Bug 17736 - Mono adding extra Content-Length header to DELETE requests
Summary: Mono adding extra Content-Length header to DELETE requests
Alias: None
Product: Class Libraries
Classification: Mono
Component: System ()
Version: unspecified
Hardware: Macintosh Mac OS
: --- normal
Target Milestone: Untriaged
Assignee: Martin Baulig
Depends on:
Reported: 2014-02-12 19:03 UTC by Ahmet Alp Balkan
Modified: 2014-02-26 09:50 UTC (History)
2 users (show)

Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.

Please create a new report on GitHub or Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:

Description Ahmet Alp Balkan 2014-02-12 19:03:59 UTC
I am using Windows Azure Storage client and this web service uses exact list of header that are going to be sent to sign the request with HMAC-SHA256.

Different than .NET runtime on Windows, Mono adds an extra Content-Length: 0 header to HTTP DELETE method requests and does not inform the library about this header in advance, so library cannot sign it correctly.

Full issue with all the debugging here: https://github.com/WindowsAzure/azure-storage-net/issues/24

I am not sure if Content-Length header is mandatory for HTTP/1.1 requests (even though its value is 0). However here we observe a different behavior than .NET breaking some things. 

The SignRequest [1] method of Azure Storage Client is not receiving Content-Length header in `Headers` member of `HttpWebRequest` argument it gets. So that means this header is added later on, but should have been added in advance.

[1]: https://github.com/WindowsAzure/azure-storage-net/blob/master/Lib/ClassLibraryCommon/Auth/Protocol/SharedKeyAuthenticationHandler.cs?source=cc#L57
Comment 1 Martin Baulig 2014-02-18 05:55:39 UTC
Content-Length is mandatory for HTTP/1.1 requests if a request body is present and no Transfer-Encoding header is present.

A DELETE request usually does not have any body, though the spec apparently does not explicitly forbid it.

We need to do three things here:

(a) Make sure we don't add any Content-Length: header if no body has been specified.  This should fix 99.9999% of all DELETE requests.

(b) If an empty body has been provided, simply delete it.

(c) If a non-empty body has been provided (who would ever do that and why?), maybe just delete it as well?  Throw an exception?  Or simply don't care about it because this should never happen anyways.

I'll have a look at this, am currently doing web-stack cleanups anyways.
Comment 2 Ahmet Alp Balkan 2014-02-19 14:05:07 UTC
Thanks Martin. Yes, spec does not forbid it. And in fact it may have a body. If there'll be a body, Content-Length or Transfer-Encoding must be present, signaling that there is an entity body [1].

(a) This probably shouldn't break DELETE requests with content.
(b) If body has been provided but empty, like "headers...\r\n\r\n", probably Content-Length should be present?
(c) Please look at the answers in the link below, it _may_ be useful in certain cases.

[1] See http://stackoverflow.com/questions/299628/is-an-entity-body-allowed-for-an-http-delete-request
Comment 3 Martin Baulig 2014-02-26 06:39:19 UTC
I started to write some tests for this and just realized that this does not only affect DELETE, but other methods as well.

MS also does not add a "Content-Length: 0" to body-less POST requests, for instance.

I've also seen some apparent deadlocks when trying to disable write stream buffering, investigating ...
Comment 4 Martin Baulig 2014-02-26 09:50:14 UTC
Fixed; mono/master 8f2d3ea.

We should only add the Content-Length header if GetRequestStream() has been called.