passenger 4.0.38 → 4.0.39

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    NWY2M2JhYzAwOWI1NGJiNDQ0YmNhYjFkZjk3ZjUxMGUxZDQxYjM2MQ==
+    NGY1MTk2N2EzOGQwZTdiMGFjZTNjNWE2MmEwZDQ2Yjk3NzA5YThmNQ==
   data.tar.gz: !binary |-
-    M2FiN2YwZTg5MDYzZjRkM2ZmYjE4YWIyNTk4MDM5YWY0NmM0NWE1MA==
+    OTJiNzQ2OGI0ZTI5MGFjZTdlMTQxM2RhNmZlNmJmNzJjNWVhOWYzYQ==
 SHA512:
   metadata.gz: !binary |-
-    Y2E0ZTUwNWQxZTkyZjAyYWI5MTgyMDg5MzYxNzQ2OGEwYjlmYjNiMjMyZjJm
-    YmYyNTVlNmFlYzVlNjRkZDQxYTk2YTFjMzAzZmQyNTY5ZTJmZTg3ZmYzZmMw
-    YmU4OGIyZGI5YjAxZjYwOTI0NmJkNjQxNGIxODI4NWJmMTdjNjc=
+    ZjJhNGRlMzkzZDA2ZjU3ZDI0ZjA4ZjNlZTAwOTNiZDllOWZkMzY3NGIwZjJj
+    ZWYzZWVhZTQzMmM2NjAyZmUyZTU2YTllYjQ4NzQ1ZGIzNGY3MGQxMjQ1Y2My
+    NGU3ZjlhZTc5YTljNzA1NTQ1NDdmZTkxNjc0NzAxMDdkNzRjYjk=
   data.tar.gz: !binary |-
-    NTUwMTlmOWJjZTFhMzdhMDEwNTRkY2RjY2MxOTllOThiMGUzYjJjNGVkZDRh
-    N2Q4MDY0ODQ4MmRhYzkwZjE4NWI5OGM0YTkzOTYwMmFiZGRlMDEwOTVkN2I2
-    OGQxMjZkN2MzM2RjNzE0NmJmZjM4MjAyYzU1NTgwYmEwZDg4YTg=
+    ZGUxZWI2MGU1MGQ3Mzc4MjE0MWEyNzI2OGEyYzdlMWY5MGY2NzhiZjkxM2E4
+    MTRmMTM1NzY0YTcwNmNmM2ZiZTlkNDY3MTBiMWM1ZGU3OTBmNTdkMmYxZTdj
+    ZTU0ZWJiMTlkMmU3ZTdkOGQ3MTZiODI3YWMxMDc3NjEyMTc2OTA=

checksums.yaml.gz.asc

@@ -2,11 +2,11 @@
 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 
-iQEcBAABAgAGBQJTHZ8EAAoJECrHRaUKISqMsBMH+gK3TAtT8EgtFuBgW/FTpWA+
-GQYAdza0FIpBDcLrXuvzU/SYot8j+/FZdwYEqi1xp/IYyX6wjNsfmB9rnUKCnADK
-UsotDRNQ9QNitAcwy3/HYpq2qMArMrQAVUg9uQ6whL+h9UCKmIt2Behn0QL8YITY
-OcUuoy+0CkCcGiJuni3TEkPOpjrRZk7E2+7igTyEkN1cMseMOo06q+hCneCDJ9Uy
-PSxQ/BZReTBWbVHKJwwAEe3yEfZPKnjawxkvgtTsO4iHZQj2FbeS/Nnl0/WVKxzp
-CysaDlfon1bTDktijbN+ZhsSqavFtIVXIk9Pnba8KViVsHFn2R9/uXh5c7FkkFM=
-=kE6h
+iQEcBAABAgAGBQJTKAuvAAoJECrHRaUKISqMqQ8IAKfMz5RiUwwOTbkRHfbPIg7C
+ScvfeE9smkw4aTjIhu0eOnt34eUKzpJrFtsZT3pYNMqhJ0bVefE/AuFJE9ZiWLUk
++1XyNOgYwS7V/9390c9P0/BsBySkXMTQmOYwofjP5lF/lG1tEUV9/RG3u3yNdAV0
+bkcwI4RRakA042dySBircovPZr3Oy1Tse82kFK3m1NP3YA2pWNyMKySdEVNyyh5U
+LqSEgF39cYBCOQ19sYbDORMeeB07snXUNLk2wdhFeWvB11T5SzaKgNM5KpBro4Lp
+BdYuVxh7o9tlSHBfyN9zCSYcmrm4M+qP0oLge3JoCormhSMYf+MZMTCPOauT94U=
+=m76H
 -----END PGP SIGNATURE-----

