Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PUT&POST - do not require length #30

Closed
Valentyna opened this issue Sep 30, 2019 · 4 comments · Fixed by #50
Closed

PUT&POST - do not require length #30

Valentyna opened this issue Sep 30, 2019 · 4 comments · Fixed by #50

Comments

@Valentyna
Copy link

Valentyna commented Sep 30, 2019

Could you please remove BODY_CONTAINABLE_METHODS check:
Allow POSt and PUT methods with empty body and without Content-Length=0 header

@hsbt
Copy link
Member

hsbt commented Oct 1, 2019

Why?

Can you show the use-case for this?

@Valentyna
Copy link
Author

Valentyna commented Oct 1, 2019

sure,
I'm using Webrick for mock to test long-living app and there I have PUT (cash refresh) and POST (with url param) requests: they have neither body no Content-Length header. So these request fail in test with error 411. Though they successfully work in prod for many years.
I don't see why would you restrict user though solution is still viable without it. Please let me know if I'm missing anything

@jeremyevans
Copy link
Contributor

I think we should allow these requests, as they appear to be valid according to RFC 7230 section 3.3.3 (number 6 in list allows for no Content-Length if body is empty): https://tools.ietf.org/html/rfc7230#section-3.3.3

jeremyevans added a commit to jeremyevans/webrick that referenced this issue Jul 15, 2020
RFC 7230 section 3.3.3 allows for this.

Fixes ruby#30
jeremyevans added a commit to jeremyevans/webrick that referenced this issue Jul 15, 2020
RFC 7230 section 3.3.3 allows for this.

Fixes ruby#30
jeremyevans added a commit that referenced this issue Jul 15, 2020
RFC 7230 section 3.3.3 allows for this.

Fixes #30
@OsamaSayegh
Copy link

OsamaSayegh commented Feb 23, 2021

It seems like WEBrick still doesn't allow POST/PUT requests with empty body, but the difference now is that the server doesn't respond with a 411, instead the request is blocked forever because the server gets stuck at the eof call here:

elsif BODY_CONTAINABLE_METHODS.member?(@request_method) && !@socket.eof

I can repro with this script:

require 'webrick'

class Simple < WEBrick::HTTPServlet::AbstractServlet
  def do_GET(req, res)
    puts "Hello world!"
    res.status = 200
    res.body = "Hello world!"
  end

  alias do_POST do_GET
end
server = WEBrick::HTTPServer.new(Port: 9988)                                                                                                                                                                                                                                    server.logger.level = 5
server.mount '/', Simple
server.start

And:

~ » curl -X POST --verbose localhost:9988
*   Trying 127.0.0.1:9988...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 9988 (#0)
> POST / HTTP/1.1
> Host: localhost:9988
> User-Agent: curl/7.68.0
> Accept: */*
>
# blocks forever; I have to Ctrl+C it

Edit:

My use-case is I have a web service whose job is to generate a bunch of config files. I'd like to have an endpoint that I can POST to to make the service regenerate the config files. It doesn't need any data from the client to do its job so the POST request will have an empty body.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging a pull request may close this issue.

4 participants