Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

if there is no content, don't include content length #11937

Merged
merged 1 commit into from Jun 3, 2019

Conversation

Projects
None yet
4 participants
@busterb
Copy link
Member

commented Jun 2, 2019

Noted by @sempervictus Metasploit currently adds a content-length header by default even if there is no content. This makes the header conditional on bytes being in the content in the first place.

@sempervictus

This comment has been minimized.

Copy link
Contributor

commented Jun 2, 2019

Seems on the request side, this is correct for GET, but not other methods like POST. I'll peek at the rfc for this shortly to figure out exactly which methods and responses warrant this behavior.

@wchen-r7 wchen-r7 merged commit 3cf375c into rapid7:master Jun 3, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

wchen-r7 added a commit that referenced this pull request Jun 3, 2019

@wchen-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 3, 2019

Release Notes

The Content-Length header is now optional.

@sempervictus

This comment has been minimized.

Copy link
Contributor

commented Jun 4, 2019

Actually they're already optional - auto_cl deals with that.
Also, I worry this may break some APIs if it happens on POST/PUT/DELETE verbs since those do have a zero CL. Could we scope this to just GET reqs?

msjenkins-r7 added a commit that referenced this pull request Jun 4, 2019

@busterb busterb referenced this pull request Jun 4, 2019

Merged

Make auto_cl more selective based on HTTP method #11945

2 of 2 tasks complete
@busterb

This comment has been minimized.

Copy link
Member Author

commented Jun 4, 2019

Sure, added a follow-up PR that is more scoped. Added 'CONNECT' too which also doesn't need CL, right?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.