data.tar.gz.asc

@@ -2,11 +2,11 @@
 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 
-iQEcBAABAgAGBQJTHZ8EAAoJECrHRaUKISqM5lYH/3XJx9eqN+CwmPt3TuntozWD
-cG+UX9LbGUSol+BGvE5wwuKfa10n0Gt7o8/OjsiWgmeI2RcgTrP8YcLSH/dsqRNB
-DZdzpdq+03fJrgysYriG1e2UKhoG0BvY89Ux9ZncB3iiyteF+TMVdswdgwJiCVLF
-miWYlX7efLoQu9ii7iDYWQq3nCImeefl3ei6lopS7lpAEdWplTQf2dUEGzJyCzd2
-r1F2pN4gIUFDE/hOg8g/bQIs/HeZq3hlcDKJ3nXWpiSlgpT6Ywrs0kuIUE2KGDzJ
-gW9SEsBgnV5RuC0kIYsVBGv+//hxoCvj22eZUz1cfvhZagAHzcL1n+t7+LRHkuY=
-=28wv
+iQEcBAABAgAGBQJTKAuvAAoJECrHRaUKISqMVwUIALZ5285fqasa+0WXQCSGqoms
+8gU5FXOvKzhgkNrC6sKVt3d6hrXsgnd+ofgy8UzedVidkBTk6fWWCqaUAnccbkVM
+yznhoYdTVASa4pnXSnkS+cmEShMGQy9OoIeZpQA3pGYd5f1BQUJLzJPR8nvYDSOA
+VmG1z4qFa8o+WP2sHl8mOt1wsvOHMjsTXbJx/YVzvdymRUg2hZkIk0ll+XK1dqoL
+Q92FkTw+zLLLqVTyNl/HvQWpzgj3xhMiuCbxTHm/7/4RXA9Xh9JziUkQjXU5iNcv
+e1CZRz2+UhhN8fsBLIQRGdqe0qiInqbGSFlff9qibFgTtdihGcEwaudjZq/XODI=
+=w0gy
 -----END PGP SIGNATURE-----

data/CHANGELOG

@@ -1,3 +1,27 @@
+Release 4.0.39
+--------------
+
+ * Fixed a crash that could happen if the client disconnects while a chunked
+   response is being sent. Fixes issue #1062.
+ * In Phusion Passenger Standalone, it is now possible to customize the Nginx
+   configuration file on Heroku. It is now also possible to permanently apply
+   changes to the Nginx configuration file, surviving upgrades. Please refer
+   to the "Advanced configuration" section of the Phusion Passenger Standalone
+   manual for more information.
+ * The programming language selection menu in passenger-install-apache2-module
+   and passenger-install-nginx-module only works on terminals that support
+   UTF-8 and that have a UTF-8 capable font. To cater to users who cannot meet
+   these requirements (e.g. PuTTY users using any of the default Windows fonts),
+   it is now possible to switch the menu to a plain text mode by pressing '!'.
+   Fixes issue #1066.
+ * Fixed printing UTF-8 characters in log files in Phusion Passenger Standalone.
+ * It is now possible to dump live backtraces of Python apps through the
+   'SIGABRT' signal.
+ * Fixed closing of file descriptors on OS X 10.9.
+ * Fixed compilation problems with Apple Clang 503.0.38 on OS X.
+ * Fixed compilation of native_support on Rubinius.
+
+
 Release 4.0.38
 --------------
 

data/bin/passenger

@@ -36,4 +36,9 @@ PhusionPassenger.locate_directories
 PhusionPassenger.require_passenger_lib 'standalone/main'
 
 STDOUT.sync = STDERR.sync = true
+
+# Fixes https://github.com/phusion/passenger-ruby-heroku-demo/issues/11
+STDOUT.binmode
+STDERR.binmode
+
 PhusionPassenger::Standalone::Main.run!(ARGV)

data/bin/passenger-install-apache2-module

@@ -157,7 +157,7 @@ private
 		puts
 		if interactive?
 			puts "Use <space> to select."
-			puts "<dgray>If the menu doesn't display correctly, ensure that your terminal supports UTF-8.</dgray>"
+			puts "<dgray>If the menu doesn't display correctly, press '!'</dgray>"
 		else
 			puts "Override selection with --languages."
 		end

