Simplify request parsing to not check request method when determining if a

request contains a request-entity or not. For requests this is signalled
entirely by Content-Length/Transfer-Encoding regardless of method.

also drops the requirement that PUT/POST requests must have a request-entity.
The RFC do not explicitly state this requirement even if the wording for those
methods do assume there is a enclosed request-entity.

The administrative "request_entities" config flag is kept for security
reasons, even if not really RFC compliant. (RFC meaning of request-entity
in GET/HEAD is just undefined or "ignored", not forbidden)

diff --git a/src/HttpRequest.cc b/src/HttpRequest.cc
index feefc7cd85349b8a3cf47d6d6ef8b1fcede754fe..5430a979de5b2da92ef07675036020efee039192 100644 (file)
--- a/src/HttpRequest.cc
+++ b/src/HttpRequest.cc
@@ -502,7 +502,7 @@ void HttpRequest::packFirstLineInto(Packer * p, bool full_uri) const
 }
 
 /*
- * Indicate whether or not we would usually expect an entity-body
+ * Indicate whether or not we would expect an entity-body
  * along with this request
  */
 bool
@@ -511,28 +511,18 @@ HttpRequest::expectingBody(const HttpRequestMethod& unused, int64_t& theSize) co
     bool expectBody = false;
 
     /*
-     * GET and HEAD don't usually have bodies, but we should be prepared
-     * to accept one if the request_entities directive is set
+     * Note: Checks for message validity is in clientIsContentLengthValid().
+     * this just checks if a entity-body is expected based on HTTP message syntax
      */
-
-    if (method == METHOD_GET || method == METHOD_HEAD)
-        expectBody = Config.onoff.request_entities ? true : false;
-    else if (method == METHOD_PUT || method == METHOD_POST)
-        expectBody = true;
-    else if (header.chunked())
+    if (header.chunked()) {
         expectBody = true;
-    else if (content_length >= 0)
+        theSize = -1;
+    } else if (content_length >= 0) {
         expectBody = true;
-    else
+        theSize = content_length;
+    } else {
         expectBody = false;
-
-    if (expectBody) {
-        if (header.chunked())
-            theSize = -1;
-        else if (content_length >= 0)
-            theSize = content_length;
-        else
-            theSize = -1;
+        // theSize undefined
     }
 
     return expectBody;

diff --git a/src/client_side.cc b/src/client_side.cc
index d961801a5f8e8eaf8253b2f8f2a62fe51dae3f62..efa2d5bb1e2567d2197934cb96c4ce229953f140 100644 (file)
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -825,12 +825,6 @@ clientIsContentLengthValid(HttpRequest * r)
 {
     switch (r->method.id()) {
 
-    case METHOD_PUT:
-
-    case METHOD_POST:
-        /* PUT/POST requires a request entity */
-        return (r->content_length >= 0);
-
     case METHOD_GET:
 
     case METHOD_HEAD: