Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HEAD response should allow non-zero Content-Length #3165

Open
daveanderson opened this issue Apr 1, 2024 · 4 comments
Open

HEAD response should allow non-zero Content-Length #3165

daveanderson opened this issue Apr 1, 2024 · 4 comments
Labels
bug Something isn't working

Comments

@daveanderson
Copy link

daveanderson commented Apr 1, 2024

Describe the issue

HTTPHeaders.updateContentLength(_:) overrides the “Content-Length” value provided in the response headers with the size of the body (0) in contravention of RFC9110.

Vapor version

4.92.3

Operating system and version

14.4.1

Swift version

Swift Package Manager - Swift 5.10.0-dev

Steps to reproduce

  1. Perform a HEAD request for a resource with a non-zero content length
  2. Set the "Content-Length" header of the 200 response with the size of the resource in bytes
  3. Observe the response includes the header content-length: 0 instead of the expected non-zero value.

Outcome

Vapor responses to HEAD requests do not behave according to the RFC and the required functionality from non-zero Content-Length headers in HEAD responses cannot be achieved.

Additional notes

In https://www.rfc-editor.org/rfc/rfc9110.html#section-9.3.2 the statement

The HEAD method is identical to GET except that the server MUST NOT send content in the response.

which is in agreement with https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6-6

A server MAY send a Content-Length header field in a response to a HEAD request (Section 9.3.2); a server MUST NOT send Content-Length in such a response unless its field value equals the decimal number of octets that would have been sent in the content of a response if the same request had used the GET method.

HTTPHeaders.updateContentLength(_:) overrides the “Content-Length” value provided in the response headers with the size of the body (0) in contravention of RFC9110.

This prevents HEAD responses from behaving correctly.

#2749 may be an existing report of the same issue, with an incomplete (?) fix available #3147

@daveanderson daveanderson added the bug Something isn't working label Apr 1, 2024
@mkll
Copy link

mkll commented Apr 2, 2024

@daveanderson #3084

@daveanderson
Copy link
Author

The workaround from #3084 of adding the header value after creating the response works, but is non-obvious and should not be necessary to be compliant with the RFC.

@0xTim
Copy link
Member

0xTim commented Apr 29, 2024

@daveanderson do you want to see if https://github.com/vapor/vapor/releases/tag/4.93.1 solves the issue?

@Craz1k0ek
Copy link
Contributor

Also, there is an alternative response init that does just what you want:

Response(
    status: .ok,
    version: request.version,
    headersNoUpdate: [
        "Content-Length": "42",
        "foo": "bar",
    ],
    body: .empty
)

The docstring says it's internal, but that's a joke

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

4 participants