Re: p2: Expect: 100-continue and "final" status codes

Amos Jeffries <> Wed, 24 April 2013 02:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id F3BF021F911E for <>; Tue, 23 Apr 2013 19:42:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -10.518
X-Spam-Status: No, score=-10.518 tagged_above=-999 required=5 tests=[AWL=0.081, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id SgbAkDCjMF1r for <>; Tue, 23 Apr 2013 19:42:41 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 5DAB421F910E for <>; Tue, 23 Apr 2013 19:42:41 -0700 (PDT)
Received: from lists by with local (Exim 4.72) (envelope-from <>) id 1UUpeb-0002Mz-Fu for; Wed, 24 Apr 2013 02:41:53 +0000
Resent-Date: Wed, 24 Apr 2013 02:41:53 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtp (Exim 4.72) (envelope-from <>) id 1UUpeX-0002MK-3O for; Wed, 24 Apr 2013 02:41:49 +0000
Received: from ([] by with esmtp (Exim 4.72) (envelope-from <>) id 1UUpeV-0004ur-VA for; Wed, 24 Apr 2013 02:41:49 +0000
Received: from [] ( []) by (Postfix) with ESMTP id D93B5E6FB8 for <>; Wed, 24 Apr 2013 14:41:22 +1200 (NZST)
Message-ID: <>
Date: Wed, 24 Apr 2013 14:41:20 +1200
From: Amos Jeffries <>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
References: <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: AWL=-2.173, BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: 1UUpeV-0004ur-VA 19b8dbb7e13d35b2c8f61fc3b62ced58
Subject: Re: p2: Expect: 100-continue and "final" status codes
Archived-At: <>
X-Mailing-List: <> archive/latest/17516
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

On 24/04/2013 2:19 p.m., Mark Nottingham wrote:
> On 24/04/2013, at 3:42 AM, Zhong Yu <> wrote:
>> #Expect 100-continue without a body
>> If a client sends a request without a body yet with a "Expect: 100-continue" header, the request ought to be considered a bad request, because of a previous requirement:
>>     o  A client MUST NOT send an Expect header field with the "100-
>>        continue" expectation if it does not intend to send a payload
>>        body.
>> However a server may not be able to detect all bad requests. If it sees a request without a body, it may simply assume that there's no 100-continue expectation.
>> The spec may add a leeway for server
>>     o  Upon receiving a request with "100-continue" expectation yet without a message body (i.e. both Transfer-Encoding and Content-Length are missing), an origin server SHOULD either respond with 400 (Bad Request), or ignore the expectation.
> +1
>> #Performing request method without reading request body
>> I don't understand why the origin server must not perform the request method if it opts not to read the request body. Even though it's probably the right thing to do in almost all cases, do we have to make it an absolute requirement?
> See below about recovery.
>> #Managing connection
>> The last requirement for the origin server talks about requests *without* a "100-continue" expectation. Therefore it should not be in this section. The subject is covered very well in p1#6.6 already, I think we can simply delete it from this section.
> +0.5 - I tend to agree, but don't mind too much if it stays.
>> On the other hand, the spec does not address connection management adequately in the most important use case of the section. It currently says (paraphrasing)
>>      upon receiving a request that includes the 100-continue expectation, if the origin server responds with a final status code instead of 100 (Continue), after sending the response, it may either close the connection or continue to read and discard the rest of the request.
>> I think we can give better advice than that. If a server responds with a final status code instead of 100 (Continue)
>> 1. The response must be the last response on the connection. The response should contain "Connection: close" header. After the response is written, the server must initiate a lingering close of the connection (p1#6.6).
> That seems too restrictive; as long as the server reads the rest of the request properly (discarding it), it should be able to recover and reuse the connection.

The problem comes with intermediaries. How are they to know the bytes 
following were the original advertised payload or not? the status from 
server has no guarantee of arriving after the client payload starts 
The only way to guarantee safety on the connection is to close it or 
always send payload.