You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "Ron Barber (JIRA)" <ji...@apache.org> on 2014/03/06 19:30:45 UTC

[jira] [Comment Edited] (TS-2614) Response to invalid Content-Length for POST should be a 400 error

    [ https://issues.apache.org/jira/browse/TS-2614?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13922848#comment-13922848 ] 

Ron Barber edited comment on TS-2614 at 3/6/14 6:29 PM:
--------------------------------------------------------

[~hua zhang] Your patch looks pretty good except its missing the new body_factory response and it uses 's->method', I think, before it's initialized..plus you don't have any regressions ;)

My change (pull request) is similar to yours but has the above mentioned issues resolved..

Also note that I have run my patch (on a 4.0.2 version) in production and it seems good.


was (Author: rwbarber2):
[~hua zhang] Your patch looks pretty good except its missing the new body_factory response and it uses 's->method', I think, before it's initialized..plus you don't have any regressions ;)

My change (pull request) is similar to yours but has the above mentioned issues resolved..

> Response to invalid Content-Length for POST should be a 400 error
> -----------------------------------------------------------------
>
>                 Key: TS-2614
>                 URL: https://issues.apache.org/jira/browse/TS-2614
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: HTTP
>            Reporter: Ron Barber
>              Labels: review
>             Fix For: 5.0.0
>
>         Attachments: 0001-TS-2614-Response-to-invalid-Content-Length-for-POST-.patch
>
>
> We have some users attempting to POST where the content length is -1.
> POST /services/rest HTTP/1.1\r\n
> Host: api.flickr.com\r\n
> Accept: */*\r\n
> Content-Length: -1\r\n
> Content-Type: application/x-www-form-urlencoded\r\n
> Expect: 100-continue\r\n
> ATS goes ahead with this request and connects to the origin and passes the invalid content length.  
> Preferable, and consistent with the spec, ATS should immediately respond to the client with an error.
> RFC-2616 Section 14.13 says 'Any Content-Length greater than or equal to zero is a valid value.'  I interpret that as a negative content length value is invalid.
> I propose that ATS respond with a '400 Invalid Request' for PUT/POST/PUSH requests when the user provided content-length is less than 0.



--
This message was sent by Atlassian JIRA
(v6.2#6252)