data/bin/passenger-install-nginx-module

@@ -174,7 +174,7 @@ private
 		puts
 		if interactive?
 			puts "Use <space> to select."
-			puts "<dgray>If the menu doesn't display correctly, ensure that your terminal supports UTF-8.</dgray>"
+			puts "<dgray>If the menu doesn't display correctly, press '!'</dgray>"
 		else
 			puts "Override selection with --languages."
 		end

data/build/apache2.rb

@@ -106,10 +106,8 @@ APACHE2_MODULE_INPUT_FILES.each_pair do |target, sources|
 		object_basename = File.basename(target)
 		object_filename = APACHE2_OUTPUT_DIR + object_basename
 		compile_cxx(sources[0],
-			"#{EXTRA_PRE_CXXFLAGS} " <<
 			"#{APACHE2_MODULE_CXXFLAGS} " <<
-			"-o #{object_filename} " <<
-			"#{EXTRA_CXXFLAGS}")
+			"-o #{object_filename}")
 	end
 end
 
@@ -140,10 +138,8 @@ end
 
 file APACHE2_MOD_PASSENGER_O => ['ext/apache2/mod_passenger.c'] do
 	compile_c('ext/apache2/mod_passenger.c',
-		"#{EXTRA_PRE_CFLAGS} " <<
 		"#{APACHE2_MODULE_CFLAGS} " <<
-		"-o #{APACHE2_MOD_PASSENGER_O} " <<
-		"#{EXTRA_CFLAGS}")
+		"-o #{APACHE2_MOD_PASSENGER_O}")
 end
 
 task :clean => 'apache2:clean'

data/build/cxx_tests.rb

@@ -233,6 +233,11 @@ task 'test:cxx' => dependencies do
 			abort "You cannot set both REPEAT=1 and GDB=1."
 		end
 		sh "cd test && while #{command}; do echo -------------------------------------------; done"
+	elsif boolean_option('REPEAT_FOREVER')
+		if boolean_option('GDB')
+			abort "You cannot set both REPEAT_FOREVER=1 and GDB=1."
+		end
+		sh "cd test && while true; do #{command}; echo -------------------------------------------; done"
 	else
 		sh "cd test && exec #{command}"
 	end

data/build/packaging.rb

@@ -325,6 +325,7 @@ task 'package:update_homebrew' do
 		abort("Unable to substitute Homebrew formula tarball filename")
 	formula.gsub!(/sha1 .*/, "sha1 '#{sha1}'") ||
 		abort("Unable to substitute Homebrew formula SHA-1")
+	formula.gsub!(/^  bottle do.*?end\n *\n/m, '')
 	necessary_dirs = ORIG_TARBALL_FILES.call.map{ |filename| filename.split("/").first }.uniq
 	necessary_dirs -= Packaging::HOMEBREW_EXCLUDE
 	necessary_dirs += ["buildout"]

data/dev/list_tests.rb

@@ -0,0 +1,36 @@
+#!/usr/bin/env ruby
+# Lists the test names in the given .cpp test file.
+require_relative '../lib/phusion_passenger/utils/ansi_colors'
+
+include PhusionPassenger::Utils::AnsiColors
+
+def extract_category_name(occurrence)
+	occurrence =~ / (.+) /
+	return $1
+end
+
+def extract_test_name(occurrence)
+	occurrence = occurrence.sub(/.*?\((.+)\).*/m, '\1')
+	occurrence.gsub!(/"\n[ \t]*"/m, '')
+	occurrence.sub!(/\A"/, '')
+	occurrence.sub!(/"\Z/, '')
+	return occurrence
+end
+
+def start(filename)
+	STDOUT.write(DEFAULT_TERMINAL_COLOR)
+	begin
+		occurrences = File.read(filename).scan(%r{/\*\*\*\*\* .+? \*\*\*\*\*/|set_test_name\(.+?\);}m)
+		occurrences.each do |occurrence|
+			if occurrence =~ %r{\A/}
+				puts ansi_colorize("<b>" + extract_category_name(occurrence) + "</b>")
+			else
+				puts "  " + extract_test_name(occurrence)
+			end
+		end
+	ensure
+		STDOUT.write(RESET)
+	end
+end
+
+start(ARGV[0])

data/doc/Users guide Standalone.txt

@@ -57,6 +57,9 @@ Most configuration is done by customizing the arguments passed to the `passenger
 passenger start --ssl --ssl-certificate ... --ssl-certificate-key ... --ssl-port 3001
 ------------------------------------------------------------------------------
 
+`--nginx-config-template`::
+	Specifies the Nginx configuration template file to use. See <<advanced_configuration,Advanced configuration>>.
+
 See `--help` for all available options.
 
