Skip to content

net/http: bad handling of HEAD requests with a body #53960

Closed
@neild

Description

@neild

HEAD requests may have a body, although RFC 7231 states that "some existing implementations" may reject a HEAD request which contains one.

The net/http package handles HEAD requests with a body in different ways:

  • HTTP/1, non-chunked: return a 400 error, close the connection.
  • HTTP/1, Content-Encoding: chunked: ignore the chunked body (trying to parse it as the next request on the connection). Clearly buggy. Not a request smuggling mechanism, since the chunked body data can never be a valid HTTP request.
  • HTTP/2: close the stream with an error.

We should either support HEAD requests with a body in all circumstances, or fix the HTTP/1 chunked case and add a test for the HTTP/1 identity case. I think support, but I could be argued into always-reject on the grounds that nobody ever actually sends a body in a HEAD request.

Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and Kaan Onarlioglu for reporting this issue.

Metadata

Metadata

Assignees

Labels

FrozenDueToAgeNeedsFixThe path to resolution is known, but the work has not been done.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions