bryancall commented on issue #12960:
URL:
https://github.com/apache/trafficserver/issues/12960#issuecomment-4184164501
The RFC citations in the issue description are indeed wrong (likely
LLM-generated), but the underlying bug is valid.
The correct reference is **RFC 9112 Section 6.3** (Message Body Length),
which has two relevant rules:
1. *"If this is a request message and none of the above are true, then the
message body length is zero (no message body is present)."*
2. *"A server MAY reject a request that contains a message body but not a
Content-Length by responding with 411 (Length Required)."*
A POST with **neither** Content-Length **nor** Transfer-Encoding does not
"contain a message body" — its body length is zero per rule 1. The 411
rejection (rule 2) only applies when a request **contains** a body without
Content-Length.
In `HttpTransact.cc`, `check_request_validity()` triggers
`NO_POST_CONTENT_LENGTH` when the method is POST/PUT/PUSH, Transfer-Encoding is
not chunked, and Content-Length is absent. The problem is that "TE is not
chunked" is true for both "TE is present but not chunked" and "no TE at all."
When neither header is present, RFC 9112 says body length is zero and the
request should be accepted.
This is a real-world issue — browser `fetch("url", {method: "POST"})` with
no body sends neither header.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
