36

Is it possible to set the content-length header and also use chunked transfer encoding? and does doing so solve the problem of not knowing the length of the response at the client side when using chunked?

the scenario I'm thinking about is when you have a large file to transfer and there's no problem in determining its size, but it's too large to be buffered completely. (If you're not using chunked, then the whole response must get buffered first? Right??)

thanks.

Improve this question
0

5 Answers 5

Reset to default
42
  1. No:

"Messages MUST NOT include both a Content-Length header field and a non-identity transfer-coding. If the message does include a non-identity transfer-coding, the Content-Length MUST be ignored." (RFC 2616, Section 4.4)

  1. And no, you can use Content-Length and stream; the protocol doesn't constrain how your implementation works.
Improve this answer
1
  • I hope chunked transfer encoding is an example for stream; you have mentioned here ins't it? it may also include range requests. am i right?
    – Jayapal Chandran
    Commented Sep 1, 2011 at 0:10
14

Well, you can always send a header stating the size of the file. Something like response.addHeader("File-Size","size of the file");
And ignore the Content-Length header.

The client implementation has to be tweaked to read this value, but hey you can achieve both the things you want :)

Improve this answer
3
  • 8
    The convention is to use an X- prefix on any nonstandard header. A HTTP proxy may well decide to drop your non-standard non-X header.
    – MSalters
    Commented Apr 6, 2017 at 8:47
  • Thanks MSalters, just got referenced to a similar guideline elsewhere, appreciate it.
    – Gyan
    Commented Apr 6, 2017 at 11:33
  • 9
    As of 5 years ago, the X- prefix on nonstandard headers is frowned upon, deprecated, and not considered a best practice. Just go ahead and use file-size as the header name, it's fine. tools.ietf.org/html/rfc6648
    – isaacs
    Commented Sep 14, 2017 at 2:26
0

You have to use either Content-Length or chunking, but not both.

If you know the length in advance, you can use Content-Length instead of chunking even if you generate the content on the fly and never have it all at once in your buffer.

However, you should not do that if the data is really large because a proxy might not be able to handle it. For large data, chunking is safer.

Improve this answer
3
  • 3
    Unfortunately not helpful if you need to download a large file with progress information.
    – Gringo Suave
    Commented Aug 16, 2018 at 18:19
  • 5
    The spec only says Content-Length is to be ignored if Transfer-Encoding is present, it doesn't say you can't send it, Base on experimenting with chrome, chrome will treat Content-Length as a hint if present, and display a progress bar for file downloads. If I send an incorrect content length that is too small it displays the progress bar until the download exceeds the indicated length then switches to the streaming progress bar, and still completes the download correctly.
    – Glen Fletcher
    Commented Oct 16, 2019 at 6:19
  • This also worked when I set the Content-Length to be too large, the download stoped as per the rules for Chunking. Based on this I would use chunking for large files and set the Content-Length anyway, the only case it may be a problem is if the client is not standard compliant and give Content-Length precedences over Transfer-Encoding, hence I assume it shouldn't be a problem with any major web browsers (base on usage statistics) IE may be a problem but from memory its only about 2% of web users these days so I don't care about it.
    – Glen Fletcher
    Commented Oct 16, 2019 at 6:28
0

This headers can be cause of Postman Parse Error:

"Content-Length" and "Transfer-Encoding" can't be present in the response headers together.

Using parametrized ResponseEntity<?> except raw ResponseEntity in controller can fixed the issue.

Improve this answer
0

The question asks:

Is it possible to set the content-length header and also use chunked transfer encoding?

The RFC HTTP/1.1 spec, quoted in Julian's answer, says:

Messages MUST NOT include both a Content-Length header field and a non-identity transfer-coding.

There is an important difference between what's possible, and what's allowed by a protocol. It is certainly possible, for example, for you to write your own HTTP/1.1 client which sends malformed messages with both headers. You would be violating the HTTP/1.1 spec in doing so, and so you'd imagine some alarm bells would go off and a bunch of Internet police would burst into your house and say, "Stop, arrest that client!" But that doesn't happen, of course. Your request will get sent to wherever it's going.

OK, so you can send a malformed message. So what? Surely on the receiving end, the server will detect the HTTP/1.1 protocol client-side violation, vanquish your malformed request, and serve you back a stern 400 response telling you that you are due in court the following Monday for violating the protocol. But no, actually, that probably won't happen. Of course, it's beyond the scope of HTTP/1.1 to prescribe what happens to misbehaving clients; i.e. while the HTTP/1.1 protocol is analogous to the "law", there is nothing in HTTP/1.1 analogous to the judicial system.

The best that the HTTP/1.1 protocol can do is dictate how a server must act/respond in the case of receiving such a malformed request. However, it's quite lenient in this case. In particular, the server does not have to reject such malformed requests. In fact, in such a scenario, the rule is:

If the message does include a non-identity transfer-coding, the Content-Length MUST be ignored.

Unfortunately, though, some HTTP servers will violate that part of the HTTP/1.1 protocol and will actually give precedence to the Content-Length header, if both headers are present. This can cause a serious problem, if the message visits two servers in sequence in the same system and they disagree about where one HTTP message ends and the next one starts. It leaves the system vulnerable to HTTP Desync attacks a.k.a. Request Smuggling.

Improve this answer
1
  • I'm pretty sure the question was about http responses, not http requests, but either way nodejs rejects them if Content-Length is combined with Transfer-Encoding... if both are present in a request nodejs responds with 400 Bad Request, if both are present in a response the ClientRequest fails with Parse Error: Content-Length can't be present with Transfer-Encoding
    – Matthijs
    Commented Jun 23, 2023 at 5:07

Not the answer you're looking for? Browse other questions tagged or ask your own question.