 
@@ -88,6 +91,9 @@ The following configuration options are supported:
 +
 When in mass deployment mode, you will probably want to set a different `port` too. If you don't, and you end up in a situation in which a port is used for both HTTP and HTTPS traffic, then the builtin Nginx core will abort with an error.
 
+`nginx_config_template`::
+	Equivalent to the `--nginx-config-template` command line option.
+
 Here is an example configuration file:
 
 [source,javascript]
@@ -104,20 +110,29 @@ Here is an example configuration file:
 
 [[advanced_configuration]]
 === Advanced configuration
+:version: 4.0.39
+include::users_guide_snippets/since_version.txt[]
 
 Phusion Passenger Standalone is built on the same technology that powers link:Users%20guide%20Nginx.html[Phusion Passenger for Nginx], so any configuration option supported by Phusion Passenger for Nginx can be applied to Standalone as well. You can do this by editing the Standalone configuration template directly.
 
-First, go to the directory where Phusion Passenger is installed:
+First, create a copy of the default Phusion Passenger Nginx configuration template file:
 
 -------------------------------------
-cd $(passenger-config --root)
+cp $(passenger-config about resourcesdir)/templates/standalone/config.erb nginx.conf.erb
 -------------------------------------
 
-Then open the file `resources/templates/standalone/config.erb`.
+Then open `nginx.conf.erb` and modify it as you see fit. The file is a normal Nginx configuration file, in the ERB template format.
+
+Every time you start Standalone, you must pass the `--nginx-config-template` parameter, which tells Standalone to use your specific Nginx configuration template file. For example:
+
+[source,sh]
+------------------------------------------
+passenger start --nginx-config-template nginx.config.erb
+------------------------------------------
 
-NOTE: If you installed Phusion Passenger using the Debian or Ubuntu packages, then the filename is `/usr/share/passenger/templates/standalone/config.erb` or `/usr/share/passenger-enterprise/templates/standalone/config.erb`.
+Alternatively, if you don't want to pass this parameter every time, you can also set the `nginx_config_template` option in <<config_file,passenger-standalone.json>>.
 
-Please note that changes to this file only last until you reinstall or upgrade Phusion Passenger. We are currently working on a mechanism for permanently editing the configuration file.
+NOTE: The original configuration template file may change from time to time, e.g. because new features are introduced into Phusion Passenger. If your configuration template file does not contain the required changes, then these new features may not work properly. In the worst case, Standalone might even malfunction. Therefore, every time you upgrade Phusion Passenger, you should check whether the original configuration template file has changed, and merge back any changes into your own file.
 
 
 == Using Passenger Standalone in production

data/doc/users_guide_snippets/analysis_and_system_maintenance.txt

@@ -128,20 +128,13 @@ The most likely reason why a spike occurs is because your application is frozen,
 [[debugging_frozen]]
 === Debugging frozen applications ===
 
-If one of your application instances is frozen (stopped responding), then you
+If one of your application processes is frozen (stopped responding), then you
 can figure out where it is frozen by killing it with 'SIGABRT'. This will cause the
-application to raise an exception, with a backtrace.
-
-The exception (with full backtrace information) is normally logged into the web server
-error log. But if your application or if its web framework has its own exception logging
-routines, then exceptions might be logged into the application's log files instead.
-This is the case with Ruby on Rails. So if you kill a Ruby on Rails application with
-'SIGABRT', please check the application's 'production.log' first (assuming that you're
-running it in a 'production' environment). If you don't see a backtrace there, check
-the web server error log.
-
-NOTE: It is safe to kill application instances, even in live environments. Phusion Passenger
-will restart killed application instances, as if nothing bad happened.
+processs to print a backtrace, after which it aborts. The backtrace information is
+logged into the web server error log file.
+
+In case of Ruby applications, you can also send the 'SIGQUIT' signal to have it print
+a backtrace without aborting.
 
 
 === Accessing individual application processes ===

data/ext/common/Constants.h

@@ -88,7 +88,7 @@
 
 	#define NGINX_DOC_URL "http://www.modrails.com/documentation/Users%20guide%20Nginx.html"
 
-	#define PASSENGER_VERSION "4.0.38"
+	#define PASSENGER_VERSION "4.0.39"
 
 	#define POOL_HELPER_THREAD_STACK_SIZE 262144
 

data/ext/common/MessageClient.h

@@ -1,6 +1,6 @@
 /*
  *  Phusion Passenger - https://www.phusionpassenger.com/
- *  Copyright (c) 2010 Phusion
+ *  Copyright (c) 2010-2014 Phusion
  *
  *  "Phusion Passenger" is a trademark of Hongli Lai & Ninh Bui.
  *
@@ -29,11 +29,11 @@
 #include <boost/bind.hpp>
 #include <string>
 
