diff options
author | Loïc Hoguin <[email protected]> | 2020-05-20 13:41:05 +0200 |
---|---|---|
committer | Loïc Hoguin <[email protected]> | 2020-05-20 13:41:05 +0200 |
commit | 39b2816255503910dc23e2fdf703ee63bbc8953e (patch) | |
tree | 65f9b843db941fd7ba1f3926b77ab34cbc5675f8 /src/cowboy_req.erl | |
parent | 8337aca4d31ffa8120704057675aacbbaa280975 (diff) | |
download | cowboy-39b2816255503910dc23e2fdf703ee63bbc8953e.tar.gz cowboy-39b2816255503910dc23e2fdf703ee63bbc8953e.tar.bz2 cowboy-39b2816255503910dc23e2fdf703ee63bbc8953e.zip |
204 and 304 responses must not include a body
When calling cowboy_req:reply/4 with a body a crash will occur
resulting in a 500 response. When calling cowboy_req:stream_reply/2,3
and then attempting to send a body a crash will occur.
Diffstat (limited to 'src/cowboy_req.erl')
-rw-r--r-- | src/cowboy_req.erl | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/src/cowboy_req.erl b/src/cowboy_req.erl index a2eadfc..90c5a3a 100644 --- a/src/cowboy_req.erl +++ b/src/cowboy_req.erl @@ -806,12 +806,16 @@ reply(Status, Headers, SendFile = {sendfile, _, Len, _}, Req) }, SendFile, Req); %% 204 responses must not include content-length. 304 responses may %% but only when set explicitly. (RFC7230 3.3.1, RFC7230 3.3.2) +%% Neither status code must include a response body. (RFC7230 3.3) reply(Status, Headers, Body, Req) when Status =:= 204; Status =:= 304 -> + 0 = iolist_size(Body), do_reply(Status, Headers, Body, Req); -reply(Status= <<"204",_/bits>>, Headers, Body, Req) -> +reply(Status = <<"204",_/bits>>, Headers, Body, Req) -> + 0 = iolist_size(Body), do_reply(Status, Headers, Body, Req); -reply(Status= <<"304",_/bits>>, Headers, Body, Req) -> +reply(Status = <<"304",_/bits>>, Headers, Body, Req) -> + 0 = iolist_size(Body), do_reply(Status, Headers, Body, Req); reply(Status, Headers, Body, Req) when is_integer(Status); is_binary(Status) -> @@ -840,6 +844,17 @@ stream_reply(Status, Req) -> -> Req when Req::req(). stream_reply(_, _, #{has_sent_resp := _}) -> error(function_clause); +%% 204 and 304 responses must NOT send a body. We therefore +%% transform the call to a full response and expect the user +%% to NOT call stream_body/3 afterwards. (RFC7230 3.3) +stream_reply(Status = 204, Headers=#{}, Req) -> + reply(Status, Headers, <<>>, Req); +stream_reply(Status = <<"204",_/bits>>, Headers=#{}, Req) -> + reply(Status, Headers, <<>>, Req); +stream_reply(Status = 304, Headers=#{}, Req) -> + reply(Status, Headers, <<>>, Req); +stream_reply(Status = <<"304",_/bits>>, Headers=#{}, Req) -> + reply(Status, Headers, <<>>, Req); stream_reply(Status, Headers=#{}, Req) when is_integer(Status); is_binary(Status) -> cast({headers, Status, response_headers(Headers, Req)}, Req), done_replying(Req, headers). |