From 39b2816255503910dc23e2fdf703ee63bbc8953e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= <essen@ninenines.eu>
Date: Wed, 20 May 2020 13:41:05 +0200
Subject: 204 and 304 responses must not include a body

When calling cowboy_req:reply/4 with a body a crash will occur
resulting in a 500 response. When calling cowboy_req:stream_reply/2,3
and then attempting to send a body a crash will occur.
---
 src/cowboy_http.erl | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/cowboy_http.erl')

diff --git a/src/cowboy_http.erl b/src/cowboy_http.erl
index 2833e79..89ba9d8 100644
--- a/src/cowboy_http.erl
+++ b/src/cowboy_http.erl
@@ -1029,8 +1029,9 @@ commands(State0=#state{socket=Socket, transport=Transport, out_state=wait, strea
 	#stream{version=Version} = lists:keyfind(StreamID, #stream.id, Streams),
 	{State1, Headers} = connection(State0, Headers0, StreamID, Version),
 	State = State1#state{out_state=done},
-	%% @todo Ensure content-length is set.
+	%% @todo Ensure content-length is set. 204 must never have content-length set.
 	Response = cow_http:response(StatusCode, 'HTTP/1.1', headers_to_list(Headers)),
+	%% @todo 204 and 304 responses must not include a response body. (RFC7230 3.3.1, RFC7230 3.3.2)
 	case Body of
 		{sendfile, _, _, _} ->
 			Transport:send(Socket, Response),
-- 
cgit v1.2.3