Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HEAD with content is inconsistent with GET and DELETE #826

Closed
royfielding opened this issue Mar 31, 2021 · 1 comment · Fixed by #835
Closed

HEAD with content is inconsistent with GET and DELETE #826

royfielding opened this issue Mar 31, 2021 · 1 comment · Fixed by #835
Assignees
@reschke
Labels
has-proposal semantics

Comments

@royfielding
Copy link
Member

HEAD says

A content within a HEAD request message has no defined semantics; sending content in a HEAD request might cause some existing implementations to reject the request.

whereas the new text for GET is

A client SHOULD NOT generate content in a GET request. Content received in a GET request has no defined semantics, cannot alter the meaning or target of the request, and might lead some implementations to reject the request and close the connection because of its potential as a request smuggling attack (Section 11.2 of [Messaging]).

and similarly for DELETE. We should update HEAD as well to be

A client SHOULD NOT generate content in a HEAD request. Content received in a HEAD request has no defined semantics, cannot alter the meaning or target of the request, and might lead some implementations to reject the request and close the connection because of its potential as a request smuggling attack (Section 11.2 of [Messaging]).
@reschke reschke self-assigned this Apr 6, 2021
@reschke
Copy link
Contributor

reschke commented Apr 6, 2021

Digging in the change logs: the text for GET comes from #202 (with subsequent tuning).

reschke added a commit that referenced this issue Apr 6, 2021
@reschke
Align prose about content in HEAD requests with description of GET (f…
636356a 
…ixes #826)
@mnot mnot linked a pull request Apr 7, 2021 that will close this issue
Align prose about content in HEAD requests with description of GET (fixes #826) #835
Merged
reschke added a commit that referenced this issue Apr 7, 2021
@reschke
Merge pull request #835 from httpwg/reschke-826
10a11fb 
Align prose about content in HEAD requests with description of GET (fixes #826)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@reschke reschke

Labels
has-proposal semantics
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Align prose about content in HEAD requests with description of GET (fixes #826) httpwg/http-core
2 participants
@reschke @royfielding