问题
If a HTTP server sends a reply with a Content-Length header and a message-body that is slightly larger than that length, what is the accepted way to handle this mismatch? Should I silently ignore the extra data? I don't see this specified in the HTTP/1.1 RFC, it just says that it should always match. Just seems like there could be some buggy servers out there that don't get this right.
Thanks.
回答1:
The length is defined by the Content-Length header field (or Chunked Encoding, or closing the connection).
If the length doesn't "match" this means that the extra bytes belong to the next message. If these extra bytes do not represent an additional HTTP message, that's a communications error. Just close the connection and report an error.
(see https://greenbytes.de/tech/webdav/rfc7230.html#message.body.length)
回答2:
By HTTP status code definitions, returning a "400 Bad Request" and informing the client in response that the two lengths mismatch seems to be the most appropriate action.
https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
10.4.1 400 Bad Request
The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications.
来源:https://stackoverflow.com/questions/8314051/what-to-do-if-http-content-length-differs-from-actual-body-size