Closed
Bug 412945
Opened 17 years ago
Closed 16 years ago
Malformed POST requests generated when using elance.com
Categories
(Core :: Networking: HTTP, defect)
Tracking
()
RESOLVED
FIXED
mozilla1.9.1b1
People
(Reporter: simon, Assigned: michal)
References
()
Details
Attachments
(1 file, 3 obsolete files)
3.24 KB,
patch
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.10) Gecko/20071115 Iceweasel/2.0.0.10 (Debian-2.0.0.10-0etch1) Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.10) Gecko/20071115 Iceweasel/2.0.0.10 (Debian-2.0.0.10-0etch1) When you click the "sign-In" button on www.elance.com it issues a POST using the Yahoo AJAX library call YAHOO.util.Connect.asyncRequest. When using Firefox (on Windows or Iceweasel on Debian) behind a Squid cache, the Squid Cache rejects these requests as malformed (error 411 require length). IE6 and Safari (Mac OS) both work as expected. Observation: IE6 sends a "Content-Length: 0" header. Speculation: tcpdump suggests that Firefox is omitting the "Content-Length" header for these requests, which appears to be violation of RFC 1945 which says they are required for HTTP 1.0 POST requests - but this is beyond my expertise (I only configure web servers I don't write them). Reproducible: Always Steps to Reproduce: 1. Configure Firefox to use Squid Cache (squid 2.6.5-6 from Debian Etch was used) 2. Visit www.elance.com 3. Click "sign-In" Actual Results: Nothing happens Expected Results: Sign-In Dialog appears tcpdump -s 0 -A -v -i eth0 host 212.24.80.83 14:28:50.035129 IP (tos 0x0, ttl 128, id 30968, offset 0, flags [DF], proto: TCP (6), length: 798) h83.zynet2.co.uk.2634 > balfour.3128: P, cksum 0x4c42 (correct), 1:759(758) ack 1 win 17520 E...x.@...6...PS..P] J.8........P.DpLB..POST http://www.elance.com/php/reg/main/signInAHR.php?mode=checksignedin HTTP/1.1 Host: www.elance.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-gb,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Referer: http://www.elance.com/p/landing/buyer.html Cookie: currency=GBP; DRUPAL_UID=1111111; i18n=en; userid=1111111; uname=XXXXXX; elance-odsk=111111111-1853140-1853140-212.24.80-aaaaaa66a75d4cb-%2A; s_cc=true; s_sq=%5B%5BB%5D%5D Pragma: no-cache Cache-Control: no-cache 14:28:50.035138 IP (tos 0x0, ttl 64, id 52621, offset 0, flags [DF], proto: TCP (6), length: 40) balfour.3128 > h83.zynet2.co.uk.2634: ., cksum 0x639d (correct), ack 759 win 6822 E..(..@.@.$a..P]..PS.8 J........P...c... 14:28:50.035713 IP (tos 0x0, ttl 64, id 52622, offset 0, flags [DF], proto: TCP (6), length: 1500) balfour.3128 > h83.zynet2.co.uk.2634: ., cksum 0x4eb0 (incorrect (-> 0xbe62), 1:1461(1460) ack 759 win 6822 E.....@.@.....P]..PS.8 J........P...N...HTTP/1.0 411 Length Required Server: squid/2.6.STABLE5 Date: Fri, 18 Jan 2008 14:28:50 GMT Content-Type: text/html Content-Length: 1912 Expires: Fri, 18 Jan 2008 14:28:50 GMT X-Squid-Error: ERR_INVALID_REQ 0 X-Cache: MISS from balfour.int.zynet.net X-Cache-Lookup: NONE from balfour.int.zynet.net:3128 Via: 1.0 balfour.int.zynet.net:3128 (squid/2.6.STABLE5) Proxy-Connection: close <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <TITLE>ERROR: The requested URL could not be retrieved</TITLE> <STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE> </HEAD><BODY> <H1>ERROR</H1> <H2>The requested URL could not be retrieved</H2> <HR noshade size="1px"> <P> While trying to process the request: <PRE> I've mangled the cookie content - just in case that included enough to log folk in - sorry.
Reporter | ||
Comment 1•17 years ago
|
||
Indicated this was 2.0 branch - 2.0.0.10 Iceweasel 2.0.0.11 Firefox (on Windows 2000). Adrian Chadd (Squid Users list) reported he reproduced on MacOS X - recommended a bug be filed against Firefox.
