Don't emit TE header or body for non-body responses

Resolves aspnet#952

Author: benaadams

src/Microsoft.AspNetCore.Server.Kestrel/BadHttpResponseException.cs

@@ -0,0 +1,16 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNetCore.Server.Kestrel
+{
+    public sealed class BadHttpResponseException : InvalidOperationException
+    {
+        internal BadHttpResponseException(string message)
+            : base(message)
+        {
+
+        }
+    }
+}

src/Microsoft.AspNetCore.Server.Kestrel/Internal/Http/Frame.cs

@@ -59,6 +59,7 @@ public abstract partial class Frame : ConnectionContext, IFrameControl
 
         protected RequestProcessingStatus _requestProcessingStatus;
         protected bool _keepAlive;
+        private bool _canHaveBody;
         private bool _autoChunk;
         protected Exception _applicationException;
 
@@ -486,17 +487,24 @@ public void Write(ArraySegment<byte> data)
         {
             ProduceStartAndFireOnStarting().GetAwaiter().GetResult();
 
-            if (_autoChunk)
+            if (_canHaveBody)
             {
-                if (data.Count == 0)
+                if (_autoChunk)
                 {
-                    return;
+                    if (data.Count == 0)
+                    {
+                        return;
+                    }
+                    WriteChunked(data);
+                }
+                else
+                {
+                    SocketOutput.Write(data);
                 }
-                WriteChunked(data);
             }
             else
             {
-                SocketOutput.Write(data);
+                HandleNonBodyResponseWrite(data.Count);
             }
         }
 
@@ -507,36 +515,53 @@ public Task WriteAsync(ArraySegment<byte> data, CancellationToken cancellationTo
                 return WriteAsyncAwaited(data, cancellationToken);
             }
 
-            if (_autoChunk)
+            if (_canHaveBody)
             {
-                if (data.Count == 0)
+                if (_autoChunk)
                 {
-                    return TaskUtilities.CompletedTask;
+                    if (data.Count == 0)
+                    {
+                        return TaskUtilities.CompletedTask;
+                    }
+                    return WriteChunkedAsync(data, cancellationToken);
+                }
+                else
+                {
+                    return SocketOutput.WriteAsync(data, cancellationToken: cancellationToken);
                 }
-                return WriteChunkedAsync(data, cancellationToken);
             }
             else
             {
-                return SocketOutput.WriteAsync(data, cancellationToken: cancellationToken);
+                HandleNonBodyResponseWrite(data.Count);
+                return TaskUtilities.CompletedTask;
             }
         }
 
         public async Task WriteAsyncAwaited(ArraySegment<byte> data, CancellationToken cancellationToken)
         {
             await ProduceStartAndFireOnStarting();
 
-            if (_autoChunk)
+            if (_canHaveBody)
             {
-                if (data.Count == 0)
+                if (_autoChunk)
                 {
-                    return;
+                    if (data.Count == 0)
+                    {
+                        return;
+                    }
+                    await WriteChunkedAsync(data, cancellationToken);
+                }
+                else
+                {
+                    await SocketOutput.WriteAsync(data, cancellationToken: cancellationToken);
                 }
-                await WriteChunkedAsync(data, cancellationToken);
             }
             else
             {
-                await SocketOutput.WriteAsync(data, cancellationToken: cancellationToken);
+                HandleNonBodyResponseWrite(data.Count);
+                return;
             }
+
         }
 
         private void WriteChunked(ArraySegment<byte> data)
@@ -664,19 +689,7 @@ protected Task ProduceEnd()
                     StatusCode = 500;
                 }
 
-                ReasonPhrase = null;
-
-                var responseHeaders = FrameResponseHeaders;
-                responseHeaders.Reset();
-                var dateHeaderValues = DateHeaderValueManager.GetDateHeaderValues();
-
-                responseHeaders.SetRawDate(dateHeaderValues.String, dateHeaderValues.Bytes);
-                responseHeaders.SetRawContentLength("0", _bytesContentLengthZero);
-
-                if (ServerOptions.AddServerHeader)
-                {
-                    responseHeaders.SetRawServer(Constants.ServerName, _bytesServer);
-                }
+                ErrorResetHeadersToDefaults();
             }
 
             if (!HasResponseStarted)
@@ -729,10 +742,12 @@ private void CreateResponseHeader(
             bool appCompleted)
         {
             var responseHeaders = FrameResponseHeaders;
-            responseHeaders.SetReadOnly();
 
             var hasConnection = responseHeaders.HasConnection;
 
