Open
Bug 1891719
Opened 1 year ago
Updated 14 days ago
Lone LF (\n) in fetch response header triggers a timeout
Categories
(Core :: DOM: Networking, defect, P2)
Tracking
()
UNCONFIRMED
People
(Reporter: jannis, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [necko-triaged][necko-priority-next])
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0
Steps to reproduce:
- Fetch a resource that contains an erroneous lone LF :
HTTP/1.1 200
\nstrict-transport-security: max-age:20
more-headers
body
- Observe that the fetch times out
- Example URL 1: http://sub.headers.websec.saarland/_hp/tests/upgrade-hsts.sub.html?resp_type=parsing&browser_id=1&label=HSTS&first_id=29885&last_id=29885&scheme=http&t_resp_id=29885&t_element_relation=direct_direct&t_resp_origin=http://sub.headers.websec.saarland
- Example URL2: http://sub.headers.websec.saarland/_hp/tests/fetch-cors.sub.html?resp_type=parsing&browser_id=1&label=CORS-ACAC&first_id=10759&last_id=10763&scheme=http&t_resp_id=10759&t_element_relation=GET_simple&t_resp_origin=https://headers.webappsec.eu
Actual results:
Fetch times out (own timeout of 5 seconds) (NS_BINDING_ABORTED)
Expected results:
- Do not time out, but either fail the fetch (as the response is invalid) or ignore the LF and load the response?
- Chromium and Safari seem to ignore the LF
- For images, Firefox loads them (everything after the LF seems to be parsed as the body). However, no headers are displayed in the network headers tab at all: http://sub.headers.websec.saarland/_hp/tests/perfAPI-tao.sub.html?resp_type=parsing&browser_id=1&label=TAO&first_id=41834&last_id=41843&scheme=http&t_resp_id=41838&t_element_relation=img_direct&t_resp_origin=https://headers.webappsec.eu
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
Whiteboard: [necko-triaged][necko-priority-new] → [necko-triaged][necko-priority-next]
|
||
Updated•14 days ago
|
Rank: 4
You need to log in
before you can comment on or make changes to this bug.
Description
•