Is calling ngx_http_discard_request_body() still necessary in modules only handle HTTP GETs ?

Maxim Dounin mdounin at
Thu Jul 24 18:02:48 UTC 2014


On Thu, Jul 24, 2014 at 10:09:12AM -0400, gzchenym wrote:

> Hi all:
>     In nginx's native memcached module, I found that
> ngx_http_discard_request_body() was called right after a statement that only
> allow  GET/HEAD requests to pass through. 
> For ref: src/http/modules/ngx_http_memcached_module.c
>     if (!(r->method & (NGX_HTTP_GET|NGX_HTTP_HEAD))) {
>         return NGX_HTTP_NOT_ALLOWED;
>     }
>     rc = ngx_http_discard_request_body(r);
>       However, in other places, such as (ngx_http_empty_gif_module) ,that
> ngx_http_discard_request_body() function call was just missed. Usually HTTP
> GET  reqeust should not have request body. So, what's the point of having
> ngx_http_discard_request_body() in memcached module?   and which pattern
> should I use?

The empty gif module doesn't call ngx_http_discard_request_body() 
directly because it uses ngx_http_send_response(), which will call 
it.  (Previously, there was an explicit call - it was removed by 
the changeset.)

All content handlers should either read or discard request body, 
either directly or indirectly.  If it's not done, it will 
result in problems if there will be a request with a body.

Maxim Dounin

More information about the nginx mailing list