Closed Bug 1544619 Opened 5 years ago Closed 5 years ago

HEAD request return contents that was cached from a previous GET request

Categories

(Core :: Networking: HTTP, defect, P2)

Product:
Core
Component:
Networking: HTTP
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla69
Tracking Flags:
Tracking Status
firefox66 --- wontfix
firefox67 --- wontfix
firefox68 --- wontfix
firefox69 --- verified

People

(Reporter: dima, Assigned: kershaw)

Details

(Whiteboard: [necko-triaged])

Attachments

(2 files, 1 obsolete file)

head.html
1.44 KB, text/html
Details
Bug 1544619 - Ignore response body if method is HEAD or CONNECT
47 bytes, text/x-phabricator-request
Details | Review
Attached file head.html (obsolete) —

User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0

Steps to reproduce:

According to the docs, HEAD requests should not have a body, and if the server does return a body, it must be ignored: https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/HEAD

However, Firefox will incorrectly return a response body for a HEAD request if the contents of the URL has been cached from a prior GET request.

I'm attaching a test case; you can also access it at https://dimaryaz.s3.amazonaws.com/head.html

Open the console, then click "HEAD", "GET", "HEAD". The first HEAD will work correctly, while the second one will return a body.

Actual results:

HEAD returns contents

Expected results:

HEAD should not return contents

Real-life example of where this comes up: AWS SDK's "headObject" method tries to parse the response body as XML and fails (unless the file actually contains XML, which is usually not the case). Not sure why it's trying to parse it as XML - but it works fine when there is no response body.

Reproduced comment 0 on 68.0a1 20190418221600, 67.0b11 20190415085659, 66.0.3 20190409155332 using Ubuntu 16.04/x64.

Status: UNCONFIRMED → NEW
status-firefox66: --- → affected
status-firefox67: --- → affected
status-firefox68: --- → affected
Component: Untriaged → DOM: Core & HTML
Ever confirmed: true
Product: Firefox → Core
Version: 66 Branch → Trunk
Attached file head.html

Fix the DOCTYPE - not sure what happened there.

Attachment #9058461 - Attachment is obsolete: true
Component: DOM: Core & HTML → Networking: HTTP
Assignee: nobody → kershaw
Priority: -- → P2
Whiteboard: [necko-triaged]

According to the spec, we should ignore the response body for the HEAD and CONNECT requests.

This should land early for 69, IMO.

Pushed by kjang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/0427669077f6
Ignore response body if method is HEAD or CONNECT r=mayhemer

https://hg.mozilla.org/mozilla-central/rev/0427669077f6

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox69: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla69
Flags: qe-verify+

Hi, I managed to reproduce this issue in older versions of Firefox but this issue no longer occurs in Nightly 69.0a1 (2019-05-29).

status-firefox69: fixedverified

Works for me in the nightly builds. Thanks everyone!

Since this is a Wont fix in other versions I will updated the flags.

Status: RESOLVED → VERIFIED
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: