How to handle “100 continue” HTTP message?

Question

I\'m writing a simplistic HTTP server that will accept PUT requests mostly from cURL as client and I\'m having a bit of an issue with handling the Expect: 100-continue

Answer 1

Try adding an empty line (CRLF) after the 100 Continue line (see RFC 2616, Section 6),

Answer 2

I know this is old, but here is my understanding of "100 Continue"

Your server is supposed to validate the request based on header alone from the client i.e. if the request is invalid, don't send "100 Continue" but actual http error instead e.g. 403. This should prevent the client from posting the data which I understand is the whole point of roundtrip to the server (i.e. client waiting for "100 Continue") in the first place.

If you are validating actual posted data, then you need to apply higher-level protocol here i.e. send your error wrapped in valid HTTP response content. Yes, it seems like limitation and I'm not assuming it's protocol limitation; more likely client confusion having to handle server response more than once.

Answer 3

If you are using libcURL to write your client-side program, make sure you set the CURLOPT_FAILONERROR option to 1. For example, in C, you would do something like:

curl_easy_setopt (curl_handle, CURLOPT_FAILONERROR, 1L);

According to the libcURL documentation, this option "tells the library to fail silently if the HTTP code returned is equal to or larger than 400."

Furthermore, the documentation makes it clear that "the default action would be to return the page normally, ignoring that code."

If you are using the curl command line tool, simply adding -f or --fail into your curl command will cause similar behaviour as described above. This is also described in the curl man page.

Note that both these methods are not fail-safe, as is clearly stated in the docs:

"This method is not fail-safe and there are occasions where non-successful response codes will slip through, especially when authentication is involved (response codes 401 and 407)."

Answer 4

Actually there should be real header after 100 Continue header

So, I normally do like this on client side.

$contents=curl_exec($ch);

list( $header, $contents ) = explode( "\r\n\r\n", $contents , 2);
if(strpos($header," 100 Continue")!==false){
    list( $header, $contents) = explode( "\r\n\r\n", $contents , 2);
}

Answer 5

Elaborating on YOU's answer, and still using PHP as an example:

It is possible that multiple 100 Continue headers could be received. I use the following to slowly work through the headers and remove each of the 100 Continue responses if they exist:

<?php
// a little setup first
$ch = curl_init();
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_HEADER,1);
// etc...
$str = curl_exec($ch);

// the goods
$delimiter = "\r\n\r\n"; // HTTP header delimiter
// check if the 100 Continue header exists
while ( preg_match('#^HTTP/[0-9\\.]+\s+100\s+Continue#i',$str) ) {
    $tmp = explode($delimiter,$str,2); // grab the 100 Continue header
    $str = $tmp[1]; // update the response, purging the most recent 100 Continue header
} // repeat

// now we just have the normal header and the body
$parts = explode($delimiter,$str,2);
$header = $parts[0];
$body = $parts[1];
?>