remove content-length header when setting transfer-encoding

outmoded · Feb 10, 2016 · becb7ab · becb7ab
1 parent a576468
commit becb7ab
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 1 deletion.
diff --git a/lib/index.js b/lib/index.js
@@ -84,6 +84,9 @@ internals.hawk = function (server, options) {
 
             response.header('trailer', 'server-authorization');
             response.header('transfer-encoding', 'chunked');
+            // We must not send a content-length header alongside transfer-encoding.
+            // see https://tools.ietf.org/html/rfc7230#section-3.3.3
+            delete response.headers['content-length'];
 
             response.on('peek', function (chunk) {
 

diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "hapi-auth-hawk",
   "description": "Hawk authentication plugin",
-  "version": "3.0.0",
+  "version": "3.0.1",
   "repository": "git://github.com/hapijs/hapi-auth-hawk",
   "main": "lib/index.js",
   "keywords": [

diff --git a/test/hawk.js b/test/hawk.js
@@ -218,6 +218,37 @@ describe('hawk scheme', function () {
         });
     });
 
+    it('removes the content-length header when switching to chunked transfer encoding', function (done) {
+
+        var server = new Hapi.Server();
+        server.connection();
+        server.register(require('../'), function (err) {
+
+            expect(err).to.not.exist();
+            server.auth.strategy('default', 'hawk', { getCredentialsFunc: getCredentials });
+            server.route({
+                method: 'POST', path: '/hawk',
+                handler: function (request, reply) {
+
+                    reply('Success');
+                },
+                config: { auth: 'default'  }
+            });
+
+            var authHeader = hawkHeader('john', '/hawk');
+            var request = { method: 'POST', url: 'http://example.com:8080/hawk', headers: { authorization: authHeader.field } };
+
+            server.inject(request, function (res) {
+
+                expect(res.statusCode).to.equal(200);
+                expect(res.headers['transfer-encoding']).to.equal('chunked');
+                expect(res.headers['content-length']).to.not.exist();
+
+                done();
+            });
+        });
+    });
+
     it('includes valid authorization header in response when the request fails validation', function (done) {
 
         var server = new Hapi.Server();