Closed
Bug 1276820
Opened 8 years ago
Closed 8 years ago
bmoattachments.org sends malformed content-type header
Categories
(bugzilla.mozilla.org :: General, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: sideshowbarker, Assigned: dkl)
References
()
Details
Attachments
(2 files)
974 bytes,
patch
|
Details | Diff | Splinter Review | |
1.37 KB,
patch
|
dylan
:
review+
|
Details | Diff | Splinter Review |
https://bugzilla.mozilla.org/attachment.cgi?id=8758032&action=edit just has a literal "text/html" as the content-type, but https://bug1276161.bmoattachments.org/attachment.cgi?id=8758032 serves that attachment with a 'Content-Type:text/html; name="canvas-dashed-line.html"; charset=' header (that is, with an invalid name= param added, and with an empty charset= param).
Reporter | ||
Updated•8 years ago
|
Comment 1•8 years ago
|
||
Confirm this. Empty value for parameter here is invalid per HTTP spec.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee | ||
Updated•8 years ago
|
Assignee: attach-and-request → nobody
Component: Attachments & Requests → General
Product: Bugzilla → bugzilla.mozilla.org
QA Contact: default-qa
Version: unspecified → Production
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → dkl
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•8 years ago
|
||
We provide the empty charset= due to not knowing whether the attachment content is utf8 or not and also we add it to force Apache not to add it directly.
The rest I backported from upstream trunk which will fix the issue with the filename being added to content-type incorrectly.
dkl
Attachment #8758411 -
Flags: review?(dylan)
Reporter | ||
Comment 3•8 years ago
|
||
Please consider at least doing this instead:
Content-Type: text/html; charset=''
That is, with an empty quoted string as the charset parameter value instead of no value at all.
> We provide the empty charset=
Are you sure the way it's being done currently is actually conformant syntax?
As Xidorn noted in comment #1 it seems like it might not be.
The relevant part of the HTTP spec, https://tools.ietf.org/html/rfc7231#section-3.1.1.2 says:
parameter = token "=" ( token / quoted-string )
...and in https://tools.ietf.org/html/rfc7230#section-3.2.6 says:
token = 1*tchar
tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*"
/ "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
/ DIGIT / ALPHA
; any VCHAR, except delimiters
So if I'm reading that right, for HTTP, if a media-type parameter is specified, at least one character must be specified for its value. Or maybe you can specify what is effectively the empty string but if so it's only allowed if it's quoted; that is:
Content-Type: text/html; charset=''
> due to not knowing whether the attachment content is utf8 or not
If it’s not known to be utf8, then it’d seem the right way to convey that is to drop the charset param completely.
> and also we add it to force Apache not to add it directly
If Apache is adding it directly, that seems like something broken in Apache that should be fixed or patched rather than having the system send a broken/malformed HTTP header in every response.
Assignee | ||
Comment 4•8 years ago
|
||
(In reply to Michael[tm] Smith from comment #3)
> So if I'm reading that right, for HTTP, if a media-type parameter is
> specified, at least one character must be specified for its value. Or maybe
> you can specify what is effectively the empty string but if so it's only
> allowed if it's quoted; that is:
>
> Content-Type: text/html; charset=''
fair enough. new patch with charset=''.
dkl
Attachment #8759302 -
Flags: review?(dylan)
Updated•8 years ago
|
Attachment #8758411 -
Flags: review?(dylan)
Comment 5•8 years ago
|
||
Comment on attachment 8759302 [details] [diff] [review]
1276820_2.patch
Review of attachment 8759302 [details] [diff] [review]:
-----------------------------------------------------------------
r=dylan
Attachment #8759302 -
Flags: review?(dylan) → review+
Assignee | ||
Comment 6•8 years ago
|
||
To https://github.com/mozilla-bteam/bmo.git
acba90e..557410f master -> master
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•