+            // Set whether response can have body
+            _canHaveBody = StatusCanHaveBody(StatusCode) && !ReferenceEquals(Method, KnownStrings.HttpHeadMethod);
+
             var end = SocketOutput.ProducingStart();
             if (_keepAlive && hasConnection)
             {
@@ -746,39 +761,48 @@ private void CreateResponseHeader(
                 }
             }
 
-            if (_keepAlive && !responseHeaders.HasTransferEncoding && !responseHeaders.HasContentLength)
+            if (_canHaveBody)
             {
-                if (appCompleted)
+                if (_keepAlive && !responseHeaders.HasTransferEncoding && !responseHeaders.HasContentLength)
                 {
-                    // Don't set the Content-Length or Transfer-Encoding headers
-                    // automatically for HEAD requests or 101, 204, 205, 304 responses.
-                    if (Method != "HEAD" && StatusCanHaveBody(StatusCode))
+                    if (appCompleted)
                     {
                         // Since the app has completed and we are only now generating
                         // the headers we can safely set the Content-Length to 0.
                         responseHeaders.SetRawContentLength("0", _bytesContentLengthZero);
                     }
-                }
-                else
-                {
-                    // Note for future reference: never change this to set _autoChunk to true on HTTP/1.0
-                    // connections, even if we were to infer the client supports it because an HTTP/1.0 request
-                    // was received that used chunked encoding. Sending a chunked response to an HTTP/1.0
-                    // client would break compliance with RFC 7230 (section 3.3.1):
-                    //
-                    // A server MUST NOT send a response containing Transfer-Encoding unless the corresponding
-                    // request indicates HTTP/1.1 (or later).
-                    if (_httpVersion == HttpVersionType.Http11)
-                    {
-                        _autoChunk = true;
-                        responseHeaders.SetRawTransferEncoding("chunked", _bytesTransferEncodingChunked);
-                    }
                     else
                     {
-                        _keepAlive = false;
+                        // Note for future reference: never change this to set _autoChunk to true on HTTP/1.0
+                        // connections, even if we were to infer the client supports it because an HTTP/1.0 request
+                        // was received that used chunked encoding. Sending a chunked response to an HTTP/1.0
+                        // client would break compliance with RFC 7230 (section 3.3.1):
+                        //
+                        // A server MUST NOT send a response containing Transfer-Encoding unless the corresponding
+                        // request indicates HTTP/1.1 (or later).
+                        if (_httpVersion == HttpVersionType.Http11)
+                        {
+                            _autoChunk = true;
+                            responseHeaders.SetRawTransferEncoding("chunked", _bytesTransferEncodingChunked);
+                        }
+                        else
+                        {
+                            _keepAlive = false;
+                        }
                     }
                 }
             }
+            else
+            {
+                // Don't set the Content-Length or Transfer-Encoding headers
+                // automatically for HEAD requests or 101, 204, 205, 304 responses.
+                if (responseHeaders.HasTransferEncoding)
+                {
+                    RejectNonBodyTransferEncodingResponse(appCompleted);
+                }
+            }
+
+            responseHeaders.SetReadOnly();
 
             if (!_keepAlive && !hasConnection && _httpVersion != HttpVersionType.Http10)
             {
@@ -1232,10 +1256,65 @@ public bool StatusCanHaveBody(int statusCode)
                    statusCode != 304;
         }
 