-#include "StaticString.h"
-#include "Exceptions.h"
-#include "Utils/MessageIO.h"
-#include "Utils/IOUtils.h"
-#include "Utils/ScopeGuard.h"
+#include <StaticString.h>
+#include <Exceptions.h>
+#include <Utils/MessageIO.h>
+#include <Utils/IOUtils.h>
+#include <Utils/ScopeGuard.h>
 
 
 namespace Passenger {
@@ -241,7 +241,7 @@ public:
 		va_start(ap, name);
 		try {
 			try {
-				writeArrayMessage(fd, name, ap);
+				writeArrayMessageVA(fd, name, ap);
 			} catch (const SystemException &) {
 				autoDisconnect();
 				throw;

data/ext/common/Utils.cpp

@@ -1031,13 +1031,17 @@ getFileDescriptorLimit() {
 	}
 	
 	long result;
-	if (sysconfResult > rlimitResult) {
+	// OS X 10.9 returns LLONG_MAX. It doesn't make sense
+	// to use that result so we limit ourselves to the
+	// sysconf result.
+	if (rlimitResult >= INT_MAX || sysconfResult > rlimitResult) {
 		result = sysconfResult;
 	} else {
 		result = rlimitResult;
 	}
+
 	if (result < 0) {
-		// Both calls returned errors.
+		// Unable to query the file descriptor limit.
 		result = 9999;
 	} else if (result < 2) {
 		// The calls reported broken values.

data/ext/common/Utils/MessageIO.h

@@ -1,6 +1,6 @@
 /*
  *  Phusion Passenger - https://www.phusionpassenger.com/
- *  Copyright (c) 2011 Phusion
+ *  Copyright (c) 2011-2014 Phusion
  *
  *  "Phusion Passenger" is a trademark of Hongli Lai & Ninh Bui.
  *
@@ -492,7 +492,7 @@ writeArrayMessage(int fd, const StaticString args[], unsigned int nargs, unsigne
 }
 
 inline void
-writeArrayMessage(int fd, const StaticString &name, va_list &ap, unsigned long long *timeout = NULL) {
+writeArrayMessageVA(int fd, const StaticString &name, va_list &ap, unsigned long long *timeout = NULL) {
 	StaticString args[10];
 	unsigned int nargs = 1;
 	bool done = false;
@@ -547,16 +547,11 @@ struct _VaGuard {
  * arguments as message elements. The list must be terminated with a NULL.
  */
 inline void
-writeArrayMessage(int fd, const StaticString &name, ...) {
+writeArrayMessage(int fd, const char *name, ...) {
 	va_list ap;
 	va_start(ap, name);
 	_VaGuard guard(ap);
-	writeArrayMessage(fd, name, ap);
-}
-
-inline void
-writeArrayMessage(int fd, const char *name) {
-	abort();
+	writeArrayMessageVA(fd, name, ap);
 }
 
 /** Version of writeArrayMessage() that accepts a variadic list of 'const char *'
@@ -564,11 +559,11 @@ writeArrayMessage(int fd, const char *name) {
  * with a NULL.
  */
 inline void
-writeArrayMessage(int fd, unsigned long long *timeout, const StaticString &name, ...) {
+writeArrayMessage(int fd, unsigned long long *timeout, const char *name, ...) {
 	va_list ap;
 	va_start(ap, name);
 	_VaGuard guard(ap);
-	writeArrayMessage(fd, name, ap, timeout);
+	writeArrayMessageVA(fd, name, ap, timeout);
 }
 
 /**

data/ext/common/agents/HelperAgent/RequestHandler.cpp

@@ -165,14 +165,17 @@ void
 Client::onAppInputChunkEnd(void *userData) {
 	Client *client = (Client *) userData;
 	assert(client != NULL);
-	assert(client->requestHandler != NULL);
-	client->requestHandler->onAppInputChunkEnd(client->shared_from_this());
+	// onAppInputChunk() could have triggered an error which caused a disconnect.
+	if (client->connected()) {
+		client->requestHandler->onAppInputChunkEnd(client->shared_from_this());
+	}
 }
 
 void
 Client::onAppInputError(const EventedBufferedInputPtr &source, const char *message, int errnoCode) {
 	Client *client = (Client *) source->userData;
-	if (client != NULL) {
+	// onAppInputChunk() could have triggered an error which caused a disconnect.
+	if (client != NULL && client->connected()) {
 		client->requestHandler->onAppInputError(client->shared_from_this(), message, errnoCode);
 	}
 }

