httphttpresponsewebproxyrfc2616http-content-length

Proxy / gateway behaviour if HTTP response data exceeds content length


How should proxies / gateways behave when http servers send HTTP response where the data size exceeds content-length? Dropping it as a RFC non-compliance is one way to go but looks like there are quite a few implementations/deployments with this behaviour today and this change will end up breaking those URLs.

Will really appreciate any insights/pointers.

Thanks, Dev


Solution

  • If the data size exceeds content-length, the remaining bytes on the wire are considered part of the response to the next (pipelined) request.

    If there isn't an outstanding request to match with that response, see https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-p1-messaging-26#section-3.3.3 -

       If the final response to the last request on a connection has been
       completely received and there remains additional data to read, a user
       agent MAY discard the remaining data or attempt to determine if that
       data belongs as part of the prior response body, which might be the
       case if the prior message's Content-Length value is incorrect.  A
       client MUST NOT process, cache, or forward such extra data as a
       separate response, since such behavior would be vulnerable to cache
       poisoning.