Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wsgi: server MUST NOT send Content-Length/Transfer-Encoding header in response with a status code of 1xx, 204 or (2xx to CONNECT request) #747

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

wsgi: server MUST NOT send Content-Length/Transfer-Encoding header in response with a status code of 1xx, 204 or (2xx to CONNECT request) #747

wants to merge 5 commits into from

Conversation

temoto
Copy link
Member

@temoto temoto commented Jan 13, 2022
edited by itamarst

@temoto temoto requested a review from tipabu January 13, 2022 22:55
@codecov

This comment was marked as outdated.

Sign in to view
tipabu
tipabu reviewed Jan 17, 2022
View reviewed changes
Copy link
Contributor

@tipabu tipabu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense, though I think there are two more cases from section 3.3.3 where we may want to skip our standard attempt at imposing a content-length or transfer-encoding on the response:

  1. responses to HEAD requests
  2. responses with status 304 Not Modified

While the RFC allows servers to include these headers in such responses, I don't think we're in a position to know what appropriate values are -- only application code can say for sure.

eventlet/wsgi.py
@@ -479,6 +479,9 @@ def handle_one_response(self):
use_chunked = [False]
length = [0]
status_code = [200]
# Status code of 1xx or 204 or 2xx to CONNECT request MUST NOT send body and related headers
# https://httpwg.org/specs/rfc7230.html#rfc.section.3.3.1
bodyless = [False]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It bugs me a little that we're not actually enforcing the absence of a body -- if application code responds 204 No Content but then also returns an app iter that has some bytes, we're going to yield them out and mess up message framing. Bit of a slippery slope to go down, though, I suppose.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, agreed, thank you. But also we have a funny hack to allow random header case for compatibility with some popular server.

IMHO, we should claim WSGI and HTTP are separated at eventlet.wsgi, it takes care of transfer headers, may drop body and proper application expects that anyway. But also allow things like 204 with body via feature flag.

But it seems a fair amount of change. Suggest to extract this as separate task and implement later.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed; it can certainly be a follow-up -- or we just tell application developers to be more careful. Definitely not a blocker to getting this fix merged.

eventlet/wsgi.py Outdated Show resolved Hide resolved
@itamarst itamarst added the bug label Dec 19, 2023
@bt90 bt90 mentioned this pull request Dec 27, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tipabu tipabu tipabu left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
3 participants
@temoto @tipabu @itamarst