- From: Roy T. Fielding <fielding@kiwi.ics.uci.edu>
- Date: Thu, 17 Dec 1998 22:03:24 -0800
- To: John Franks <john@math.nwu.edu>
- Cc: mcmanus@appliedtheory.com, CGI-WG@golux.com, http-wg@cuckoo.hpl.hp.com, ipp@pwg.org
>In my opinion, Ken Coar is correct in saying that for a server to >be *both* HTTP/1.1 compliant and CGI/1.1 compliant it MUST buffer >chunked POST data and provide a Content-Length for the CGI script. Sending 411 is HTTP/1.1 compliant. Failure to parse the chunked encoding (and puking) would be non-compliance, but requiring a content-length for a given resource is necessary for many reasons (DoS and legacy system protection). >My recollection is that some servers chose not to be completely >CGI/1.1 compliant to avoid the buffering. The 411 header was a >way to be HTTP/1.1 compliant and indicate their rejection of >chunked POST data. > >For example, I have heard that Apache rejects chunked POST data, >but I have not personally verified this. Right, the default mod_cgi distributed with Apache will respond with 411 because it assumes the CGI is dumb. The core of Apache does support chunked reading, so one could always write a module that reads chunked, but CGI requires a content-length before the script is execed. A module that does limited-size buffering before handing over to the CGI script has been on my Apache to-do list for a long time (over a year). ....Roy
Received on Thursday, 17 December 1998 22:09:51 UTC