Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/http: Requests to the server with Expect: 100-continue fail if Content-Length: 0 #7625

Closed
gopherbot opened this issue Mar 25, 2014 · 6 comments
Closed

net/http: Requests to the server with Expect: 100-continue fail if Content-Length: 0 #7625

gopherbot opened this issue Mar 25, 2014 · 6 comments
Labels
FrozenDueToAge
Milestone
Go1.3

Comments

@gopherbot
Copy link

by jim@studt.net:

go version go1.2 linux/amd64

net/http/server.go contains an explicit check and deliberately returns StatusBadRequest
when a request with an Expect: 100-continue has a zero length body.

Users of curl run into this in two cases.

If you attempt to POST a zero length file using the -T option, or more obscurely if you
try to POST any file while using digest authentication, 

  e.g.   curl -T emptyfile http://some-go-server/
           curl -u foo:bar --digest -T my.file http://some-go-server/

In the second case, you ask to upload a file using digest authentication. Since curl
knows it doesn't have a nonce, it issues the request in order to get the 401 and its
authentication parameters. 

This behavior is probably against RFC 2616 which states the client must not send the
Expects header if it does not intend to send a body in section 8.2.3 (They are getting
their own bug report.) Whether the PUT of an empty file contains no body, or a zero
length body is a question for philosophers.

Aside from being an RFC cop, the body check does not seem to have a function. Go
software would be more tolerant of existing internet practices without it.

There is a workaround for curl at least, once one becomes aware of the incompatibility
of curl and Go's server implementation, one can use the "-H Expect:" flags to
suppress the Expect header
@gopherbot
Copy link
Author

Comment 1 by jim@studt.net:

A correction: POST should be PUT in both places where it occurs in the problem
description.
Also the code is in net/http/server.go, lines 1150 through 1155. It contains the only
occurrence of "if req.ContentLength == 0" for searching it.

@bradfitz
Copy link
Contributor

Comment 2:

Labels changed: added repo-main.

Owner changed to @bradfitz.

Status changed to Accepted.

@gopherbot
Copy link
Author

Comment 3 by jim@studt.net:

The Go behavior is almost certainly in the wrong here. From RFC 2616 - Hypertext
Transfer Protocol, section 4.3 Message Body: ... All other responses do include a
message-body, although it MAY be of zero length.

@bradfitz
Copy link
Contributor

Comment 4:

Labels changed: added release-go1.3maybe.

Status changed to Started.

@gopherbot
Copy link
Author

Comment 5:

CL https://golang.org/cl/84480045 mentions this issue.

@bradfitz
Copy link
Contributor

Comment 6:

This issue was closed by revision 10a2731.

Status changed to Fixed.

@rsc rsc added this to the Go1.3 milestone Apr 14, 2015
@golang golang locked and limited conversation to collaborators Jun 25, 2016
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Go1.3
Development

No branches or pull requests
3 participants
@bradfitz @rsc @gopherbot