Github user sudheerv commented on the pull request:
https://github.com/apache/trafficserver/pull/216#issuecomment-111531431
@ffcai: I'm a little concerned about this change - this would mean that
requests that would otherwise return an error would always return a "100 CONT"
first. It seems quite odd that, a request would get a "100 CONT" followed by a
"404 - Not found on Accelerator", for example (or even a "403 - Forbidden", for
e.g with *quick_filter*).
The current implementation of the "100 CONT" is already a hack (and not
inline with the spec), but, at least, it ensures that the requests pass the
proxy checks/validations.
Making this change now to send a "100 CONT" immediately after seeing (and
basic parsing of) the request, to all cases (not just the cases where a
intercept plugin is being used) seems pretty bad to me. It may even open up a
vulnerability that someone can exploit (e.g. keep pounding the box with a POST
request with Expect header).
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
