#34519 closed Bug (duplicate)
Don't send content in responses to HEAD requests
Reported by: | James Pic | Owned by: | nobody |
---|---|---|---|
Component: | Uncategorized | Version: | 4.2 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | yes | UI/UX: | no |
Description (last modified by )
Responses to HEAD requests must not send content as per RFC9110
9.3.2. HEAD
The HEAD method is identical to GET except that the server MUST NOT send content in the response.
https://www.rfc-editor.org/rfc/rfc9110.html#name-head
Currently, Django sends content in response to HEAD requests.
Django *MUST NOT* send content in response for HEAD requests.
Demonstration:
$ django-admin startproject test $ cd test && ./manage.py runserver # tcpdump -vv -s0 -A -i lo port 8000 &> tcpdump.txt $ curl -I localhost:8000
tcpdump.txt attached, it shows Django sends content in the HEAD response
Attachments (1)
Change History (9)
comment:1 by , 20 months ago
Summary: | HEAD responses must not return any content → Don't send content in responses to HEAD requests |
---|
comment:2 by , 20 months ago
Resolution: | → needsinfo |
---|---|
Status: | new → closed |
comment:3 by , 20 months ago
Do you want a description like this?
Currently, Django sends content in responses to HEAD requests.
Django MUST NOT send content in responses to HEAD requests, as per RFC9110;
The HEAD method is identical to GET except that the server MUST NOT send content in the response.
https://www.rfc-editor.org/rfc/rfc9110.html#name-head
Is that better or do you think we need more?
by , 20 months ago
Attachment: | tcpdump.txt added |
---|
comment:4 by , 20 months ago
Description: | modified (diff) |
---|
comment:5 by , 20 months ago
Updated the description, I think it's now pretty understandable even with little understanding of Django and HTTP ;)
comment:6 by , 20 months ago
Easy pickings: | set |
---|
comment:7 by , 20 months ago
Resolution: | needsinfo → duplicate |
---|
Duplicate of #28054 (fixed in 8acc433e415cd771f69dfe84e57878a83641e78b).
Thanks for the report but it's not clear what issue you are reporting with Django. Feel free to update the ticket with more context; closing for now pending more information.