Version: unspecified → 2.0 Branch
Updated•17 years ago
|
Component: General → Networking: HTTP
Product: Firefox → Core
QA Contact: general → networking.http
Version: 2.0 Branch → 1.8 Branch
Comment 2•17 years ago
|
||
Can you test if this also occors with a current nightly-build from http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/ ?
Reporter | ||
Comment 3•17 years ago
|
||
Reproduced behavior with Minefield build 3b3 dated "Jan 21 13:38".
Assignee | ||
Comment 4•16 years ago
|
||
POST without "Content-Length" header is sent for example with following JS code: var xmlhttp = new XMLHttpRequest(); xmlhttp.open("POST", docname, true); xmlhttp.send(null);
Assignee | ||
Comment 5•16 years ago
|
||
According to 7.2.2 in rfc1945 and 4.4 in rfc2616 there must be Content-Length header when message body in request is present. "Content-Length: 0" is added in nsHttpTransaction::Init() when it is needed. Although Firefox IMHO doesn't use chunked encoding in requests, there is a check for "Transfer-Encoding" for case that it will be changed in future.
Assignee: nobody → michal
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Attachment #325853 -
Flags: review?(cbiesinger)
Updated•16 years ago
|
Attachment #325853 -
Flags: superreview+
Attachment #325853 -
Flags: review?(cbiesinger)
Attachment #325853 -
Flags: review+
Comment 6•16 years ago
|
||
Comment on attachment 325853 [details] [diff] [review] fix This looks fine, but take out the "See bug ..." thing and cite the RFC instead, remove the extra parens around each of the first two == tests (so make it look like: (a == b || c == d) && .... ) and please make sure to add a regression test for this.
Comment 7•16 years ago
|
||
For CA teachers, http://avid.lacoe.edu/ doesn't work when behind a squid proxy server because of this bug. They're using an old version of mootools.js. The code in question on this site is: getData('home.asp','main'); which effectively does: var getPage = new Ajax('home.asp', {update: $('main'), evalScripts: true}); getPage.request(); but since the default option method: is POST, the page breaks. This bug fix will help work around this problem. Thanks.
Updated•16 years ago
|
Attachment #325853 -
Flags: review+ → review-
Comment 8•16 years ago
|
||
Comment on attachment 325853 [details] [diff] [review] fix No, this is wrong. There may be a content-length header in the body stream (if requestBodyHasHeaders is true), and in that case you shouldn't add this header here.
Assignee | ||
Comment 9•16 years ago
|
||
- doesn't add header if requestBodyHasHeaders is true - better comment - added test
Attachment #325853 -
Attachment is obsolete: true
Attachment #340349 -
Flags: superreview?(cbiesinger)
Comment 10•16 years ago
|
||
Comment on attachment 340349 [details] [diff] [review] new fix Sorry that I'm making another suggestion here, but I thought some more about this.. You should only really get into this case if there is no request body. So it seems like you could replace this: + !requestBodyHasHeaders && + !requestHead->PeekHeader(nsHttp::Content_Length) && with just checking for !requestBody +++ netwerk/test/unit/test_bug412945.js 25 Sep 2008 16:37:09 -0000 + var xmlhttp = Components.classes["@mozilla.org/xmlextras/xmlhttprequest;1"] + .createInstance(Components.interfaces.nsIXMLHttpRequest); XMLHttpRequest is not a necko feature. Please move this test to content/ somewhere, and/or only use necko APIs.
Attachment #340349 -
Flags: superreview?(cbiesinger) → superreview-
Assignee | ||
Comment 11•16 years ago
|
||
Attachment #340349 -
Attachment is obsolete: true
Attachment #341019 -
Flags: superreview?(cbiesinger)
Comment 12•16 years ago
|
||
Comment on attachment 341019 [details] [diff] [review] patch v4 +function TestListener() { +} +TestListener.prototype.onStartRequest = function(request, context) { +} +TestListener.prototype.onStopRequest = function(request, context, status) { + httpserv.stop(); please add newlines between the functions
Attachment #341019 -
Flags: superreview?(cbiesinger) → superreview+
Assignee | ||
Comment 13•16 years ago
|
||
Attachment #341019 -
Attachment is obsolete: true
Assignee | ||
Updated•16 years ago
|
Keywords: checkin-needed
Comment 14•16 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/f3dbdd6d0c3e
Updated•16 years ago
|
Target Milestone: --- → mozilla1.9.1b1
Updated•16 years ago
|
Flags: in-testsuite+
You need to log in
before you can comment on or make changes to this bug.
Description
•