https://bz.apache.org/bugzilla/show_bug.cgi?id=69466
Bug ID: 69466
Summary: Content-Length removal from HEAD response should not
be mandatory
Product: Tomcat 10
Version: 10.1.33
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: kevin+bugzi...@leturc.fr
Target Milestone: ------
The Content-Length header was removed from HEAD response within
https://bz.apache.org/bugzilla/show_bug.cgi?id=69379 but as per the two
mentioned RFCs, this header is not forbidden, it could be present in a HEAD
response.
In RFC 9110, the section 8.6
(https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6) or section 9.3.2
(https://www.rfc-editor.org/rfc/rfc9110.html#section-9.3.2) don't forbid the
Content-Length header.
Section 8.6:
```
A server MAY send a Content-Length header field in a response to a HEAD request
(Section 9.3.2); a server MUST NOT send Content-Length in such a response
unless its field value equals the decimal number of octets that would have been
sent in the content of a response if the same request had used the GET method.
```
Section 9.3.2:
```
However, a server MAY omit header fields for which a value is determined only
while generating the content.
```
This is also the case in RFC 7231 under section 4.3.2
(https://datatracker.ietf.org/doc/html/rfc7231#section-4.3.2)
```
The HEAD method is identical to GET except that the server MUST NOT
send a message body in the response (i.e., the response terminates at
the end of the header section). The server SHOULD send the same
header fields in response to a HEAD request as it would have sent if
the request had been a GET, except that the payload header fields
(Section 3.3) MAY be omitted
```
The RFC 7231 references the section 3.3 of RFC 7230
(https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.2) which doesn't
forbid the header:
```
A server MAY send a Content-Length header field in a response to a
HEAD request (Section 4.3.2 of [RFC7231]); a server MUST NOT send
Content-Length in such a response unless its field-value equals the
decimal number of octets that would have been sent in the payload
body of a response if the same request had used the GET method.
```
In our application we are able to send the Content-Length header for a HEAD
request without computing any content, the value is stored in the same location
than the requested object.
With the recent fix in the Tomcat processor, we are unable to send such header
in a HEAD response.
Would it be possible to allow the Content-Length header if the value is greater
than 0? Or add a configuration parameter to permit such behavior as the RFC
allows it?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
