Loading ...
Sorry, an error occurred while loading the content.

body on HEAD errror response

Expand Messages
  • Larry Masinter
    I believe that the HTTP spec is wrong, and should say that 2xx responses to HEAD must not contain a body, but other responses should.
    Message 1 of 4 , Oct 9, 2001
    • 0 Attachment
      I believe that the HTTP spec is wrong, and should say that 2xx
      responses to HEAD must not contain a body, but other responses
      should.

      ==========================
      We're having a problem reconciling the HTTP 1.1 spec with what
      servers are actually doing. The HTTP spec says (section 4.3, message
      body):

      For response messages, whether or not a message-body is included with
      a message is dependent on both the request method and the response
      status code (section 6.1.1). All responses to the HEAD request method
      MUST NOT include a message-body, even though the presence of entity-
      header fields might lead one to believe they do. All 1xx
      (informational), 204 (no content), and 304 (not modified) responses
      MUST NOT include a message-body. All other responses do include a
      message-body, although it may be of zero length.

      and also

      9.4 HEAD

      The HEAD method is identical to GET except that the server MUST NOT
      return a message-body in the response. The metainformation contained
      in the HTTP headers in response to a HEAD request SHOULD be identical
      to the information sent in response to a GET request. This method can
      be used for obtaining metainformation about the entity implied by the
      request without transferring the entity-body itself. This method is
      often used for testing hypertext links for validity, accessibility,
      and recent modification.

      But, in spite of this, every server we test against (and every one
      we've written ourselves) returns a body on ERROR responses to the
      HEAD request (e.g., HTML explaining the error on a 400, 401, 404, and
      so on).
      =================================
    • Marc Slemko
      ... Umh. Neither Apache, IIS, or iPlanet exhibit the brokenness you describe, at least not in their default configurations when requesting a document that
      Message 2 of 4 , Oct 9, 2001
      • 0 Attachment
        On Tue, 9 Oct 2001, Larry Masinter wrote:

        > I believe that the HTTP spec is wrong, and should say that 2xx
        > responses to HEAD must not contain a body, but other responses
        > should.

        Umh. Neither Apache, IIS, or iPlanet exhibit the brokenness you
        describe, at least not in their default configurations when requesting a
        document that gives a 404.

        I suggest you look again...

        And make sure you haven't been insulted by having a so-called
        transparent proxy (aka. demon box from hell aka. "worst products
        ever") between you and the servers you are testing against.



        >
        > ==========================
        > We're having a problem reconciling the HTTP 1.1 spec with what
        > servers are actually doing. The HTTP spec says (section 4.3, message
        > body):
        >
        > For response messages, whether or not a message-body is included with
        > a message is dependent on both the request method and the response
        > status code (section 6.1.1). All responses to the HEAD request method
        > MUST NOT include a message-body, even though the presence of entity-
        > header fields might lead one to believe they do. All 1xx
        > (informational), 204 (no content), and 304 (not modified) responses
        > MUST NOT include a message-body. All other responses do include a
        > message-body, although it may be of zero length.
        >
        > and also
        >
        > 9.4 HEAD
        >
        > The HEAD method is identical to GET except that the server MUST NOT
        > return a message-body in the response. The metainformation contained
        > in the HTTP headers in response to a HEAD request SHOULD be identical
        > to the information sent in response to a GET request. This method can
        > be used for obtaining metainformation about the entity implied by the
        > request without transferring the entity-body itself. This method is
        > often used for testing hypertext links for validity, accessibility,
        > and recent modification.
        >
        > But, in spite of this, every server we test against (and every one
        > we've written ourselves) returns a body on ERROR responses to the
        > HEAD request (e.g., HTML explaining the error on a 400, 401, 404, and
        > so on).
        > =================================
        >
      • Roy T. Fielding
        ... That would be contrary to all past discussion of HEAD and all implementations of HTTP prior to 1997. The only origin server that I know of that returns a
        Message 3 of 4 , Oct 9, 2001
        • 0 Attachment
          On Tue, Oct 09, 2001 at 01:58:41PM -0700, Larry Masinter wrote:
          > I believe that the HTTP spec is wrong, and should say that 2xx
          > responses to HEAD must not contain a body, but other responses
          > should.

          That would be contrary to all past discussion of HEAD and all implementations
          of HTTP prior to 1997. The only origin server that I know of that returns
          a body on HEAD requests is IIS when used with an ASP object that takes
          complete control of the socket and ignores the HTTP spec. All other
          instances of that behavior have been from broken firewall proxies or
          gateways. It certainly does not constitute a correct implementation.

          ....Roy
        • Larry Masinter - LMM@acm.org
          OK, OK, I blew it. The spec is right, the implementations tested (below) were wrong. Sorry Larry
          Message 4 of 4 , Oct 9, 2001
          • 0 Attachment
            OK, OK, I blew it.

            The spec is right, the implementations tested (below) were wrong.
            Sorry

            Larry


            > -----Original Message-----
            > From: Larry Masinter [mailto:LMM@...]
            > Sent: Tuesday, October 09, 2001 1:59 PM
            > To: HTTP Working Group
            > Cc: http-wg@...
            > Subject: body on HEAD errror response
            >
            >
            > I believe that the HTTP spec is wrong, and should say that 2xx
            > responses to HEAD must not contain a body, but other responses
            > should.
            >
            > ==========================
            > We're having a problem reconciling the HTTP 1.1 spec with what
            > servers are actually doing. The HTTP spec says (section 4.3, message
            > body):
            >
            > For response messages, whether or not a message-body is included with
            > a message is dependent on both the request method and the response
            > status code (section 6.1.1). All responses to the HEAD request method
            > MUST NOT include a message-body, even though the presence of entity-
            > header fields might lead one to believe they do. All 1xx
            > (informational), 204 (no content), and 304 (not modified) responses
            > MUST NOT include a message-body. All other responses do include a
            > message-body, although it may be of zero length.
            >
            > and also
            >
            > 9.4 HEAD
            >
            > The HEAD method is identical to GET except that the server MUST NOT
            > return a message-body in the response. The metainformation contained
            > in the HTTP headers in response to a HEAD request SHOULD be identical
            > to the information sent in response to a GET request. This method can
            > be used for obtaining metainformation about the entity implied by the
            > request without transferring the entity-body itself. This method is
            > often used for testing hypertext links for validity, accessibility,
            > and recent modification.
            >
            > But, in spite of this, every server we test against (and every one
            > we've written ourselves) returns a body on ERROR responses to the
            > HEAD request (e.g., HTML explaining the error on a 400, 401, 404, and
            > so on).
            > =================================
            >
          Your message has been successfully submitted and would be delivered to recipients shortly.