Re: p2: Expect: 100-continue and "final" status codes

Willy Tarreau <> Wed, 24 April 2013 06:33 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 88F6821F8F58 for <>; Tue, 23 Apr 2013 23:33:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -10.225
X-Spam-Status: No, score=-10.225 tagged_above=-999 required=5 tests=[AWL=0.374, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9ZN7sFzLlKcW for <>; Tue, 23 Apr 2013 23:33:56 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id C3C8621F8FAB for <>; Tue, 23 Apr 2013 23:33:56 -0700 (PDT)
Received: from lists by with local (Exim 4.72) (envelope-from <>) id 1UUtGR-00056q-HI for; Wed, 24 Apr 2013 06:33:11 +0000
Resent-Date: Wed, 24 Apr 2013 06:33:11 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtp (Exim 4.72) (envelope-from <>) id 1UUtGN-000564-A0 for; Wed, 24 Apr 2013 06:33:07 +0000
Received: from ([]) by with esmtp (Exim 4.72) (envelope-from <>) id 1UUtGL-000468-1Z for; Wed, 24 Apr 2013 06:33:07 +0000
Received: (from willy@localhost) by mail.home.local (8.14.4/8.14.4/Submit) id r3O6VMKk018771; Wed, 24 Apr 2013 08:31:22 +0200
Date: Wed, 24 Apr 2013 08:31:22 +0200
From: Willy Tarreau <>
To: "Adrien W. de Croy" <>
Cc: Mark Nottingham <>, Amos Jeffries <>, "" <>
Message-ID: <>
References: <> <em371a6470-eea5-4b2a-8741-d2e3c419f0ed@bombed>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <em371a6470-eea5-4b2a-8741-d2e3c419f0ed@bombed>
User-Agent: Mutt/
Received-SPF: pass client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-0.0
X-W3C-Hub-Spam-Report: RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: 1UUtGL-000468-1Z 0e17be41b25475239f0c951473679ad2
Subject: Re: p2: Expect: 100-continue and "final" status codes
Archived-At: <>
X-Mailing-List: <> archive/latest/17525
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

Hi Adrien,

On Wed, Apr 24, 2013 at 04:39:16AM +0000, Adrien W. de Croy wrote:
> I'm really struggling to see what benefit can be derived by a client in 
> knowing whether a server supports 100 continue or not.  So to me 
> Expects: 100-continue is a complete waste of space.  I've never seen one 
> so I guess implementors by and large agree.

The first place I saw lots of them (100% of the requests) were between
applications using web services. All the requests were POST and all of
them were using 100-continue. That's how I discovered that it was a non
final status code and that haproxy didn't handle it properly at this

> Regardless of 100 continue being transmitted, the client has to send the 
> payload if it wants to reuse the connection.  The only early-out options 
> involve closing the connection.

... or using chunked-encoding.

> There was quite a lot of discussion about this in the past, and my 
> understanding was that 100 continue couldn't be used to negotiate 
> whether or not the payload would be sent.

But this can be quite useful with a webmail for example, where you don't
want to upload your mail with attached documents to discover that your
session has expired and that you must upload again!

> The outcome of this 
> discussion was not satisfactory IMO, since the "answer" was for the 
> client to send request bodies always chunked, and send a 0 chunk if it 
> needed to abort early.

Yes indeed, this is the only reliable way of using it.

> This IMO is unsatisfactory because it does not indicate that the client 
> didn't send the payload, and a whole heap of intermediary agents may act 
> on that as if it were complete.
> So for me therefore there's still a hole in the spec around this - 
> chunking doesn't have a way to indicate aborting the body.  And there's 
> no way to pre-authorization transmission of a request body.

It's not a big problem because if the server says it rejects the request, it
will just drop the payload and it can safely be transmitted and truncated.

> I don't see how a server can return a success status code to a message 
> it didn't even receive yet.

It will only base its decision on credentials or everything found in headers
(eg: auth, cookies, advertised content-length, ...).

> Returning a 417 due to expectation not met 
> is just extra noise and RTT, and the connection needs to be closed 
> anyway or the payload sent.

Except it's sometimes hard for the client to stop uploading something
that was already sent.

> So, what would we really lose if 100-continue were deprecated?  and what 
> would we gain.

First, it's the only way for the client to send non-idempotent requests
over existing connections without the risk that they expire during the
upload and that they don't know if the server could process them. If you
want to use a connection pool, you have no other choice.

Second, it's true that it's annoying in high latency networks as it adds
an RTT. I think that clients could have a threshold on the amount of data
below which they don't use it (unless they're reusing an existing