On 8/23/21, Alex Kashchenko <akash...@redhat.com> wrote: > Hi, > > On 8/13/21, Michael McMahon <michael.x.mcma...@oracle.com> wrote: >> Hi, >> >> A question about this issue. Can you explain why the server/proxy is >> sending a response body to a HEAD request? >> >> My reading of the RFCs suggests this is not allowed. > > Thanks for your comment and sorry for the late reply. To put aside the > question about the support for non-compliant proxy servers, consider > the scenario with HTTPS tunneling where proxy server never sees the > HEAD request (it receives CONNECT). Please see the following abridged > interaction where HEAD request is initiated from java code to HTTPS > host some.hostname.com with proxy enabled: > > [...] > > This can be reproduced running NTLMHeadTest.java with TUNNEL argument. > SERVER and PROXY modes were added to the test for completeness, it may > be better to remove them.
A note on non-tunnel behaviour, I've reexamined its logic and found out that proposed patch breaks plain HTTP proxying (and server auth too) for HEAD requests, because the socket read in reset() [1] is blocking, and it blocks indefinitely for non-tunnel usage. The original problem is still valid for tunneling, I suggest to narrow the fix for tunneling only, will update the PR. [1] https://github.com/openjdk/jdk/blob/8973867fb9568a3a527b763c9ce10cebdfb306d0/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java#L2989 > >> >> [...] >> >>> PR: https://git.openjdk.java.net/jdk/pull/4753 >> -- -Alex
