Re: Sections 3.3.2 and 3.3.3 allow bogus Content-Length?

On 02/14/2017 05:42 PM, Adrien de Croy wrote:
>>>  The only true size of a body is what you obtain by counting its bytes.

>> I disagree. The only true size of a body is the Content-Length value (in
>> relevant contexts).

> What about for a sender piecing a message together.  Where does
> Content-Length come from?
> The content existed before you derived or obtained its length.

The content may have existed, of course, but the HTTP message (and,
hence, HTTP message body) did not.

When the agent creates an HTTP message with a Content-Length header (no
T-E, etc.), that agent determines the HTTP message body size. Whether
the agent first computes the C-L header value or imports the body is an
irrelevant implementation detail from the _protocol_ point of view. On
the protocol/conceptual level, the header value and the body size are
the same thing. We could add qualifiers like expected or anticipated
message body size but they actually make the text less accurate IMHO.

Consider an agent that reads body content from a 100-byte file, counts
each byte read, but forgets to read the last byte (bug!) and then sets
the Content-Length header value to 42 (another bug!). From the HTTP
point of view, the message body is going to be 42 bytes long even though
that body does not accurately represent the content the agent read from
the disk or the content it ought to be actually sending.

And the above example will still stand if I replace 100 with 10!


Received on Wednesday, 15 February 2017 01:16:18 UTC