Closed Bug 245447 Opened 20 years ago Closed 20 years ago

response to HEAD-request containing content results in corrupt download when using HTTP/1.1 and keep-alive

Categories

(Core :: Networking: HTTP, defect)

Product:
Core
Component:
Networking: HTTP
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: defraine, Assigned: darin.moz)

References

(
URL
)

Details

Attachments

(1 file)

Sample HTTP server in Perl using HTTP::Daemon
596 bytes, text/plain
Details 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a1) Gecko/20040520
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a1) Gecko/20040520

When using Mozilla to access the OTRS application, downloads made using "Save
Link Target as..." often are corrupted and contain part of the HTTP-response
header in the middle. Not saving the link, but just displaying it in the browser
shows correct content.
After some investigation, I suspect that this is caused by OTRS replying to
Mozilla's HEAD-request with a response that doesn't contain just headers, but
also the content (see additional information below).

Reproducible: Sometimes
Steps to Reproduce:
1. Fire up Mozilla and open the URL of the OTRS demo site
2. Click on "Login" to login with the default username and password
3. In the message view that shows up next, locate the "attachment" section,
right-click the link "license.txt" and select "Save link Target as..."
4. When the dialog shows up to specify the download file name, quickly click "Save"
5. Wait for the download to complete

Actual Results:  
The downloaded file is either correct or corrupted in a very structured way (the
latter is what happens most often). When the resulting file is corrupted, it is
much bigger (about 58.205 bytes in size), and has a structure like this:
[ second part of the Mozilla license text ]
[ HTTP response-header ]
[ a line containing the text "7895" ]
[ Mozilla license text ]
[ a line containing the text "0" ]

With "HTTP response header" I mean for example the following text:

HTTP/1.1 200 OK
Date: Thu, 03 Jun 2004 08:38:40 GMT
Server: Apache/1.3.27 (Linux/SuSE) PHP/4.3.1 mod_perl/1.27
Content-Disposition: filename=license.txt
Keep-Alive: timeout=10, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/plain; charset="us-ascii"


Expected Results:  
The downloaded file should always be the correct file. By this I mean the file
that is also displayed in the browser when you simply click the link, not when
you "Save link target as...". This file is 30.869 bytes in size and just
contains the Mozilla license text.

When using the "Save link target as..." function, Mozilla first issues a
HEAD-request (to discover the filename, I guess), then shows the dialog where
you can specify where you want to save, and then issues the GET-request to make
the actual download. I suspect that this is caused by OTRS replying to the first
HEAD-request with a response that doesn't contain just headers, but also the
content (i.e. replying as if it was a GET-request). Under certain circumstances
Mozilla mixes this unexpected response-content from the HEAD-request with the
response from the GET-request.

I managed to isolate the problem by writing a simple Perl HTTP daemon that sends
a HTTP response with content, no matter what type of request. When you make a
link to this server in a separate page, and use the "Save link target as..." on
that link, this always produces the problem mentioned above, only slightly
different. What happens is the following:
1. Mozilla asks where to download and proposes the filename reported by the server.
2. When you specify a filename, Mozilla starts to download in the download
manager, but after it has received all the information, it keeps waiting for
several minutes for the download to end (i.e. the download is still marked as
"Saving").
3. When I make the daemon close its connection by killing it, Mozilla marks the
download as completed; however the downloaded file is corrupt in the same
structural way as described above.

It does work correctly however when I change the HTTP networking settings and
disable either HTTP/1.1 or "Keep-Alive".
>replying to
>Mozilla's HEAD-request with a response that doesn't contain just headers, but
>also the content (see additional information below).

that is not allowed. fix the server.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
Verified.

See RFC2616 :

9.4 HEAD

   The HEAD method is identical to GET except that the server MUST NOT
   return a message-body in the response. The metainformation contained
   in the HTTP headers in response to a HEAD request SHOULD be identical
   to the information sent in response to a GET request. This method can
   be used for obtaining metainformation about the entity implied by the
   request without transferring the entity-body itself. This method is
   often used for testing hypertext links for validity, accessibility,
   and recent modification.
Status: RESOLVED → VERIFIED
unfortunately, not everyone is RFC compliant with respect to HEAD requests.  and
it's not just the small players:

$ telnet www.yahoo.com 80
Trying 216.109.117.207...
Connected to www.yahoo.com (216.109.117.207).
Escape character is '^]'.
HEAD / HTTP/1.1
host: www.yahoo.com
 
HTTP/1.1 200 OK
Date: Sun, 06 Jun 2004 08:15:39 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV
TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL
UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Cache-Control: private
Vary: User-Agent
Connection: close
Content-Type: text/html
 
<html><head>
 
<title>Yahoo!</title>...

in the interests of playing nice in the sandbox and following the 'be strict in
what you send, lenient in what you receive' mantra, properly handling invalid
responses to HEAD requests probably ought to be addressed.  at least if there is
an interest in making mozilla a better client.
(In reply to comment #4)
> in the interests of playing nice in the sandbox and following the 'be strict in
> what you send, lenient in what you receive' mantra, properly handling invalid
> responses to HEAD requests probably ought to be addressed.  at least if there is
> an interest in making mozilla a better client.

unfortunately that is not exactly possible. there is a bug to stop sending HEAD
requests, which would avoid this issue, another workaround would be to stop
using keepalive w/ HEAD, but it is not possible to find out whether this body
was a HTTP/0.9 response to the following GET request or whether it was to HEAD;
at least not reliably.
(In reply to comment #5)
> there is a bug to stop sending HEAD
> requests, 

That would be bug 160454

> which would avoid this issue,

Then perhaps this bug should be apropriately linked to that one?
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: