Bug in B6361557
Jaikiran Pai
jai.forums2013 at gmail.com
Mon Jan 6 06:25:00 UTC 2025
I've now raised a PR to address the test issue. As for the following part:
On 03/01/25 9:11 pm, robert engels wrote:
> ...
>
> sends an invalid http request according to the specification here https://datatracker.ietf.org/doc/html/rfc2616#section-4.4
>
> specifically "When a Content-Length is given in a message where a message-body is
> allowed, its field value MUST exactly match the number of OCTETs in
> the message-body. HTTP/1.1 user agents MUST notify the user when an
> invalid length is received and detected."
>
> ...
>
> It currently passes, only because the server is not fully implementing the http specification.
I read that section again today and (like you note) it states that
"HTTP/1.1 user agents MUST notify the user when an invalid length is
received and detected." However, RFC-2616 (the one quoted above) is
obsoleted by RFC-9110. RFC-9110 no longer has that above sentence for
the Content-Length semantics in section 8.6
(https://www.rfc-editor.org/rfc/rfc9110#name-content-length).
Furthermore, RFC-9110 section 3.5
(https://www.rfc-editor.org/rfc/rfc9110#name-user-agents), defines an
user agent as:
"The term "user agent" refers to any of the various client programs that
initiate a request."
So, given all this, I don't think the JDK's current implementation of
the HttpServer is in violation of the RFC.
-Jaikiran
More information about the net-dev
mailing list