data/ext/common/agents/HelperAgent/RequestHandler.h

@@ -72,6 +72,40 @@
                 (o)
         clientOutputWatcher
 
+
+
+   REQUEST BODY HANDLING STRATEGIES
+
+   This table describes how we should handle the request body (the part in the request
+   that comes after the request header, and may include WebSocket data), given various
+   factors. Strategies that are listed first have precedence.
+
+    Method     'Upgrade'  'Content-Length' or   Application    Action
+               header     'Transfer-Encoding'   socket
+               present?   header present?       protocol
+    ---------------------------------------------------------------------------------------------
+
+    GET/HEAD   -          Y                     -              Reject request[1]
+    Other      Y          -                     -              Reject request[2]
+
+    -          N          N                     http_session   Set requestBodyLength=0, keep socket open when done forwarding.
+    GET/HEAD   Y          N                     http_session   Set requestBodyLength=-1, keep socket open when done forwarding.
+    Other      N          Y                     http_session   Keep socket open when done forwarding. If Transfer-Encoding is
+                                                               chunked, rechunck the body during forwarding.
+
+    -          N          N                     session        Set requestBodyLength=0, half-close app socket when done forwarding.
+    GET/HEAD   Y          N                     session        Set requestBodyLength=-1, half-close app socket when done forwarding.
+    Other      N          Y                     session        Half-close app socket when done forwarding.
+    ---------------------------------------------------------------------------------------------
+
+    [1] Supporting situations in which there is both an HTTP request body and WebSocket data
+        is way too complicated. The RequestHandler code is complicated enough as it is.
+        Furthermore, GET requests with a body, although legal, are almost nonexistent and
+        support by other servers are shaky at best. For these reasons, we don't bother
+        supporting GET requests with body at all.
+    [2] RFC 6455 states that WebSocket upgrades may only happen over GET requests.
+        We don't bother supporting non-WebSocket upgrades.
+
  */
 
 #ifndef _PASSENGER_REQUEST_HANDLER_H_
@@ -180,10 +214,11 @@ private:
 		state = DISCONNECTED;
 		backgroundOperations = 0;
 		requestBodyIsBuffered = false;
+		requestIsChunked = false;
 		freeBufferedConnectPassword();
 		connectedAt = 0;
-		contentLength = 0;
-		clientBodyAlreadyRead = 0;
+		requestBodyLength = 0;
+		requestBodyAlreadyRead = 0;
 		checkoutSessionAfterCommit = false;
 		stickySession = false;
 		sessionCheckedOut = false;
@@ -268,8 +303,19 @@ public:
 	ev::timer timeoutTimer;
 
 	ev_tstamp connectedAt;
-	long long contentLength;
-	unsigned long long clientBodyAlreadyRead;
+	/** The size of the request body. The request body is the part that comes
+	 * after the request headers, which may be the HTTP request message body,
+	 * but may also be any other arbitrary data that is sent over the request
+	 * socket (e.g. WebSocket data).
+	 *
+	 * Possible values:
+	 * 
+	 * -1: infinite. Should keep forwarding client body until end of stream.
+	 *  0: no client body. Should stop after sending headers to application.
+	 * >0: Should forward exactly this many bytes of the client body.
+	 */
+	long long requestBodyLength;
+	unsigned long long requestBodyAlreadyRead;
 	Options options;
 	ScgiRequestParser scgiParser;
 	SessionPtr session;
@@ -283,6 +329,7 @@ public:
 	} scopeLogs;
 	unsigned int sessionCheckoutTry;
 	bool requestBodyIsBuffered;
+	bool requestIsChunked;
 	bool sessionCheckedOut;
 	bool checkoutSessionAfterCommit;
 	bool stickySession;
@@ -470,9 +517,13 @@ public:
 		}
 	}
 
+	/**
+	 * Checks whether we should half-close the application socket after forwarding
+	 * the request. HTTP does not formally support half-closing, and Node.js treats a
+	 * half-close as a full close, so we only half-close session sockets, not
+	 * HTTP sockets.
+	 */
 	bool shouldHalfCloseWrite() const {
-		// Many broken HTTP servers consider a half close to be a full close, so don't
-		// half close HTTP sessions.
 		return session->getProtocol() == "session";
 	}
 
