Ron Barber Labels: review Fix For: 5.0.0 Attachments: 0001-TS-2614-Response-to-invalid-Content-Length-for-POST-.patch We have some users attempting to POST where the content length is -1. POST /services/rest HTTP/1.1\r\n Host: api.flickr.com\r\n Accept: */*\r\n Content-Length: -1\r\n Content-Type: application/x-www-form-urlencoded\r\n Expect: 100-continue\r\n ATS goes ahead with this request and connects to the origin and passes the invalid content length. Preferable, and consistent with the spec, ATS should immediately respond to the client with an error. RFC-2616 Section 14.13 says 'Any Content-Length greater than or equal to zero is a valid value.' I interpret that as a negative content length value is invalid. I propose that ATS respond with a '400 Invalid Request' for PUT/POST/PUSH requests when the user provided content-length is less than 0. -- This message was sent by Atlassian JIRA (v6.2#6252)