content-length header not conform to RFC 7230

erlyaws / yaws

Yaws webserver

https://erlyaws.github.io

BSD 3-Clause "New" or "Revised" License

1.28k stars 267 forks source link

content-length header not conform to RFC 7230 #336

Closed leoliu closed 5 years ago

leoliu commented 6 years ago

https://tools.ietf.org/html/rfc7230#section-3.3.2

A server MUST NOT send a Content-Length header field in any response
   with a status code of 1xx (Informational) or 204 (No Content).  A
   server MUST NOT send a Content-Length header field in any 2xx
   (Successful) response to a CONNECT request (Section 4.3.6 of
   [RFC7231]).

vinoski commented 6 years ago

Do you have test cases that show a problem in this area?

leoliu commented 6 years ago

Good question. Interestingly most web servers seem to misimplement this until someone reported it though I am struggling to find a case where this is an issue.

leoliu commented 6 years ago

The content-length header cannot be corrected from an appmod. For example, I need to serve images files from an appmod and set content-length header to the correct size for a 304 response, but Yaws always override the content-length to 0.

leoliu commented 5 years ago

@vinoski After https://github.com/klacke/yaws/commit/2267f61251b802e58afa8fe1705828350a0d5058 it is still impossible to erase the content_length header for 304 responses from an appmod. "Content-Length: 0" is wrong for 304 responses.

vinoski commented 5 years ago

My apologies, fixed on master.

leoliu commented 5 years ago

Thanks a lot. Using it now.