Closed Jamie-Landeg-Jones closed 9 years ago
According to the specs, a POST with no payload is allowed to be made without the Content-Length header (i.e. it defaults to 0)
Could you please give me the exact reference?
This is now being done by the latest version of UCBrowser for Android.
Ah. Thanks for the info.
-- Juliusz
I think Jamie is right. According to the latest specs, for request messages, if no Content-Length and Transfer-Encoding are present, then the message body length is zero (no message body is present).
Apologies for not replying sooner - for some reason, I never received the email notification.
Yeah, ir193 posted the link and section (3.3.3) - (My link was to a draft, and I forgot to include the section, sorry!)
Rfc7230 appears to be trying to close some of the previous ambiguities.In addition to what ir193 has posted above, 3.3.2 says:
A user agent SHOULD send a Content-Length in a request message when
no Transfer-Encoding is sent and the request method defines a meaning
for an enclosed payload body. For example, a Content-Length header
field is normally sent in a POST request even when the value is 0
(indicating an empty payload body).
Though I read the use of SHOULD instead of MUST, and the word 'normally' to mean that the section 3.3.3 described fallback to 'no Content-Length = no body' as opposed to 'no Content Length = error 400' should also be honoured.
Cheers!
Applied, thanks.
According to the specs, a POST with no payload is allowed to be made without the Content-Length header (i.e. it defaults to 0)
This is now being done by the latest version of UCBrowser for Android.
POSTS without data are often ways to ensure links are not actuated maliciously with inline code.
For example, the forum voting here: http://forums.theregister.co.uk/forum/3/2014/07/29/feature_spectral_approach_to_scottish_independence/
Using Polipo, the above now fails with a lack of content-length warning.
Simple fix:
Ref: http://tools.ietf.org:80/html/draft-ietf-httpbis-p1-messaging-20
Cheers, Jamie