Content-Length header should be ignored by fetch

Question

Content-Length header should be ignored by fetch

mcollina opened this issue 2 months ago · 4 comments

The following throws, but it shouldn't:

await fetch(url, {   
  method: 'POST',
  body: '1',   
  headers: { 
    "content-length": "2",
  }
});

https://fetch.spec.whatwg.org/#http-network-or-cache-fetch
https://fetch.spec.whatwg.org/#concept-bodyinit-extract

Answer 1 · 2024-05-08T15:28:11.000Z

@KhafraDev do you know if this is one of the WPT we skip?

Answer 2 · 2024-05-08T15:33:07.000Z

content-length is a forbidden header which we don't implement, leads to a lot of edge cases like this

Answer 3 · 2024-05-08T15:39:44.000Z

diff --git a/lib/web/fetch/index.js b/lib/web/fetch/index.js
index 5fbef495..34de3aa7 100644
--- a/lib/web/fetch/index.js
+++ b/lib/web/fetch/index.js
@@ -1432,7 +1432,7 @@ async function httpNetworkOrCacheFetch (
   //    `Content-Length`/contentLengthHeaderValue to httpRequest’s header
   //    list.
   if (contentLengthHeaderValue != null) {
-    httpRequest.headersList.append('content-length', contentLengthHeaderValue, true)
+    httpRequest.headersList.set('content-length', contentLengthHeaderValue, true)
   }

   //    9. If contentLengthHeaderValue is non-null, then append (`Content-Length`,

Answer 4 · 2024-05-08T15:48:13.000Z

This isn't a bug, we mention this in the docs as something we don't implement. https://github.com/nodejs/undici?tab=readme-ov-file#forbidden-and-safelisted-header-names