Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenLiteSpeed improperly hadnles requests with both Transfer-Encoding and Content-Length, in that order #435

Open
kenballus opened this issue Jan 5, 2025 · 0 comments
Open

OpenLiteSpeed improperly hadnles requests with both Transfer-Encoding and Content-Length, in that order #435

kenballus opened this issue Jan 5, 2025 · 0 comments

Comments

@kenballus
Copy link

The HTTP RFCs specify that messages containing both Content-Length and Transfer-Encoding headers are to be handled by either

  1. discarding the Content-Length header, or
  2. rejecting the request with status 400.

OLS does this correctly when the Transfer-Encoding header comes after the Content-Length header, but not when it comes before.

For example, if you send the following request to OLS, the Content-Length header will be incorrectly prioritized over the Transfer-Encoding header.

POST / HTTP/1.1\r\n
Host: whatever\r\n
Transfer-Encoding: chunked\r\n
Content-Length: 5\r\n
0\r\n
\r\n

This behavior exists both when OLS is acting as an origin and as a proxy.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kenballus