wsgi response with status code 304 contains a body

[bt90]

eventlet.wsgi.server adds an empty chunked body to 304 responses. This violates RFC 9110 which states that:

A 304 response is terminated by the end of the header section; it cannot contain content or trailers.

This causes errors in reverse proxies like caddy or traefik, which tend to strictly adhere to the HTTP spec:

Dez 21 11:42:59 proliant caddy[48932]: {"level":"info","ts":1703155379.7331445,"msg":"Unsolicited response received on idle HTTP channel starting with \"0\\r\\n\\r\\n\"; err=<nil>"}
Dez 21 11:43:04 proliant caddy[48932]: {"level":"info","ts":1703155384.3559086,"msg":"Unsolicited response received on idle HTTP channel starting with \"0\\r\\n\\r\\n\"; err=<nil>"}
Dez 21 11:43:04 proliant caddy[48932]: {"level":"info","ts":1703155384.5456474,"msg":"Unsolicited response received on idle HTTP channel starting with \"0\\r\\n\\r\\n\"; err=<nil>"}
Dez 21 11:43:04 proliant caddy[48932]: {"level":"info","ts":1703155384.5492866,"msg":"Unsolicited response received on idle HTTP channel starting with \"0\\r\\n\\r\\n\"; err=<nil>"}

The content describes an empty chunk as outlined in https://en.wikipedia.org/wiki/Chunked_transfer_encoding#Format

0\r\n\r\n

A possible solution might be to drop the Transfer-Encoding header for 304 responses.

Minimal reproducible example: https://github.com/dgtlmoon/flask-304-modified-extra-in-reply-test

see dgtlmoon/changedetection.io#2053 for more details

[bt90]

HTTP 200 ✔️

*   Trying 127.0.0.1:5000...
* Connected to localhost (127.0.0.1) port 5000 (#0)
> GET /static HTTP/1.1
> Host: localhost:5000
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
> Accept: image/avif,image/webp,*/*
> Accept-Language: de,en-US;q=0.7,en;q=0.3
> Accept-Encoding: gzip, deflate, br
> Connection: keep-alive
> TE: trailers
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Content-Disposition: inline; filename=image.png
< Content-Type: image/png
< Content-Length: 13861
< Last-Modified: Fri, 22 Dec 2023 11:39:43 GMT
< Cache-Control: no-cache
< Etag: "1703245183.629759-13861-4220917683"
< Date: Fri, 22 Dec 2023 11:43:25 GMT
< Connection: keep-alive

HTTP 304 ❌

*   Trying 127.0.0.1:5000...
* Connected to localhost (127.0.0.1) port 5000 (#0)
> GET /static HTTP/1.1
> Host: localhost:5000
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
> Accept: image/avif,image/webp,*/*
> Accept-Language: de,en-US;q=0.7,en;q=0.3
> Accept-Encoding: gzip, deflate, br
> Connection: keep-alive
> If-Modified-Since: Fri, 22 Dec 2023 10:14:33 GMT
> If-None-Match: "1703245183.629759-13861-4220917683"
> TE: trailers
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 304 NOT MODIFIED
< Content-Disposition: inline; filename=image.png
< Cache-Control: no-cache
< Etag: "1703245183.629759-13861-4220917683"
< Date: Fri, 22 Dec 2023 11:42:00 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
<
* Excess found: excess = 5 url = /static (zero-length body)
* Connection #0 to host localhost left intact

Curl also prints a warning because it didn't expect to retrieve content for a 304 response:

* Excess found: excess = 5 url = /static (zero-length body)