Project

General

Profile

Actions

Bug #17835

closed

Net::HTTP should automatically add Accept-Encoding request header on HEAD request as well

Added by jrsyo (Shohei Maeda) almost 3 years ago. Updated almost 2 years ago.

Status:
Closed
Target version:
-
[ruby-core:103626]

Description

Currently, Net::HTTP adds the Accept-Encoding request header by default except for HEAD method.
https://github.com/ruby/ruby/blob/v3_0_1/lib/net/http.rb#L1489-L1493
https://github.com/ruby/ruby/blob/v3_0_1/lib/net/http/generic_request.rb#L34-L44

While this unlikely to cause any real-world problems, this isn't an ideal implementation according to the RFC below:
https://tools.ietf.org/html/rfc7230#section-3.3.2

A server MAY send a Content-Length header field in a response to a
HEAD request (Section 4.3.2 of [RFC7231]); a server MUST NOT send
Content-Length in such a response unless its field-value equals the
decimal number of octets that would have been sent in the payload
body of a response if the same request had used the GET method.

Since server MAY (can) send the Content-Length header in response to a HEAD request, the client would see a Content-Length value of an uncompressed response if we don't send the Accept-Encoding request header.

$ curl -svo /dev/null 'https://www.ruby-lang.org/en/' -I --compressed 2>&1 | grep -i content-length
< content-length: 3380

$ curl -svo /dev/null 'https://www.ruby-lang.org/en/' -I 2>&1 | grep -i content-length
< content-length: 10932

Say, if the purpose of sending HEAD is to know the content-length beforehand (as an example) doesn’t it make sense to also add the Accept-Encoding request header on HEAD requests as well? In fact, users almost certainly request compressed objects in the subsequent requests (e.g., GET) because of the auto-addition logic above anyway.

https://github.com/smaeda-ks/ruby/commit/020469cfcf5f910a22e9bbb24ba18ba4e147ff19

Thanks,
Shohei

Actions #1

Updated by jrsyo (Shohei Maeda) almost 3 years ago

  • Tracker changed from Feature to Bug
  • Backport set to 2.6: UNKNOWN, 2.7: UNKNOWN, 3.0: UNKNOWN

Updated by hsbt (Hiroshi SHIBATA) over 2 years ago

  • Status changed from Open to Assigned
  • Assignee set to naruse (Yui NARUSE)

https://github.com/ruby/net-http/pull/26 was merged for Ruby 3.1.

But I'm not sure that we should backport this to Ruby 3.0 or old versions.

Actions #4

Updated by jeremyevans0 (Jeremy Evans) almost 2 years ago

  • Status changed from Assigned to Closed
  • Backport changed from 2.6: UNKNOWN, 2.7: UNKNOWN, 3.0: UNKNOWN to 2.6: UNKNOWN, 2.7: UNKNOWN, 3.0: REQUIRED
Actions

Also available in: Atom PDF

Like0
Like0Like0Like0Like0