Closed ekzyis closed 10 months ago
I investigated this, and confirmed that the Ktor library does indeed send "Content-Length: 0" for GET requests.
I also figured out how to remove it. But removing that header wasn't easy or straight-forward. One has to use a custom plugin, and understand the internals of Ktor. In other words, it's basically undocumented.
A user agent SHOULD NOT send a Content-Length header field when the request message does not contain content and the method semantics do not anticipate such data.
I think this confirms that Ktor shouldn't be sending that header (at least not when method == GET && body.length == 0
).
However "SHOULD NOT" is not the same as "MUST NOT". So if we follow the robustness principle:
be conservative in what you send, be liberal in what you accept
then we'd probably conclude that:
I think you already submitted an issue to NextJS ?
And I submitted an issue to Ktor: KTOR-6508
However "SHOULD NOT" is not the same as "MUST NOT". So if we follow the robustness principle:
be conservative in what you send, be liberal in what you accept then we'd probably conclude that:
- the default server setup you're using is overly strict
- Ktor should not be sending that header value by default
yes, that makes sense, we fixed it on our side by removing the Content-length
header on the login route in nginx :)
I think you already submitted an issue to NextJS ?
Looks like we did not! That was an oversight on our part. Will create one now
Update: Other people already reported similar problems and in a comment, someone mentioned this Content-length: 0
problem. So I think they are already aware.
Hi, we've noticed that Phoenix sets the
Content-Length
header to 0 for the GET request to the LNURL-auth callback.According to the HTTP spec, GET requests from user agents SHOULD NOT include the
Content-Length
header:-- https://www.rfc-editor.org/rfc/rfc9110#field.content-length
See https://github.com/stackernews/stacker.news/issues/407 for more details.