Content-Length header is set to an empty string when not provided by client

[reteptilian]

This example uses flask but the issue is with werkzeug, per discussion here

echoheaders.py:

import flask
app = flask.Flask(__name__)

@app.route('/')
def echo_headers():
    return flask.jsonify(dict(flask.request.headers))
Run it:

$ FLASK_APP=echoheaders python -m flask run
 * Serving Flask app "echoheaders"
 * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)

Test:

$ curl -v http://localhost:5000
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: localhost:5000
> Accept: */*
{
  "Accept": "*/*",
  "Content-Length": "",    <-----------   THIS IS MY COMPLAINT  ------------
  "Content-Type": "",
  "Host": "localhost:5000",
  "User-Agent": "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2"
}

The client did not provide a Content-Length header, but flask creates one that is set to an illegal empty string.

This is problematic for us, because my team decided to use flask as a kind of smart proxy service, so it forwards all the client headers along to the destination, which then rightly complains (per RFC 2616) that it cannot parse the value from the Content-Length header. So we had to write our own code to overwrite flask's version with a correct Content-Length. It would be nicer we did not artificially create this header, or at the very least, set it to a valid value (zero in this case).

[wong2]

@untitaker this can be closed