Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Content-Lenth and Content-Type in bodyless message #2341

Merged
merged 3 commits into from
Feb 28, 2025
Merged

Content-Lenth and Content-Type in bodyless message #2341

merged 3 commits into from
Feb 28, 2025

Conversation

const-t
Copy link
Contributor

@const-t const-t commented Feb 11, 2025
edited
Loading

RFC 9110 8.6:
A server MUST NOT send a Content-Length header field in any response with a status code of 1xx (Informational) or 204 (No Content).

Now for responses 1xx and 204 Tempesta FW treats Content-Length: 0 as the absence of a Content-Length header. Some implementations send Content-Length: 0 within 204 (No Content) response, to be able to process such messages the rule from RFC 9110 8.6 has been relaxed.

For requests with bodyless methods such as HEAD, GET, etc. Tempesta also treats Content-Length: 0 as empty body and considers such requests as valid.

Added directive http_allow_empty_body_content_type that allows Tempesta FW to process requests with bodyless methods. By default Tempesta FW drops such requests.

@const-t const-t linked an issue Feb 11, 2025 that may be closed by this pull request
TempestaFW blocks GET/HEAD requests with Content-Type or Content-Length headers #2322
Closed
2 tasks
@symstu-tempesta
Copy link
Contributor

https://github.com/tempesta-tech/tempesta-test/pull/769/files

here is the test branch

@const-t const-t marked this pull request as ready for review February 13, 2025 23:51
@const-t const-t requested a review from krizhanovsky February 17, 2025 14:26
krizhanovsky
krizhanovsky approved these changes Feb 17, 2025
View reviewed changes
Copy link
Contributor

@krizhanovsky krizhanovsky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@const-t
Content-Lenth and Content-Type in bodyless message
01a29b7 
RFC 9110 8.6:
A server MUST NOT send a Content-Length header field in
any response with a status code of 1xx (Informational)
or 204 (No Content).

Now for responses 1xx and 204 Tempesta FW treats
`Content-Length: 0` as the absence of a Content-Length
header. Some implementations send `Content-Length: 0`
within 204 (No Content) response, to be able to process
such messages the rule from RFC 9110 8.6 has been
relaxed.

For requests with bodyless methods such as HEAD, GET,
etc. Tempesta also treats `Content-Length: 0` as empty
body and considers such requests as valid.

Added directive `http_allow_empty_body_content_type`
that allows Tempesta FW to process requests with
bodyless methods. By default Tempesta FW drops such
requests.
@const-t
Change unit tests accordingly to requirments
6adad8b 
Now `content-length: 0` is allowed with bodyless
methods, in the tests `content-length: 0` changed
to `content-length: 1`. However we don't send body,
because it's unnecessary, because we expect that
validation of bodyless method will block request
before body will be parsed.
@const-t const-t merged commit 6cbd066 into master Feb 28, 2025
1 check passed
@const-t const-t deleted the kt-2322-empty-body branch February 28, 2025 21:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@krizhanovsky krizhanovsky krizhanovsky approved these changes

@symstu-tempesta symstu-tempesta symstu-tempesta approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

TempestaFW blocks GET/HEAD requests with Content-Type or Content-Length headers
3 participants
@const-t @symstu-tempesta @krizhanovsky