Comments (7)
According to RFC 7231 sending a body within a GET request is undefined behavior:
A payload within a GET request message has no defined semantics;
sending a payload body on a GET request might cause some existing
implementations to reject the request.
RFC 7231: 4.3.1: Method Definitions - GET
Bad Request seems to be a valid response in my opinion.
from node.
My example does not use a GET
request with a message body. It uses a GET
request followed by some invalid bytes.
This is distinct from a message body because there is no Content-Length
or Transfer-Encoding
header. In the absence of both, a request's message body is defined to be empty.
That said, I'll still update the comment to use an empty POST
just to make this point clear.
from node.
Reproduced the behavior with node version v22.2.0.
from node.
But this seems to still be intentional behavior.
Using POST
with Content-Length: 0
, but providing a body, fails even without Connection: close
.
from node.
I'm not "providing a body" after the request, I'm just sending some more bytes on the connection. These extra bytes are not part of the message body because of the Content-Length: 0
header. There is no interpretation for these bytes; the standard says that bytes sent after a request containing Connection: close
must not be processed. Responding 400 to the message due to invalid bytes sent after the message indicates the processing of those bytes, and is therefore in violation of the RFCs.
The correct behavior is to ignore bytes sent after the connection is closed. This is what other HTTP implementations do.
from node.
With the Content-Length
header set to 0, the server does not expect any Content. If additional data is provided it should result in a 400 (Bad Request)
. This is expected behavior as described in RFC 7230 3.3.3.4.
The Connection: close
header indicates that following requests must not be processed AFTER the current request is processed.
Edit:
However this is handled differently on many other servers, as you described.
from node.
Again, the bytes sent after the request are not part of the message body of the first request, because of the Content-Length: 0
header. The processing of the first request does not entail processing the bytes sent after the first request. Processing these bytes (and consequently realizing that they are invalid) indicates that the connection is not being closed.
This does not fall under the scope of 7230 3.3.3.4 because the Content-Length
value is valid. What is meant by "invalid value" in that context is a value that doesn't match the grammar (i.e., a value that is not one or more ASCII digits).
To further drive this point home, suppose the payload were the following:
GET / HTTP/1.1\r\n
Host: whatever\r\n
Content-Length: 0\r\n
Connection: close\r\n
\r\n
GET / HTTP/1.1\r\n
Host: whatever\r\n
\r\n
Node will respond 400 to this, which is the wrong response. The 400 indicates an invalid request, but there is no invalid request here. There is a valid request, which closes the connection. No further requests should be processed. The fact that a 400 response is sent indicates that the rest of the bytes on the connetion (which constitute the second request) were processed.
from node.
Related Issues (20)
- Mocha-like root hooks for test runner HOT 21
- Sharing AsyncLocalStorage instance with customization hook HOT 4
- OOM - Segmentation fault (not ulimit, not cgroups, not max-space, not exhausted RAM) HOT 6
- URL.canParse('https://*.example.com') incorrectly returns true HOT 5
- Inconsistent behavior with crypto.KeyObject.from() and key usage flags for RSA encryption/decryption HOT 1
- [Bug]: Vite Wallet does not run correctly after building it on Microsoft Windows. HOT 1
- Random wrong encoding of strings returned by .replace function HOT 1
- nodejs crashes at stream.c due to queue size assertion HOT 5
- Flaky text encoding regression in Node 22 HOT 1
- Reuse Blob Registry in Workers
- exec command 'playerctl status' does not work HOT 1
- test_runner: `latest.js` file is included by default HOT 1
- `cpSync` symlink handling regression HOT 3
- Node-API V8 Fast API HOT 2
- Nominating @abmusse to be a collaborator HOT 1
- Node 22.1+ crashes process when a lot of VM processes are created/destroyed in parallel workers HOT 6
- build warning with gcc 12 HOT 4
- Buffer to string conversion fails after a few KB of load. HOT 1
- Use the compilation cache when running typescript files through `--experimental-transform-types` HOT 5
- Encoding Issue with Special Characters in Node.js 22 Docker Image HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node.