PUT&POST - do not require length
Valentyna opened this issue · comments
Could you please remove BODY_CONTAINABLE_METHODS check:
Allow POSt and PUT methods with empty body and without Content-Length=0 header
Why?
Can you show the use-case for this?
sure,
I'm using Webrick for mock to test long-living app and there I have PUT (cash refresh) and POST (with url param) requests: they have neither body no Content-Length header. So these request fail in test with error 411. Though they successfully work in prod for many years.
I don't see why would you restrict user though solution is still viable without it. Please let me know if I'm missing anything
I think we should allow these requests, as they appear to be valid according to RFC 7230 section 3.3.3 (number 6 in list allows for no Content-Length if body is empty): https://tools.ietf.org/html/rfc7230#section-3.3.3
It seems like WEBrick still doesn't allow POST/PUT requests with empty body, but the difference now is that the server doesn't respond with a 411, instead the request is blocked forever because the server gets stuck at the eof
call here:
webrick/lib/webrick/httprequest.rb
Line 525 in cda6d40
I can repro with this script:
require 'webrick'
class Simple < WEBrick::HTTPServlet::AbstractServlet
def do_GET(req, res)
puts "Hello world!"
res.status = 200
res.body = "Hello world!"
end
alias do_POST do_GET
end
server = WEBrick::HTTPServer.new(Port: 9988) server.logger.level = 5
server.mount '/', Simple
server.start
And:
~ » curl -X POST --verbose localhost:9988
* Trying 127.0.0.1:9988...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 9988 (#0)
> POST / HTTP/1.1
> Host: localhost:9988
> User-Agent: curl/7.68.0
> Accept: */*
>
# blocks forever; I have to Ctrl+C it
Edit:
My use-case is I have a web service whose job is to generate a bunch of config files. I'd like to have an endpoint that I can POST to to make the service regenerate the config files. It doesn't need any data from the client to do its job so the POST request will have an empty body.