cURL

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[curl:bugs] #1349 Expect: 100-continue sent with no body violates RFC.

From: Daniel Stenberg <bagder_at_users.sf.net>
Date: Tue, 25 Mar 2014 07:20:07 +0000

- **assigned_to**: Daniel Stenberg
- **Comment**:

Can you show us a command line to get zero content-length? I'm not sure I can repeat it with a recent curl version.

"If a Content-Length: 0 for a zero length POST constitutes not sending a body is debatable. " What else would it mean?

"Omitting the body when digest authentication probes to get a nonce is clearly against the RFC." Which RFC are you talking about here? I know it is far from ideal to do it like that, but it is a shortcut that is wildly supported and you can tell curl to not do it so we've opted to keep the shortcut for the faster operation for those who can use it.

---
** [bugs:#1349] Expect: 100-continue sent with no body violates RFC.**
**Status:** open
**Created:** Tue Mar 25, 2014 12:40 AM UTC by JimS
**Last Updated:** Tue Mar 25, 2014 12:40 AM UTC
**Owner:** Daniel Stenberg
When doing a POST of a zero length file, or any file when using digest authentication curl will issue an "Expect: 100-continue" header as well as a "Content-Length: 0". This violates RFC-2616 and earns a 400 error code from servers written in Go 1.2.
Section 8.2.3 includes:
> A client MUST NOT send an Expect request-header field (Expect) with the "100-continue" expectation if it does not intend to send a request body.
Once the problem is understood, using "-H Expect:" suppresses the header and allows the command to function normally.
If a Content-Length: 0 for a zero length POST constitutes not sending a body is debatable. Omitting the body when digest authentication probes to get a nonce is clearly against the RFC.
Maximum compatibility would be achieved by omitting the "Expect" header in both of these cases, the queries would save a turnaround, and there is no performance downside, since the bodies are empty anyway. There is probably an applicable code path, since doing a POST of /dev/null does not send the Expect header.
~~~~~
$ curl --version
curl 7.26.0 (x86_64-pc-linux-gnu) libcurl/7.26.0 OpenSSL/1.0.1e zlib/1.2.7 libidn/1.25 libssh2/1.4.2 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap pop3 pop3s rtmp rtsp scp sftp smtp smtps telnet tftp 
Features: Debug GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
~~~~~
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.
Received on 2014-03-25

These mail archives are generated by hypermail.

donate! Page updated March 21, 2014.
web site info

File upload with ASP.NET