Ignore:
Timestamp:
20/06/13 17:09:06 (10 years ago)
Author:
julian.reschke@…
Message:

clarify proxy handling of bad content lengths (see #482)

Location:
draft-ietf-httpbis/latest
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • draft-ietf-httpbis/latest/p1-messaging.html

    r2295 r2298  
    14761476         <li>
    14771477            <p>If a message is received without <a href="#header.transfer-encoding" class="smpl">Transfer-Encoding</a> and with either multiple <a href="#header.content-length" class="smpl">Content-Length</a> header fields having differing field-values or a single Content-Length header field having an invalid value, then the message
    1478                framing is invalid and <em class="bcp14">MUST</em> be treated as an error to prevent request or response smuggling. If this is a request message, the server <em class="bcp14">MUST</em> respond with a <a href="p2-semantics.html#status.400" class="smpl">400 (Bad Request)</a> status code and then close the connection. If this is a response message received by a proxy, the proxy <em class="bcp14">MUST</em> discard the received response, send a <a href="p2-semantics.html#status.502" class="smpl">502 (Bad Gateway)</a> status code as its downstream response, and then close the connection. If this is a response message received by a user agent,
    1479                it <em class="bcp14">MUST</em> be treated as an error by discarding the message and closing the connection.
     1478               framing is invalid and <em class="bcp14">MUST</em> be treated as an error to prevent request or response smuggling. If this is a request message, the server <em class="bcp14">MUST</em> respond with a <a href="p2-semantics.html#status.400" class="smpl">400 (Bad Request)</a> status code and then close the connection. If this is a response message received by a proxy, the proxy <em class="bcp14">MUST</em> close the connection to the server, discard the received response, and send a <a href="p2-semantics.html#status.502" class="smpl">502 (Bad Gateway)</a> response to the client. If this is a response message received by a user agent, it <em class="bcp14">MUST</em> be treated as an error by discarding the message and closing the connection.
    14801479            </p>
    14811480         </li>
     
    32193218         </li>
    32203219         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/477">http://tools.ietf.org/wg/httpbis/trac/ticket/477</a>&gt;: "Pipelining language"
     3220         </li>
     3221         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/482">http://tools.ietf.org/wg/httpbis/trac/ticket/482</a>&gt;: "proxy handling of a really bad Content-Length"
    32213222         </li>
    32223223      </ul>

  • draft-ietf-httpbis/latest/p1-messaging.xml

    r2295 r2298  
    17441744     a <x:ref>400 (Bad Request)</x:ref> status code and then close the connection.
    17451745     If this is a response message received by a proxy, the proxy
    1746      &MUST; discard the received response, send a <x:ref>502 (Bad Gateway)</x:ref>
    1747      status code as its downstream response, and then close the connection.
     1746     &MUST; close the connection to the server, discard the received response,
     1747     and send a <x:ref>502 (Bad Gateway)</x:ref> response to the client.
    17481748     If this is a response message received by a user agent, it &MUST; be
    17491749     treated as an error by discarding the message and closing the connection.
     
    54185418      "Pipelining language"
    54195419    </t>
     5420    <t>
     5421      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/482"/>:
     5422      "proxy handling of a really bad Content-Length"
     5423    </t>
    54205424  </list>
    54215425</t>
Note: See TracChangeset for help on using the changeset viewer.