-
Bug
-
Resolution: Duplicate
-
P4
-
None
-
11, 17, 18, 19
-
generic
-
generic
A DESCRIPTION OF THE PROBLEM :
RFC 7231 states:
'A payload within a GET request message has no defined semantics;
sending a payload body on a GET request might cause some existing
implementations to reject the request.'
In other words whilst not prohibited, it is extremely unusual/unlikely for a GET request to have a request body. The vast majority of HTTP clients DO NOT include a `Content-Length: 0` header when making a GET request.
For example here is the verbose output of curl doing a GET request:
> GET / HTTP/1.1
> Host: oracle.com
> User-Agent: curl/7.77.0
> Accept: */*
Similarly the legacy HttpUrlConnection Java class does NOT add a Content-Length: 0 for GET requests.
For HTTP methods that are not expected to have a request body (GET/HEAD/OPTIONS/DELETE) adding a `Content-Length: 0` header MAY confuse the server. For example, see this bug in Oracle Helidon: https://github.com/oracle/helidon/issues/3988
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
See test-case in this Oracle Helidon problem report: https://github.com/oracle/helidon/issues/3988
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
HttpClient WebSocket upgrade GET requests (particularly for WebSocket upgrade requests) should not include in a Content-Length: 0 header. It is redundant and may cause issues when present
ACTUAL -
HttpClient adds Content-Length: 0 to all requests without a request body. Calling code has no way to control/modify this behaviour.
CUSTOMER SUBMITTED WORKAROUND :
No workaround possible, prevents Oracle JDK HttpClient working with Oracle Helidon WebSocket applications.
FREQUENCY : always
RFC 7231 states:
'A payload within a GET request message has no defined semantics;
sending a payload body on a GET request might cause some existing
implementations to reject the request.'
In other words whilst not prohibited, it is extremely unusual/unlikely for a GET request to have a request body. The vast majority of HTTP clients DO NOT include a `Content-Length: 0` header when making a GET request.
For example here is the verbose output of curl doing a GET request:
> GET / HTTP/1.1
> Host: oracle.com
> User-Agent: curl/7.77.0
> Accept: */*
Similarly the legacy HttpUrlConnection Java class does NOT add a Content-Length: 0 for GET requests.
For HTTP methods that are not expected to have a request body (GET/HEAD/OPTIONS/DELETE) adding a `Content-Length: 0` header MAY confuse the server. For example, see this bug in Oracle Helidon: https://github.com/oracle/helidon/issues/3988
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
See test-case in this Oracle Helidon problem report: https://github.com/oracle/helidon/issues/3988
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
HttpClient WebSocket upgrade GET requests (particularly for WebSocket upgrade requests) should not include in a Content-Length: 0 header. It is redundant and may cause issues when present
ACTUAL -
HttpClient adds Content-Length: 0 to all requests without a request body. Calling code has no way to control/modify this behaviour.
CUSTOMER SUBMITTED WORKAROUND :
No workaround possible, prevents Oracle JDK HttpClient working with Oracle Helidon WebSocket applications.
FREQUENCY : always
- duplicates
-
-
- Closed
-