Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.4.4

Bug #14740 GET REQUEST Content-Length Header Problem
Submitted: 2008-10-04 09:17 UTC
From: thomni Assigned: avb
Status: Closed Package: HTTP_Request (version 1.4.3)
PHP Version: 5.2.6 OS: Linux
Roadmaps: 1.4.4    

 [2008-10-04 09:17 UTC] thomni (Thomas Nicolai)
Description: ------------ #Related to bug 12900 The current implementation always to add a content length-length field to the HTTP Header is not in line with the HTTP RFC. It's fine for POST Requests as there has to be a content-length value but for GET its not allowed! This causes trouble with lighthttpd returning BAD REQUEST 400. See this entry at lighthttpd forum ---------------------------------------- # Request.php 1001 // No body: send a Content-Length header nonetheless (request #12900) 1002 } else { 1003 1004 $request .= "Content-Length: 0\r\n\r\n"; 1005 } should be changed to something like 1001 // No body: send a Content-Length header nonetheless (request #12900) 1002 } elseif (HTTP_REQUEST_METHOD_POST == $this->_method ) { 1003 1004 $request .= "Content-Length: 0\r\n\r\n"; 1005 } Actual result: -------------- LightHTTPD returns BAD REQUEST 400.


 [2008-10-04 16:07 UTC] avb (Alexey Borzov)
I think authors of lighthttpd misinterpret the specification. Section 4.3 of RFC 2616 reads: ======== The presence of a message-body in a request is signaled by the inclusion of a Content-Length or Transfer-Encoding header field in the request's message-headers. A message-body MUST NOT be included in a request if the specification of the request method (section 5.1.1) does not allow sending an entity-body in requests. A server SHOULD read and forward a message-body on any request; if the request method does not include defined semantics for an entity-body, then the message-body SHOULD be ignored when handling the request. ======== The only method where message-body is explicitly forbidden is TRACE (section 9.8), it is not mentioned at all for GET method (section 9.3). So lighthttpd should just ignore the body rather than return the "Bad Request" error. I may be missing something, of course, so feel free to point me to the section of RFC 2616 that actually forbids sending message-body with GET request.
 [2008-10-09 09:58 UTC] avb (Alexey Borzov)
I've read the comments in the nuSOAP mailing list, looks like that both HTTP_Request and lighttpd are within spec. On the other hand, there is little sense in keeping "Content-Length: 0" on requests that actually don't have a body if this can cause an error with some servers, so I'll add a check for this. Of course, if someone adds a body for GET request it still would be happily sent along, but then we assume the programmer knows what he is doing.
 [2008-10-09 10:28 UTC] avb (Alexey Borzov)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on by the end of next Sunday (CET). If this was a problem with the website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. "Content-Length: 0" will only be sent for POST and PUT requests, where its absence can cause problems.