@@ -532,8 +583,9 @@ public:
 		}
 		stream
 			<< indent << "requestBodyIsBuffered       = " << boolStr(requestBodyIsBuffered) << "\n"
-			<< indent << "contentLength               = " << contentLength << "\n"
-			<< indent << "clientBodyAlreadyRead       = " << clientBodyAlreadyRead << "\n"
+			<< indent << "requestIsChunked            = " << boolStr(requestIsChunked) << "\n"
+			<< indent << "requestBodyLength           = " << requestBodyLength << "\n"
+			<< indent << "requestBodyAlreadyRead      = " << requestBodyAlreadyRead << "\n"
 			<< indent << "clientInput                 = " << clientInput.get() <<  " " << clientInput->inspect() << "\n"
 			<< indent << "clientInput started         = " << boolStr(clientInput->isStarted()) << "\n"
 			<< indent << "clientBodyBuffer started    = " << boolStr(clientBodyBuffer->isStarted()) << "\n"
@@ -1057,7 +1109,7 @@ private:
 		// Process chunked transfer encoding.
 		Header transferEncoding = lookupHeader(headerData, "Transfer-Encoding", "transfer-encoding");
 		if (!transferEncoding.empty() && transferEncoding.value == "chunked") {
-			P_TRACE(3, "Response with chunked transfer encoding detected.");
+			RH_TRACE(client, 3, "Response with chunked transfer encoding detected.");
 			client->chunkedResponse = true;
 			removeHeader(headerData, transferEncoding);
 		}
@@ -1673,6 +1725,72 @@ private:
 		return modified;
 	}
 
+	void reportBadRequestAndDisconnect(const ClientPtr &client, const char *message) {
+		writeSimpleResponse(client, message, 400);
+		if (client->connected()) {
+			disconnectWithError(client, message);
+		}
+	}
+
+	void checkAndInternalizeRequestHeaders(const ClientPtr &client) {
+		ScgiRequestParser &parser = client->scgiParser;
+		StaticString requestMethod = parser.getHeader("REQUEST_METHOD");
+
+		if (requestMethod.empty()) {
+			reportBadRequestAndDisconnect(client, "Bad request (no request method given)");
+			return;
+		}
+
+		// Check Content-Length and Transfer-Encoding.
+		long long contentLength = getULongLongOption(client, "CONTENT_LENGTH");
+		StaticString transferEncoding = parser.getHeader("HTTP_TRANSFER_ENCODING");
+		if (contentLength != -1 && !transferEncoding.empty()) {
+			reportBadRequestAndDisconnect(client, "Bad request (request may not contain both Content-Length and Transfer-Encoding)");
+			return;
+		}
+		if (!transferEncoding.empty() && transferEncoding != "chunked") {
+			reportBadRequestAndDisconnect(client, "Bad request (only Transfer-Encoding chunked is supported)");
+			return;
+		}
+		// According to the HTTP/1.1 spec, Content-Length may not be 0.
+		// We could reject the request, but some important HTTP clients are broken
+		// (*cough* Ruby Net::HTTP *cough*) and fixing them is too much of
+		// a pain, so we choose support it.
+		if (contentLength == 0) {
+			contentLength = -1;
+			assert(transferEncoding.empty());
+		}
+
+		StaticString upgrade = parser.getHeader("HTTP_UPGRADE");
+		const bool requestIsGetOrHead = requestMethod == "GET" || requestMethod == "HEAD";
+		const bool requestBodyOffered = contentLength != -1 || !transferEncoding.empty();
+
+		// Reject requests that have a request body even though it's not allowed,
+		// and requests that have an Upgrade header even though it's not allowed.
+		if (requestIsGetOrHead) {
+			if (requestBodyOffered) {
+				reportBadRequestAndDisconnect(client, "Bad request (GET and HEAD requests may not contain a request body)");
+				return;
+			}
+		} else {
+			if (!upgrade.empty()) {
+				reportBadRequestAndDisconnect(client, "Bad request (Upgrade header is only allowed for non-GET and non-HEAD requests)");
+				return;
+			}
+		}
+
+		if (!requestBodyOffered) {
+			if (upgrade.empty()) {
+				client->requestBodyLength = 0;
+			} else {
+				client->requestBodyLength = -1;
+			}
+		} else {
+			client->requestBodyLength = contentLength;
+			client->requestIsChunked = !transferEncoding.empty();
+		}
+	}
+
 	static void fillPoolOption(const ClientPtr &client, StaticString &field, const StaticString &name) {
 		ScgiRequestParser::const_iterator it = client->scgiParser.getHeaderIterator(name);
 		if (it != client->scgiParser.end()) {
@@ -1903,7 +2021,11 @@ private:
 			 * onClientData exits.
 			 */
 			parser.rebuildData(modified);
-			client->contentLength = getULongLongOption(client, "CONTENT_LENGTH");
+
+			checkAndInternalizeRequestHeaders(client);
+			if (!client->connected()) {
+				return consumed;
+			}
 			fillPoolOptions(client);
 			if (!client->connected()) {
 				return consumed;
@@ -1918,7 +2040,7 @@ private:
 				client->state = Client::BUFFERING_REQUEST_BODY;
 				client->requestBodyIsBuffered = true;
 				client->beginScopeLog(&client->scopeLogs.bufferingRequestBody, "buffering request body");
-				if (client->contentLength == 0) {
+				if (client->requestBodyLength == 0) {
 					client->clientInput->stop();
 					state_bufferingRequestBody_onClientEof(client);
 					return 0;
@@ -1944,10 +2066,10 @@ private:
 		state_bufferingRequestBody_verifyInvariants(client);
 		assert(!client->clientBodyBuffer->isCommittingToDisk());
 
