#34519 closed Bug (duplicate)
Don't send content in responses to HEAD requests — at Version 4
| Reported by: | James Pic | Owned by: | nobody |
|---|---|---|---|
| Component: | Uncategorized | Version: | 4.2 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | yes | UI/UX: | no |
Description (last modified by )
Responses to HEAD requests must not send content as per RFC9110
9.3.2. HEAD
The HEAD method is identical to GET except that the server MUST NOT send content in the response.
https://www.rfc-editor.org/rfc/rfc9110.html#name-head
Currently, Django sends content in response to HEAD requests.
Django *MUST NOT* send content in response for HEAD requests.
Demonstration:
$ django-admin startproject test $ cd test && ./manage.py runserver # tcpdump -vv -s0 -A -i lo port 8000 &> tcpdump.txt $ curl -I localhost:8000
tcpdump.txt attached, it shows Django sends content in the HEAD response
Change History (5)
comment:1 by , 19 months ago
| Summary: | HEAD responses must not return any content → Don't send content in responses to HEAD requests |
|---|
comment:2 by , 19 months ago
| Resolution: | → needsinfo |
|---|---|
| Status: | new → closed |
comment:3 by , 19 months ago
Do you want a description like this?
Currently, Django sends content in responses to HEAD requests.
Django MUST NOT send content in responses to HEAD requests, as per RFC9110;
The HEAD method is identical to GET except that the server MUST NOT send content in the response.
https://www.rfc-editor.org/rfc/rfc9110.html#name-head
Is that better or do you think we need more?
by , 19 months ago
| Attachment: | tcpdump.txt added |
|---|
comment:4 by , 19 months ago
| Description: | modified (diff) |
|---|
Thanks for the report but it's not clear what issue you are reporting with Django. Feel free to update the ticket with more context; closing for now pending more information.