+        [MethodImpl(MethodImplOptions.NoInlining)]
+        private void RejectNonBodyTransferEncodingResponse(bool appCompleted)
+        {
+            var ex = new BadHttpResponseException($"Transfer-Encoding set on a {StatusCode} non-body request.");
+            if (!appCompleted)
+            {
+                // Back out of header creation surface exeception in user code
+                _requestProcessingStatus = RequestProcessingStatus.RequestStarted;
+                throw ex;
+            }
+            else
+            {
+                ReportApplicationError(ex);
+                // 500 Internal Server Error
+                StatusCode = 500;
+
+                ErrorResetHeadersToDefaults();
+            }
+        }
+
+        private void ErrorResetHeadersToDefaults()
+        {
+            ReasonPhrase = null;
+
+            var responseHeaders = FrameResponseHeaders;
+            responseHeaders.Reset();
+            var dateHeaderValues = DateHeaderValueManager.GetDateHeaderValues();
+
+            responseHeaders.SetRawDate(dateHeaderValues.String, dateHeaderValues.Bytes);
+            responseHeaders.SetRawContentLength("0", _bytesContentLengthZero);
+
+            if (ServerOptions.AddServerHeader)
+            {
+                responseHeaders.SetRawServer(Constants.ServerName, _bytesServer);
+            }
+        }
+
+        [MethodImpl(MethodImplOptions.NoInlining)]
+        public void HandleNonBodyResponseWrite(int count)
+        {
+            if (ReferenceEquals(Method, KnownStrings.HttpHeadMethod))
+            {
+                // Don't write to body for HEAD requests.
+                if (Log.IsEnabled(LogLevel.Debug))
+                {
+                    Log.ConnectionHeadResponseBodyWrite(ConnectionId, count);
+                }
+            }
+            else
+            {
+                // Throw Exception for 101, 204, 205, 304 responses.
+                throw new BadHttpResponseException($"Write to non-body {StatusCode} response.");
+            }
+        }
+
         [MethodImpl(MethodImplOptions.NoInlining)]
         private void ThrowResponseAlreadyStartedException(string value)
         {
-            throw new InvalidOperationException(value + " cannot be set, response had already started.");
+            throw new BadHttpResponseException(value + " cannot be set, response had already started.");
         }
 
         [MethodImpl(MethodImplOptions.NoInlining)]

src/Microsoft.AspNetCore.Server.Kestrel/Internal/Http/FrameHeaders.cs

@@ -52,7 +52,7 @@ StringValues IDictionary<string, StringValues>.this[string key]
         [MethodImpl(MethodImplOptions.NoInlining)]
         protected void ThrowHeadersReadOnlyException()
         {
-            throw new InvalidOperationException("Headers are read-only, response has already started.");
+            throw new BadHttpResponseException("Headers are read-only, response has already started.");
         }
 
         [MethodImpl(MethodImplOptions.NoInlining)]

src/Microsoft.AspNetCore.Server.Kestrel/Internal/Infrastructure/IKestrelTrace.cs

@@ -33,6 +33,8 @@ public interface IKestrelTrace : ILogger
 
         void ConnectionDisconnectedWrite(string connectionId, int count, Exception ex);
 
+        void ConnectionHeadResponseBodyWrite(string connectionId, int count);
+
         void ConnectionBadRequest(string connectionId, BadHttpRequestException ex);
 
         void NotAllConnectionsClosedGracefully();

src/Microsoft.AspNetCore.Server.Kestrel/Internal/Infrastructure/KestrelTrace.cs

@@ -24,6 +24,7 @@ public class KestrelTrace : IKestrelTrace
         private static readonly Action<ILogger, string, Exception> _applicationError;
         private static readonly Action<ILogger, string, Exception> _connectionError;
         private static readonly Action<ILogger, string, int, Exception> _connectionDisconnectedWrite;
+        private static readonly Action<ILogger, string, int, Exception> _connectionHeadResponseBodyWrite;
         private static readonly Action<ILogger, Exception> _notAllConnectionsClosedGracefully;
         private static readonly Action<ILogger, string, string, Exception> _connectionBadRequest;
 
@@ -48,6 +49,7 @@ static KestrelTrace()
             _connectionDisconnectedWrite = LoggerMessage.Define<string, int>(LogLevel.Debug, 15, @"Connection id ""{ConnectionId}"" write of ""{count}"" bytes to disconnected client.");
             _notAllConnectionsClosedGracefully = LoggerMessage.Define(LogLevel.Debug, 16, "Some connections failed to close gracefully during server shutdown.");
             _connectionBadRequest = LoggerMessage.Define<string, string>(LogLevel.Information, 17, @"Connection id ""{ConnectionId}"" bad request data: ""{message}""");
+            _connectionHeadResponseBodyWrite = LoggerMessage.Define<string, int>(LogLevel.Debug, 18, @"Connection id ""{ConnectionId}"" write of ""{count}"" body bytes to non-body HEAD response.");
         }
 
         public KestrelTrace(ILogger logger)
@@ -133,6 +135,11 @@ public virtual void ConnectionDisconnectedWrite(string connectionId, int count,
             _connectionDisconnectedWrite(_logger, connectionId, count, ex);
         }
 
+        public virtual void ConnectionHeadResponseBodyWrite(string connectionId, int count)
+        {
+            _connectionHeadResponseBodyWrite(_logger, connectionId, count, null);
+        }
+
         public virtual void NotAllConnectionsClosedGracefully()
         {
             _notAllConnectionsClosedGracefully(_logger, null);