Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is a HTTP server expected to read the whole request body from a PUT request, even if access is denied?
Or is it compliant to return a 401 Not Authorized, without reading anything or only a small part of the body. (And add ‘Connection: close’ to prevent the connection from being reused)
Be careful: unless I’m missing something not reading the whole request body might block the client (trying to send it).
Note that this can be avoided by including
Expect: 100-continue
See RFC 2616, Section 8.2.3