Re: p2: Expect: 100-continue and "final" status codes

Mark Nottingham <> Wed, 24 April 2013 02:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 222EF21F930C for <>; Tue, 23 Apr 2013 19:21:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -10.462
X-Spam-Status: No, score=-10.462 tagged_above=-999 required=5 tests=[AWL=0.137, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ouQmRYi6H6bX for <>; Tue, 23 Apr 2013 19:21:49 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 0FCEA21F958D for <>; Tue, 23 Apr 2013 19:21:48 -0700 (PDT)
Received: from lists by with local (Exim 4.72) (envelope-from <>) id 1UUpJw-0002IC-FE for; Wed, 24 Apr 2013 02:20:32 +0000
Resent-Date: Wed, 24 Apr 2013 02:20:32 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtp (Exim 4.72) (envelope-from <>) id 1UUpJr-0002HT-Lj for; Wed, 24 Apr 2013 02:20:27 +0000
Received: from ([]) by with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <>) id 1UUpJq-0003lq-1v for; Wed, 24 Apr 2013 02:20:27 +0000
Received: from [] (unknown []) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 98A1950AA3; Tue, 23 Apr 2013 22:20:03 -0400 (EDT)
Content-Type: text/plain; charset=iso-8859-1
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: Mark Nottingham <>
In-Reply-To: <>
Date: Wed, 24 Apr 2013 12:19:59 +1000
Cc: " Group" <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <>
To: Zhong Yu <>
X-Mailer: Apple Mail (2.1503)
Received-SPF: pass client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-4.3
X-W3C-Hub-Spam-Report: AWL=-2.356, BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: 1UUpJq-0003lq-1v e7a6b37036ff2b547f67d1766264a13d
Subject: Re: p2: Expect: 100-continue and "final" status codes
Archived-At: <>
X-Mailing-List: <> archive/latest/17515
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

On 24/04/2013, at 3:42 AM, Zhong Yu <> wrote:

> #Expect 100-continue without a body
> If a client sends a request without a body yet with a "Expect: 100-continue" header, the request ought to be considered a bad request, because of a previous requirement:
>    o  A client MUST NOT send an Expect header field with the "100-
>       continue" expectation if it does not intend to send a payload
>       body.
> However a server may not be able to detect all bad requests. If it sees a request without a body, it may simply assume that there's no 100-continue expectation.
> The spec may add a leeway for server
>    o  Upon receiving a request with "100-continue" expectation yet without a message body (i.e. both Transfer-Encoding and Content-Length are missing), an origin server SHOULD either respond with 400 (Bad Request), or ignore the expectation.


> #Performing request method without reading request body
> I don't understand why the origin server must not perform the request method if it opts not to read the request body. Even though it's probably the right thing to do in almost all cases, do we have to make it an absolute requirement? 

See below about recovery.

> #Managing connection
> The last requirement for the origin server talks about requests *without* a "100-continue" expectation. Therefore it should not be in this section. The subject is covered very well in p1#6.6 already, I think we can simply delete it from this section.

+0.5 - I tend to agree, but don't mind too much if it stays.

> On the other hand, the spec does not address connection management adequately in the most important use case of the section. It currently says (paraphrasing)
>     upon receiving a request that includes the 100-continue expectation, if the origin server responds with a final status code instead of 100 (Continue), after sending the response, it may either close the connection or continue to read and discard the rest of the request.
> I think we can give better advice than that. If a server responds with a final status code instead of 100 (Continue)
> 1. The response must be the last response on the connection. The response should contain "Connection: close" header. After the response is written, the server must initiate a lingering close of the connection (p1#6.6).

That seems too restrictive; as long as the server reads the rest of the request properly (discarding it), it should be able to recover and reuse the connection.

> 2. If the client receives a final status code instead of 100 (Continue), it should stop sending request body if it is doing so; it must close the connection after the response is received.

Well, it has a choice; it can either close the connection, or continue sending and recover the connection. If it only has a few more bytes to write, and some requests queued, that might be preferable.

OTOH, given the general level of interop around Expect/Continue, maybe not.

> This is to avoid the RST problem if the client decides to start to write request body before receiving any response from the server.

I agree that the current language (esp. the use of MAY) is too ambiguous, and doesn't highlight why we're taking this approach (because the client might decide to start sending the body).

Mark Nottingham