Clear fewer headers on 1xx/204/304 responses

This function is called on more than just 304 responses; it’s
important to permit the Allow header on 204 responses.  Also, the
relevant RFCs have changed significantly.

Fixes #2726.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>

diff --git a/tornado/test/httpclient_test.py b/tornado/test/httpclient_test.py
index d1cc14673baafa3811ce4afbdb92a6afc1796f68..11a4ee022948a851085fd2cf31a541e926165960 100644 (file)
--- a/tornado/test/httpclient_test.py
+++ b/tornado/test/httpclient_test.py
@@ -109,7 +109,7 @@ class ContentLength304Handler(RequestHandler):
         self.set_status(304)
         self.set_header("Content-Length", 42)
 
-    def _clear_headers_for_304(self):
+    def _clear_representation_headers(self):
         # Tornado strips content-length from 304 responses, but here we
         # want to simulate servers that include the headers anyway.
         pass

diff --git a/tornado/test/web_test.py b/tornado/test/web_test.py
index 5908710ac9f8fe2f18668563ec6fbc2796d5577e..4a06c12d6c83077f82edf29be6e2135bdfdf31c3 100644 (file)
--- a/tornado/test/web_test.py
+++ b/tornado/test/web_test.py
@@ -1175,7 +1175,6 @@ class StaticFileTest(WebTestCase):
         )
         self.assertEqual(response2.code, 304)
         self.assertTrue("Content-Length" not in response2.headers)
-        self.assertTrue("Last-Modified" not in response2.headers)
 
     def test_static_304_if_none_match(self):
         response1 = self.get_and_head("/static/robots.txt")

diff --git a/tornado/web.py b/tornado/web.py
index adbf591e50283b845ee30843485483534c85ce37..9412ab4476f5a815764a4358c3ddc8d6bfc2d394 100644 (file)
--- a/tornado/web.py
+++ b/tornado/web.py
@@ -1138,7 +1138,7 @@ class RequestHandler(object):
                 assert not self._write_buffer, (
                     "Cannot send body with %s" % self._status_code
                 )
-                self._clear_headers_for_304()
+                self._clear_representation_headers()
             elif "Content-Length" not in self._headers:
                 content_length = sum(len(part) for part in self._write_buffer)
                 self.set_header("Content-Length", content_length)
@@ -1803,21 +1803,13 @@ class RequestHandler(object):
     def _ui_method(self, method: Callable[..., str]) -> Callable[..., str]:
         return lambda *args, **kwargs: method(self, *args, **kwargs)
 
-    def _clear_headers_for_304(self) -> None:
-        # 304 responses should not contain entity headers (defined in
-        # http://www.w3.org/Protocols/rfc2616/rfc2616-sec7.html#sec7.1)
+    def _clear_representation_headers(self) -> None:
+        # 304 responses should not contain representation metadata
+        # headers (defined in
+        # https://tools.ietf.org/html/rfc7231#section-3.1)
         # not explicitly allowed by
-        # http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.5
-        headers = [
-            "Allow",
-            "Content-Encoding",
-            "Content-Language",
-            "Content-Length",
-            "Content-MD5",
-            "Content-Range",
-            "Content-Type",
-            "Last-Modified",
-        ]
+        # https://tools.ietf.org/html/rfc7232#section-4.1
+        headers = ["Content-Encoding", "Content-Language", "Content-Type"]
         for h in headers:
             self.clear_header(h)