Hi,
it is not even that the OPES processor MUST NOT by default trust the
Content-Length header returned by a callout service, actually neither agent can
trust that header.
An OPES processor may call a first callout service and then forward the
response to a second callout service, i.e. implementing a pipe of callout
services.
We should not force the OPES processor to do the header correctness check and
recalculation after each callout service response but only at the very end
before sending on the HTTP message on the HTTP path.
That means that a callout server may see the HTTP message that was already
modified by another service and hence some headers may be incorrect.
I would therefore like to require that both agents MUST use sizep parameter if
they know the message length and no agent SHOULD trust the Content-Length
header.
That makes it also simpler for the callout service to use the sizep parameter.
If the service does not need to parse the HTTP headers for its filtering
purpose, it would not be nice if it needs to lookup the content length header
value in order to insert sizep parameters. If it already receives sizep from
the OCP client, it has an easier job.
The OCP client, as typically being tightly bound to a HTTP proxy, has probably
easy access to the content length header of the message (if any).
Regards
Martin