0004252: http response code 204 MUST NOT carry Content-Length header - SOGo

ID	Project	Category	View Status	Date Submitted	Last Update

0004252	SOGo	Backend General	public	2017-08-18 14:35	2017-10-11 07:49

Reporter	mcmer	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	new	Resolution	open
Platform	amd64	OS	OpenBSD	OS Version	6.1
Product Version	2.3.19

Summary	0004252: http response code 204 MUST NOT carry Content-Length header
Description	When responding to a PUT of an existing calendar entry sogo responds with 204 but adds a Content-Length header. This is in violation of RFC 7230 3.3.2, p.30. The issue surfaced when OpenBSDs relayd(8) as reverse proxy did not accept such invalid responses and returned code 500 (Internal Server error).
Steps To Reproduce	Run sogo behind relayd(8) as reverse proxy.
Tags	No tags attached.

mcmer 2017-08-19 11:13 reporter ~0012186	I made an attempt at a patch, which did NOT help: --- SoObjects/SOGo/SOGoObject.m.orig Fri Aug 18 16:44:44 2017 +++ SoObjects/SOGo/SOGoObject.m Fri Aug 18 16:44:12 2017 @@ -1544,7 +1544,10 @@ [r appendContentString: content]; } else [r setStatus: 204]; { [r setStatus: 204]; [r deleteHeaderNamed: @"Content-Length"]; } } else [r setStatus: 400];

mcmer 2017-10-11 07:49 reporter ~0012366	It's not just PUTs that are responded to with 204 + Content-Length. I think every response of 204 gets that (wrong) Content-Length header. Another example that triggers the 500 by OpenBSD's relayd(8): GET /SOGo/so/username/Calendar/6B56-559BDB80-5-6B8B4580/canAccessContent

Date Modified	Username	Field
2017-08-18 14:35	mcmer	New Issue
2017-08-19 11:13	mcmer	Note Added: 0012186
2017-10-11 07:49	mcmer	Note Added: 0012366