Closed donavon closed 3 years ago
panva
commented
3 years ago Hi @donavon
I think you should look into why you're receiving HEAD requests on callback paths in the first place. Any browser redirects will end up with a GET, form_post will end up with a POST. Those are handled.
donavon
commented
3 years ago It doesn't matter why. This is a bug.
The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response. The metainformation contained in the HTTP headers in response to a HEAD request SHOULD be identical to the information sent in response to a GET request.
On Chrome/Windows a browser redirect is doing a HEAD. I don't know why, but it is.
panva
commented
3 years ago @donavon
It doesn't matter why. This is a bug.
I'm not convinced that it is, browser redirects are either GET or a POST, in my time i have yet to encounter a browser that would do a HEAD instead which is why it matters why your report is literally the first time i'm encountering something like this.
Would you mind sharing a screenshot of the network tab with the AS redirect?
panva
commented
3 years ago Please let me know if you have found out the why.
http
HEADshould perform the same actions asGET, but not return a body. This fix will return the same headers.Chrome (especially on Windows) is seen hitting our server logs against
HEAD /loginand this is causing an "invalid IncomingMessage method" error. This PR fixes the problem.