Is calling ngx_http_discard_request_body() still necessary in modules only handle HTTP GETs ?

Maxim Dounin mdounin at mdounin.ru
Thu Jul 24 18:02:48 UTC 2014


Hello!

On Thu, Jul 24, 2014 at 10:09:12AM -0400, gzchenym wrote:

> Hi all:
> 
>     In nginx's native memcached module, I found that
> ngx_http_discard_request_body() was called right after a statement that only
> allow  GET/HEAD requests to pass through. 
> 
> For ref: src/http/modules/ngx_http_memcached_module.c
> 
> 
>     if (!(r->method & (NGX_HTTP_GET|NGX_HTTP_HEAD))) {
>         return NGX_HTTP_NOT_ALLOWED;
>     }
> 
>     rc = ngx_http_discard_request_body(r);
> 
> 
>       However, in other places, such as (ngx_http_empty_gif_module) ,that
> ngx_http_discard_request_body() function call was just missed. Usually HTTP
> GET  reqeust should not have request body. So, what's the point of having
> ngx_http_discard_request_body() in memcached module?   and which pattern
> should I use?

The empty gif module doesn't call ngx_http_discard_request_body() 
directly because it uses ngx_http_send_response(), which will call 
it.  (Previously, there was an explicit call - it was removed by 
the http://hg.nginx.org/nginx/rev/18f1cb12c6d7 changeset.)

All content handlers should either read or discard request body, 
either directly or indirectly.  If it's not done, it will 
result in problems if there will be a request with a body.

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx mailing list