For static files, if header Content-Length is 0 no HTTP 400 should be returned

rstudio / httpuv

HTTP and WebSocket server package for R

Other

229 stars 86 forks source link

For static files, if header Content-Length is 0 no HTTP 400 should be returned #247

Closed LHaferkamp closed 5 years ago

LHaferkamp commented 5 years ago

As described here: https://stackoverflow.com/a/58541479/2854141 a HTTP 400 is returned when serving static files if header Content-Length:0 is set. This case should be considered as valid and be excluded in the check in webapplication.cpp


// Make sure that there's no message body.
  if (pRequest->hasHeader("Content-Length") || pRequest->hasHeader("Transfer-Encoding")) {
    return error_response(pRequest, 400);
  }

wch commented 5 years ago

Here's what I see in https://tools.ietf.org/html/rfc7230#section-3.3.2:

A user agent SHOULD NOT send a Content-Length header field when the request message does not contain a payload body and the method semantics do not anticipate such a body.

If you think that this doesn't apply to the situation you are encountering, can you please provide an example of the exact HTTP request that is used? It's not entirely clear to me from reading the Stack Overflow answer.

LHaferkamp commented 5 years ago

You are right, this RFC statement applies to the situation. Unfortunately I can't control this additional header injected by the Azure proxy. So it would be really beneficial to be less strict, and it would still comply to the RFC as its not a MUST to decline such requests

wch commented 5 years ago

OK, that sounds reasonable.

wch commented 5 years ago

Closed by #248.