#34519 closed Bug (duplicate)
Don't send content in responses to HEAD requests — at Version 4
| Reported by: | James Pic | Owned by: | nobody |
|---|---|---|---|
| Component: | Uncategorized | Version: | 4.2 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | yes | UI/UX: | no |
Description (last modified by )
Responses to HEAD requests must not send content as per RFC9110
9.3.2. HEAD
The HEAD method is identical to GET except that the server MUST NOT send content in the response.
https://www.rfc-editor.org/rfc/rfc9110.html#name-head
Currently, Django sends content in response to HEAD requests.
Django *MUST NOT* send content in response for HEAD requests.
Demonstration:
$ django-admin startproject test $ cd test && ./manage.py runserver # tcpdump -vv -s0 -A -i lo port 8000 &> tcpdump.txt $ curl -I localhost:8000
tcpdump.txt attached, it shows Django sends content in the HEAD response
Change History (5)
comment:1 by , 2 years ago
| Summary: | HEAD responses must not return any content → Don't send content in responses to HEAD requests |
|---|
comment:2 by , 2 years ago
| Resolution: | → needsinfo |
|---|---|
| Status: | new → closed |
comment:3 by , 2 years ago
Do you want a description like this?
Currently, Django sends content in responses to HEAD requests.
Django MUST NOT send content in responses to HEAD requests, as per RFC9110;
The HEAD method is identical to GET except that the server MUST NOT send content in the response.
https://www.rfc-editor.org/rfc/rfc9110.html#name-head
Is that better or do you think we need more?
by , 2 years ago
| Attachment: | tcpdump.txt added |
|---|
comment:4 by , 2 years ago
| Description: | modified (diff) |
|---|
Thanks for the report but it's not clear what issue you are reporting with Django. Feel free to update the ticket with more context; closing for now pending more information.