Re: P1: Content-Length SHOULD be sent

On Tue, Dec 4, 2012 at 10:45 AM, Willy Tarreau <w@1wt.eu> wrote:
> On Tue, Dec 04, 2012 at 09:42:47AM -0600, Zhong Yu wrote:
>> Yes a GET request can contain Content-Length, but people don't really
>> do that. Based on that observation, a server may reject any GET with
>> Content-Length, reasoning that it's simpler to program, and it won't
>> lose any legitimate requests.
>>
>> However the proposed change may encourage new programmers to add
>> Content-Length:0 to GET requests. (Actually it seems to be the sole
>> motivation for the change)
>
> As I said, I don't think it encourages this due to the paragraph above
> explicitly saying that requests without body don't need to send a c-l.
> But maybe this could be reinforced in the text, I don't know.
>
>> This change will disturb the existing practices, without adding any value.
>>
>> (My real problem with the change is the semantics. A server API may
>> want to distinguish between a request with an empty entity body and a
>> request without an entity. Previously this can be done uniformly for
>> requests, per RFC2616.)
>
> This distinction -if it exists at all- cannot be made based on the presence
> of the content-length header field precisely because this one has been
> optional for ages due to the compatibility with the close mode. My

I was referring to requests only.

> understanding has always been that no entity body is an empty body and
> conversely.

An entity with an empty body can be non-trivial, because it can carry
meanings in entity headers. It is different from not having an entity
in a request.

For example, this is a legitimate request

POST /action HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 0

It is a form post with 0 parameters.

This is an illegitimate request:

POST /action HTTP/1.1
Content-Type: application/x-www-form-urlencoded

It's a POST request without a body. Most web servers probably will reject it.

>
> Regards,
> Willy
>

Received on Tuesday, 4 December 2012 18:32:35 UTC