You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2014/03/06 19:22:43 UTC
[jira] [Commented] (TS-2614) Response to invalid Content-Length for
POST should be a 400 error
[ https://issues.apache.org/jira/browse/TS-2614?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13922838#comment-13922838 ]
ASF GitHub Bot commented on TS-2614:
------------------------------------
GitHub user rwbarber2 opened a pull request:
https://github.com/apache/trafficserver/pull/55
TS-2614 - Response to invalid Content-Length for POST should be a 400 er...
...ror
Responds w/HTTP 400 Invalid Request when content length is < 0
Created new body_factory response for when Content-Length header is < 0
Created some regression tests
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/rwbarber2/trafficserver issues/TS-2614
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/trafficserver/pull/55.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #55
----
commit 582887d1c526b02fd47fcee7dc8bae0cebe7f260
Author: Ron Barber <rb...@yahoo-inc.com>
Date: 2014-03-06T18:16:58Z
TS-2614 - Response to invalid Content-Length for POST should be a 400 error
----
> Response to invalid Content-Length for POST should be a 400 error
> -----------------------------------------------------------------
>
> Key: TS-2614
> URL: https://issues.apache.org/jira/browse/TS-2614
> Project: Traffic Server
> Issue Type: Bug
> Components: HTTP
> Reporter: Ron Barber
> Labels: review
> Fix For: 5.0.0
>
> Attachments: 0001-TS-2614-Response-to-invalid-Content-Length-for-POST-.patch
>
>
> We have some users attempting to POST where the content length is -1.
> POST /services/rest HTTP/1.1\r\n
> Host: api.flickr.com\r\n
> Accept: */*\r\n
> Content-Length: -1\r\n
> Content-Type: application/x-www-form-urlencoded\r\n
> Expect: 100-continue\r\n
> ATS goes ahead with this request and connects to the origin and passes the invalid content length.
> Preferable, and consistent with the spec, ATS should immediately respond to the client with an error.
> RFC-2616 Section 14.13 says 'Any Content-Length greater than or equal to zero is a valid value.' I interpret that as a negative content length value is invalid.
> I propose that ATS respond with a '400 Invalid Request' for PUT/POST/PUSH requests when the user provided content-length is less than 0.
--
This message was sent by Atlassian JIRA
(v6.2#6252)