This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 25684 - Specify explicit rules regarding whether requests set "Content-Length" header or not
Summary: Specify explicit rules regarding whether requests set "Content-Length" header...
Status: RESOLVED FIXED
Alias: None
Product: WHATWG
Classification: Unclassified
Component: Fetch (show other bugs)
Version: unspecified
Hardware: All All
: P2 normal
Target Milestone: Unsorted
Assignee: Anne
QA Contact: sideshowbarker+fetchspec
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-05-13 13:05 UTC by caitp
Modified: 2015-05-05 16:22 UTC (History)
2 users (show)

See Also:


Attachments

Description caitp 2014-05-13 13:05:42 UTC
Based on discussion at https://github.com/w3c/web-platform-tests/issues/980, it was suggested to file a bug here regarding this.

Regarding GET/HEAD requests in particular, the RFCs are unclear about whether a request is allowed to supply a body or not, but apparently there's a desire for browsers to behave identically even though this by definition should not matter, because backends simply should not care.

So, the options are,

A) require that GET, HEAD requests do not supply Content-Length or Transfer-Encoding

B) specify that if GET or HEAD requests DO supply a Content-Length, it should be exactly 0, and the backend should ignore it anyways.

The current browser story is, IE, Safari and Chrome all send a Content-Length header for all HEAD requests, and this is justified in the source code as "because maybe you're sending a HEAD request to something which normally only deals with POST requests and needs a message body".

I would say that this should actually be whether there is a message-body or not, since the XHR spec says to set the message-body to NULL, but unfortunately some methods require a Content-Length regardless of whether there is a message-body or not (POST and PUT, for example).

Deliberate away, I'm interested to see what gets settled on.
Comment 1 Anne 2015-05-05 14:28:58 UTC
caitp, could you perhaps elaborate on what browsers do here? What do they do for GET/HEAD/POST/CHICKEN? If browsers roughly agree it probably makes sense to go with that.
Comment 2 caitp 2015-05-05 14:39:02 UTC
> The current browser story is, IE, Safari and Chrome all send a Content-Length header for all HEAD requests, and this is justified in the source code as "because maybe you're sending a HEAD request to something which normally only deals with POST requests and needs a message body".

This means, if the method is HEAD (not talking about any other methods), the Content-Length header is present with a value 0.

In chromium tree: (https://chromium.googlesource.com/chromium/src/+/ca9d6916c5fedf6f0ee73dfc397cb0f65ad326b9/net/http/http_network_transaction.cc#894 --- most recent commit as of time of this comment). The reasoning why is explained in the source comment.

Last year, Safari appeared to be doing the same thing, not sure if it still is or not. Reportedly, IE does too. Unfortunately the network stacks for those other browsers isn't as easily linked to in bug reports