nginx 0.7.6 sends original POST body in proxied GET subrequests from SSI

piespy piespy at
Tue Jul 8 20:21:02 MSD 2008

On 7/8/08, Igor Sysoev <is at> wrote:
> On Tue, Jul 08, 2008 at 04:22:45PM +0200, piespy wrote:
>  > [...]
>  > However, when contacting the second PHP script, nginx resends the original
>  > POST body even though the subrequest correctly uses the GET method (since
>  > 0.6.26). I have verified this using tcpdump, the GET request has a
>  > Content-Length header equal to the original POST body length, and a
>  > Content-Type of e.g. "multipart/form-data;
>  > boundary=----------uwPZJQ9jJJ0O7Q94Bs8ae1", followed by the POST body.
>  > [...]
>    location /subrequest {
>         proxy_pass_request_body  off;

Thanks. That wasn't enough though, I also needed
"proxy_pass_request_headers off" or it would still send the
Content-Type and Content-Length headers even though it wasn't sending
the corresponding body (making the request invalid according to RFC
2616). And then I had to manually set the Host header again. (I
suppose I could also just have hidden the Content-* headers instead.)

Probably "proxy_pass_request_body  off" should also automatically
remove the Content-* headers referring to the body, or at least the
documentation changed to say that they need to be removed when doing
this to avoid invalid requests.

I also think that this removal of the request body should be the
default behaviour for subrequests, since nobody expects a GET request
to have a body.

By the way, I was surprised to see, reading RFC 2616 now, that request
bodies are apparently allowed (or rather, not prohibited) with any of
the request methods it documents, including GET or even HEAD. This
seems counter-productive.

More information about the nginx mailing list