Comments (4)
It seems like WEBrick still doesn't allow POST/PUT requests with empty body, but the difference now is that the server doesn't respond with a 411, instead the request is blocked forever because the server gets stuck at the eof
call here:
webrick/lib/webrick/httprequest.rb
Line 525 in cda6d40
I can repro with this script:
require 'webrick'
class Simple < WEBrick::HTTPServlet::AbstractServlet
def do_GET(req, res)
puts "Hello world!"
res.status = 200
res.body = "Hello world!"
end
alias do_POST do_GET
end
server = WEBrick::HTTPServer.new(Port: 9988) server.logger.level = 5
server.mount '/', Simple
server.start
And:
~ ยป curl -X POST --verbose localhost:9988
* Trying 127.0.0.1:9988...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 9988 (#0)
> POST / HTTP/1.1
> Host: localhost:9988
> User-Agent: curl/7.68.0
> Accept: */*
>
# blocks forever; I have to Ctrl+C it
Edit:
My use-case is I have a web service whose job is to generate a bunch of config files. I'd like to have an endpoint that I can POST to to make the service regenerate the config files. It doesn't need any data from the client to do its job so the POST request will have an empty body.
from webrick.
Why?
Can you show the use-case for this?
from webrick.
sure,
I'm using Webrick for mock to test long-living app and there I have PUT (cash refresh) and POST (with url param) requests: they have neither body no Content-Length header. So these request fail in test with error 411. Though they successfully work in prod for many years.
I don't see why would you restrict user though solution is still viable without it. Please let me know if I'm missing anything
from webrick.
I think we should allow these requests, as they appear to be valid according to RFC 7230 section 3.3.3 (number 6 in list allows for no Content-Length if body is empty): https://tools.ietf.org/html/rfc7230#section-3.3.3
from webrick.
Related Issues (20)
- Is there any way to perform a connection upgrade (e.g. WebSockets) without monkey-patching `HTTPServer`? HOT 1
- WEBrick has an unsafe shutdown process it tries to concurrently write and close the @shutdown_pipe HOT 4
- Webrick `1.8.0` is incompatible with Rack `2.2.6.2` HOT 1
- Unicode handling in header location HOT 11
- test_httpresponse.rb test failures HOT 2
- MAX_URI_LENGTH exceeded results in nonsensical error HOT 2
- digest auth bug: wrong calculation for A1 HOT 1
- TypeError: no implicit conversion of Array into String HOT 5
- WEBrick RCE Vulnerability HOT 3
- Request Smuggling in WEBrick Due to Incorrect Parsing of Empty `Content-Length` Values HOT 2
- license helpful resource
- Request Smuggling in WEBrick via bad chunk-size parsing HOT 5
- Stripping NUL from the ends of header values HOT 1
- Link to documentation in README HOT 1
- `OpenSSL::SSL::SSLError: SSL_read: unexpected eof while reading` with OpenSSL 3.x HOT 3
- webrick missing as requirement? HOT 2
- `WEBrick::HTTPUtils.escape(nil)` raises a confusing exception
- WEBrick::HTTPProxyServer hangs when process exits HOT 1
- Ruby version is showing up in Webrick Headers, and we need to edit that for security reason HOT 4
- WEBRick::HTTPServer creates ipv6only socket for host `::` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webrick.