- From: Willy Tarreau <w@1wt.eu>
- Date: Wed, 29 Apr 2015 07:01:20 +0200
- To: Nico Williams <nico@cryptonector.com>
- Cc: ietf-http-wg@w3.org
On Tue, Apr 28, 2015 at 03:38:58PM -0500, Nico Williams wrote: > Section 4.3.6 of RFC7231 says: > > A server MUST NOT send any Transfer-Encoding or Content-Length header > fields in a 2xx (Successful) response to CONNECT. A client MUST > ignore any Content-Length or Transfer-Encoding header fields received > in a successful response to CONNECT. > > I find the second sentence strange: if a proxy sends a body in a 2xx > response to a CONNECT and the client ignores it, the client will... find > the response body and pass it along to the application as application > protocol data! > > Surely that's not really the intent when a proxy violates the first > sentence of the quoted paragraph by sending a response body. > > Even if no known proxies send a response body in 2xx CONNECT responses, > it seems more plausible that proxies do just that than that they include > non-zero-length Content-Length but no response body. In fact it's worse. I've long seen proxies sending various content-length values in response to CONNECT. Some send content-length:0, others send 1 million etc... I'm pretty sure they used to do that to workaround broken intermediaries which ignore the method and only follow content-length, and used to let a lot of data pass through. I think the text above is well suited to cover that case. Don't forget that RFC723x aim at describing what *is* deployed and how to best interoperate. Regards, Willy
Received on Wednesday, 29 April 2015 05:01:46 UTC