-		if (client->contentLength >= 0) {
+		if (client->requestBodyLength >= 0) {
 			size = std::min<unsigned long long>(
 				size,
-				(unsigned long long) client->contentLength - client->clientBodyAlreadyRead
+				(unsigned long long) client->requestBodyLength - client->requestBodyAlreadyRead
 			);
 		}
 
@@ -1957,13 +2079,13 @@ private:
 			client->backgroundOperations++; // TODO: figure out whether this is necessary
 			client->clientInput->stop();
 		}
-		client->clientBodyAlreadyRead += size;
+		client->requestBodyAlreadyRead += size;
 
 		RH_TRACE(client, 3, "Buffered " << size << " bytes of client body data; total=" <<
-			client->clientBodyAlreadyRead << ", content-length=" << client->contentLength);
-		assert(client->contentLength == -1 || client->clientBodyAlreadyRead <= (unsigned long long) client->contentLength);
+			client->requestBodyAlreadyRead << ", content-length=" << client->requestBodyLength);
+		assert(client->requestBodyLength == -1 || client->requestBodyAlreadyRead <= (unsigned long long) client->requestBodyLength);
 
-		if (client->contentLength >= 0 && client->clientBodyAlreadyRead == (unsigned long long) client->contentLength) {
+		if (client->requestBodyLength >= 0 && client->requestBodyAlreadyRead == (unsigned long long) client->requestBodyLength) {
 			if (client->clientBodyBuffer->isCommittingToDisk()) {
 				RH_TRACE(client, 3, "Done buffering request body, but clientBodyBuffer not yet done committing data to disk; waiting until it's done");
 				client->checkoutSessionAfterCommit = true;
@@ -2327,7 +2449,7 @@ private:
 		client->state = Client::FORWARDING_BODY_TO_APP;
 		if (client->requestBodyIsBuffered) {
 			client->clientBodyBuffer->start();
-		} else if (client->contentLength == 0) {
+		} else if (client->requestBodyLength == 0) {
 			state_forwardingBodyToApp_onClientEof(client);
 		} else {
 			client->clientInput->start();
@@ -2341,10 +2463,10 @@ private:
 		state_forwardingBodyToApp_verifyInvariants(client);
 		assert(!client->requestBodyIsBuffered);
 
-		if (client->contentLength >= 0) {
+		if (client->requestBodyLength >= 0) {
 			size = std::min<unsigned long long>(
 				size,
-				(unsigned long long) client->contentLength - client->clientBodyAlreadyRead
+				(unsigned long long) client->requestBodyLength - client->requestBodyAlreadyRead
 			);
 		}
 
@@ -2374,12 +2496,12 @@ private:
 			}
 			return 0;
 		} else {
-			client->clientBodyAlreadyRead += ret;
+			client->requestBodyAlreadyRead += ret;
 
 			RH_TRACE(client, 3, "Managed to forward " << ret << " bytes; total=" <<
-				client->clientBodyAlreadyRead << ", content-length=" << client->contentLength);
-			assert(client->contentLength == -1 || client->clientBodyAlreadyRead <= (unsigned long long) client->contentLength);
-			if (client->contentLength >= 0 && client->clientBodyAlreadyRead == (unsigned long long) client->contentLength) {
+				client->requestBodyAlreadyRead << ", content-length=" << client->requestBodyLength);
+			assert(client->requestBodyLength == -1 || client->requestBodyAlreadyRead <= (unsigned long long) client->requestBodyLength);
+			if (client->requestBodyLength >= 0 && client->requestBodyAlreadyRead == (unsigned long long) client->requestBodyLength) {
 				client->clientInput->stop();
 				state_forwardingBodyToApp_onClientEof(client);
 			}