HTTP server decoding (aka HttpServerDecoder) is broken is several parts:
1) it make the assertion that PUT and POST request must have a non -zero length body. This is false, thing about REST request: an empty PUT request can be use to create a server initialized entry and an empty POST request can be used to change properties where the value is stored in the URL (/rest/1234/status/cancelled). In that case, an exception is thrown but the state is not reset so remaining decoding will fail
2) it also make the assumption that only PUT and POST request can have a body where I can't find a significant case but I tried a GET request with a body on Google (GPE), Microsoft (IIS) and Apache (Apache) and Google was the only server to reject the request as malformed.