Invoke-WebRequest/Invoke-RestMethod: PR #10034 violates RFC7230 and therefore breaks HTTP Desync Mitigation modes

## Background

PR #10034 that fixes issue #9473 and has been introduced in `7.0.0-preview.2`.
This sets a `String.Empty` body for GET requests in `Invoke-WebRequest` and `Invoke-RestMethod` which usually do not have a body.

Unfortunately this also leads .NET to add a `Content-Length: 0` header because of the `String.Empty` HTTP request body.

And this breaks RFC7230, see the official RFC7230 Section 3.3.2: https://tools.ietf.org/html/rfc7230#section-3.3.2 
```
   A user agent SHOULD NOT send a
   Content-Length header field when the request message does not contain
   a payload body and the method semantics do not anticipate such a
   body.
```
Why is this a problem?
* To prevent HTTP Request Smuggling attacks Cloud Service Providers such as AWS and vendors of Application Load Balancers have implemented so-called "HTTP Desync Mitigation modes".
* On AWS the "Strictest Mode" for example blocks all requests that are not RFC7230 conform.
** See https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#desync-mitigation-mode for explanation
* Here is a list of classification reasons that are not RFC7230 conform: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html#classification-reasons
** `GetHeadZeroContentLength` - There is a `Content-Length` header with a value of 0 for a GET or HEAD request.
** This classifies the request as `Acceptable` which is being blocked in "Strictest Mode"
* You cannot use `Invoke-WebRequest` or `Invoke-RestMethod` on AWS hosted websites where this setting has been set
* This will result in a HTTP 400 - Bad Request
* This might also affect other Cloud Service Providers like Azure or Google Cloud Platform, but I cannot confirm that, as I'm only using AWS.


## Steps to reproduce

* On an AWS Application Load Balancer set the HTTP Desync Mitigation Mode to "Strictest Mode"
* Then try a simple `Invoke-WebRequest` on `PowerShell 7.0.0-preview.2` or above:
```powershell
MY C:\> Invoke-WebRequest -Uri "https://mywebsite.example.com/"
Invoke-WebRequest:
400 Bad Request
400 Bad Request
```

## Expected behavior

* Do not set a `Content-Length: 0` header as it is not RFC7230 conform if you do not have a HTTP Request body

## Actual behavior

* PowerShell 7 always sets the HTTP header `Content-Length: 0` for GET/HEAD requests without HTTP Request body and therefore violates RFC7230

## Environment data

* This is reproducible on AWS Lambda with `PowerShell 7.0.0` on Linux as well as on Windows 10 with `PowerShell 7.1.0`


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Invoke-WebRequest/Invoke-RestMethod: PR #10034 violates RFC7230 and therefore breaks HTTP Desync Mitigation modes #15186

Background

Steps to reproduce

Expected behavior

Actual behavior

Environment data

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Invoke-WebRequest/Invoke-RestMethod: PR #10034 violates RFC7230 and therefore breaks HTTP Desync Mitigation modes #15186

Description

Background

Steps to reproduce

Expected behavior

Actual behavior

Environment data

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions