From: Luca Toscano <elukey@apache.org>
Date: Fri, 9 Dec 2016 09:29:57 +0000 (+0000)
Subject: Drop C-L header and message-body from HTTP 204 responses.
X-Git-Tag: 2.5.0-alpha~932
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ffabf5f53ef74bc5f536c431fe2b59b1c8a10ff7;p=apache

Drop C-L header and message-body from HTTP 204 responses.

The C-L header can be set in a fcgi/cgi backend or in other
filters like ap_content_length_filter (with the value of 0),
meanwhile the message-body can be returned incorrectly
by any backend. The idea is to remove unnecessary bytes
from a HTTP 204 response.

PR 51350


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1773346 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index bef0e8b0b2..517ed5abbb 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) core: Drop Content-Length header and message-body from HTTP 204 responses.
+     PR 51350 [Luca Toscano]
+
   *) SECURITY: CVE-2016-2161 (cve.mitre.org)
      mod_auth_digest: Prevent segfaults during client entry allocation when the
      shared memory space is exhausted. [Maksim Malyutin <m.malyutin dsec.ru>,
diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c
index 1110f4db4f..ef2b541a93 100644
--- a/modules/http/http_filters.c
+++ b/modules/http/http_filters.c
@@ -1208,7 +1208,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
 
     AP_DEBUG_ASSERT(!r->main);
 
-    if (r->header_only) {
+    if (r->header_only || r->status == HTTP_NO_CONTENT) {
         if (!ctx) {
             ctx = f->ctx = apr_pcalloc(r->pool, sizeof(header_filter_ctx));
         }
@@ -1298,6 +1298,10 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
         apr_table_unset(r->headers_out, "Content-Length");
     }
 
+    if (r->status == HTTP_NO_CONTENT) {
+        apr_table_unset(r->headers_out, "Content-Length");
+    }
+
     ctype = ap_make_content_type(r, r->content_type);
     if (ctype) {
         apr_table_setn(r->headers_out, "Content-Type", ctype);
@@ -1369,7 +1373,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
 
     ap_pass_brigade(f->next, b2);
 
-    if (r->header_only) {
+    if (r->header_only || r->status == HTTP_NO_CONTENT) {
         apr_brigade_cleanup(b);
         ctx->headers_sent = 1;
         return OK;