RFC Errata
RFC 9110, "HTTP Semantics", June 2022
Source of RFC: httpbis (wit)
Errata ID: 7870
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Ben Kallus
Date Reported: 2024-03-24
Section 8.6 says:
Likewise, a sender MUST NOT forward a message with a Content-Length header field value that does not match the ABNF above, with one exception: a recipient of a Content-Length header field value consisting of the same decimal value repeated as a comma-separated list (e.g, "Content-Length: 42, 42") MAY either reject the message as invalid or replace that invalid field value with a single instance of the decimal value, since this likely indicates that a duplicate was generated or combined by an upstream message processor.
It should say:
Likewise, a sender MUST NOT send a message with a Content-Length header field value that does not match the ABNF above. A recipient of a Content-Length header field value consisting of the same decimal value repeated as a comma-separated list (e.g, "Content-Length: 42, 42") MAY either reject the message as invalid or replace that invalid field value with a single instance of the decimal value, since this likely indicates that a duplicate was generated or combined by an upstream message processor.
Notes:
This change aims to fix 2 issues with the text:
Issue #1
Recall the following from section 8.6:
> Likewise, a sender MUST NOT forward a message with a Content-Length header field value that does not match the ABNF above, ...
It wasn't immediately clear to me which of these was the intended meaning:
1. Upon receipt of a message with an invalid Content-Length value, senders MUST NOT forward the message.
2. Upon receipt of a message with an invalid Content-Length value, senders MUST NOT forward the message with the invalid value intact.
Mark Nottingham confirmed on GitHub that the intended meaning is option 2:
https://github.com/httpwg/http-core/issues/1113#issuecomment-1937914210
I propose that the word "forward" be changed to "send" to clear up the ambiguity.
Issue #2
We've just established that the intended meaning of the first half of the sentence in question is that malformed CL header values MUST NOT be forwarded intact.
An exception to this rule is (by definition) a situation in which invalid CL header values *are* permitted to be forwarded intact.
The "exception" described in the text does not allow for invalid header values to be forwarded intact, so it is a misuse of the word "exception."
To clear this up, I propose that the sentence be split in two, and that the word "exception" be removed.