fix(http2): send body for non-expectsPayload methods with content (#5030)

Author: mcollina

lib/dispatcher/client-h2.js

@@ -622,7 +622,7 @@ function writeH2 (client, request) {
     contentLength = request.contentLength
   }
 
-  if (!expectsPayload) {
+  if (contentLength === 0 && !expectsPayload) {
     // https://tools.ietf.org/html/rfc7230#section-3.3.2
     // A user agent SHOULD NOT send a Content-Length header field when
     // the request message does not contain a payload body and the method

test/http2-body-delete.js

@@ -0,0 +1,103 @@
+'use strict'
+
+const { test, after } = require('node:test')
+const { createSecureServer } = require('node:http2')
+const { once } = require('node:events')
+const assert = require('node:assert')
+
+const pem = require('@metcoder95/https-pem')
+
+const { Client } = require('..')
+
+test('Should handle h2 DELETE request with body', async t => {
+  const server = createSecureServer(await pem.generate({ opts: { keySize: 2048 } }))
+  const expectedBody = '{"ids":[1,2,3]}'
+  const requestBody = []
+  let contentLengthHeader = null
+
+  server.on('stream', async (stream, headers) => {
+    assert.strictEqual(headers[':method'], 'DELETE')
+    assert.strictEqual(headers[':path'], '/')
+    assert.strictEqual(headers[':scheme'], 'https')
+
+    contentLengthHeader = headers['content-length']
+
+    stream.respond({
+      'content-type': 'application/json',
+      ':status': 200
+    })
+
+    for await (const chunk of stream) {
+      requestBody.push(chunk)
+    }
+
+    stream.end(JSON.stringify({ deleted: true }))
+  })
+
+  after(() => server.close())
+  await once(server.listen(0), 'listening')
+
+  const client = new Client(`https://localhost:${server.address().port}`, {
+    connect: {
+      rejectUnauthorized: false
+    },
+    allowH2: true
+  })
+  after(() => client.close())
+
+  const response = await client.request({
+    path: '/',
+    method: 'DELETE',
+    body: expectedBody,
+    headers: {
+      'content-type': 'application/json'
+    }
+  })
+
+  assert.strictEqual(response.statusCode, 200)
+  // Content-Length header should be sent for DELETE with body
+  assert.strictEqual(contentLengthHeader, String(expectedBody.length))
+  assert.strictEqual(Buffer.concat(requestBody).toString('utf-8'), expectedBody)
+
+  await response.body.dump()
+})
+
+test('Should not send Content-Length for h2 DELETE without body', async t => {
+  const server = createSecureServer(await pem.generate({ opts: { keySize: 2048 } }))
+  let contentLengthHeader = null
+
+  server.on('stream', async (stream, headers) => {
+    assert.strictEqual(headers[':method'], 'DELETE')
+
+    contentLengthHeader = headers['content-length']
+
+    stream.respond({
+      'content-type': 'application/json',
+      ':status': 200
+    })
+
+    stream.end(JSON.stringify({ deleted: true }))
+  })
+
+  after(() => server.close())
+  await once(server.listen(0), 'listening')
+
+  const client = new Client(`https://localhost:${server.address().port}`, {
+    connect: {
+      rejectUnauthorized: false
+    },
+    allowH2: true
+  })
+  after(() => client.close())
+
+  const response = await client.request({
+    path: '/',
+    method: 'DELETE'
+  })
+
+  assert.strictEqual(response.statusCode, 200)
+  // Content-Length header should NOT be sent for DELETE without body
+  assert.strictEqual(contentLengthHeader, undefined)
+
+  await response.body.dump()
+})