DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38030>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38030 Summary: HTTP 1.0 POST Request without a message body improperly receives a 403 Product: Tomcat 5 Version: 5.5.12 Platform: Macintosh OS/Version: Mac OS X 10.4 Status: NEW Severity: major Priority: P2 Component: Connector:HTTP AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] An HTTP 1.0 POST request with no message body and no content-length attribute will receive a 403 "The request body was too large to be cached during the authentication process" Response. Although the validity of the POST request can be called into question, the Tomcat response is clearly counter to RFC 2616 Section 4.3 ( The presence of a message-body in a request is signaled by the inclusion of a Content-Length or Transfer-Encoding header field in the request's message-headers). I've tested an HTTP 1.1 POST without a message body and no content-length attribute. Although Tomcat handles it properly, Tomcat seems to block in a read attempting to read a message body (I see an 8 second delay between POST Request and the Response). Although that behavior is "correct", I think it could be accurately described as "undesirable". Thanks to Bill Barker, Remy Maucherat, and Bill Stoddard for their help on [EMAIL PROTECTED] On dev, Remy proposed removing the "if (keepAlive)" from the following fragment (I presume it applies to both Http11Processor.java and Http11AprProcessor.java). I have not tested this fix... if (!contentDelimitation) { // If there's no content length and we're using keep-alive // (HTTP/1.0 with keep-alive or HTTP/1.1), assume // the client is not broken and didn't send a body >>>>>>>>>> if (keepAlive) { inputBuffer.addActiveFilter (inputFilters[Constants.VOID_FILTER]); contentDelimitation = true; } } -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
