Bug 63009

Summary: Content-Length header is dropped when HTTP2 is used
Product: Tomcat 9 Reporter: Boris Petrov <boris_petrov>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 9.0.13   
Target Milestone: -----   
Hardware: PC   
OS: Linux   

Description Boris Petrov 2018-12-13 15:58:51 UTC 
The Content-Length header is set and sent correctly when using HTTP1.1 (over plain-text HTTP or over HTTPS) both for static files and when our own code sets it on the response.

However, when making a request using HTTP2 (over TLS), that header is not sent neither for static files, nor from our code.

I can't see a reason for this and would guess that this is a bug in Tomcat. Or am I missing something?
Comment 1 Mark Thomas 2018-12-14 16:42:57 UTC 
Sending the content-length header is optional in HTTP/2. See section 8.1.2.6 of RFC 7540:
"A request or response that includes a payload body can include a content-length header field."

The header is not required since HTTP/2 includes sufficient information in the frame headers for a user agent to determine when a resource has been sent in full.

What providing the content-length header does do is give the user agent advance notice of how big the resource is. That may be useful information (e.g. large resources cached straight to disk, small ones in memory).

I think it makes sense to send the content-length if it has been set or can be determined (essentially do what we do for HTTP1/1). Note that if the content-length header and the actual content-length disagree it will be treated as a protocol error for that stream.
Comment 2 Mark Thomas 2018-12-14 17:39:19 UTC 
Fixed in:
- trunk for 9.0.15 onwards
- 8.5.x for 8.5.38 onwards