412945 - Malformed POST requests generated when using elance.com

Status: RESOLVED FIXED

(Core :: Networking: HTTP, defect)

Description

[Simon Waters]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.10) Gecko/20071115 Iceweasel/2.0.0.10 (Debian-2.0.0.10-0etch1)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.10) Gecko/20071115 Iceweasel/2.0.0.10 (Debian-2.0.0.10-0etch1)

When you click the "sign-In" button on www.elance.com it issues a POST using the Yahoo AJAX library call YAHOO.util.Connect.asyncRequest.

When using Firefox (on Windows or Iceweasel on Debian) behind a Squid cache, the Squid Cache rejects these requests as malformed (error 411 require length).

IE6 and Safari (Mac OS) both work as expected.

Observation: IE6 sends a "Content-Length: 0" header.

Speculation: tcpdump suggests that Firefox is omitting the "Content-Length" header for these requests, which appears to be violation of RFC 1945 which says they are required for HTTP 1.0 POST requests - but this is beyond my expertise (I only configure web servers I don't write them).

Reproducible: Always

Steps to Reproduce:
1. Configure Firefox to use Squid Cache (squid 2.6.5-6 from Debian Etch was used)
2. Visit www.elance.com
3. Click "sign-In"
Actual Results:  
Nothing happens

Expected Results:  
Sign-In Dialog appears

tcpdump -s 0 -A -v -i eth0 host 212.24.80.83  

14:28:50.035129 IP (tos 0x0, ttl 128, id 30968, offset 0, flags [DF], proto: TCP (6), length: 798) h83.zynet2.co.uk.2634 > balfour.3128: P, cksum 0x4c42 (correct), 1:759(758) ack 1 win 17520
E...x.@...6...PS..P]
J.8........P.DpLB..POST http://www.elance.com/php/reg/main/signInAHR.php?mode=checksignedin HTTP/1.1
Host: www.elance.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://www.elance.com/p/landing/buyer.html
Cookie: currency=GBP; DRUPAL_UID=1111111; i18n=en; userid=1111111; uname=XXXXXX; elance-odsk=111111111-1853140-1853140-212.24.80-aaaaaa66a75d4cb-%2A; s_cc=true; s_sq=%5B%5BB%5D%5D
Pragma: no-cache
Cache-Control: no-cache


14:28:50.035138 IP (tos 0x0, ttl  64, id 52621, offset 0, flags [DF], proto: TCP (6), length: 40) balfour.3128 > h83.zynet2.co.uk.2634: ., cksum 0x639d (correct), ack 759 win 6822
E..(..@.@.$a..P]..PS.8
J........P...c...
14:28:50.035713 IP (tos 0x0, ttl  64, id 52622, offset 0, flags [DF], proto: TCP (6), length: 1500) balfour.3128 > h83.zynet2.co.uk.2634: ., cksum 0x4eb0 (incorrect (-> 0xbe62), 1:1461(1460) ack 759 win 6822
E.....@.@.....P]..PS.8
J........P...N...HTTP/1.0 411 Length Required
Server: squid/2.6.STABLE5
Date: Fri, 18 Jan 2008 14:28:50 GMT
Content-Type: text/html
Content-Length: 1912
Expires: Fri, 18 Jan 2008 14:28:50 GMT
X-Squid-Error: ERR_INVALID_REQ 0
X-Cache: MISS from balfour.int.zynet.net
X-Cache-Lookup: NONE from balfour.int.zynet.net:3128
Via: 1.0 balfour.int.zynet.net:3128 (squid/2.6.STABLE5)
Proxy-Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The requested URL could not be retrieved</TITLE>
<STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
</HEAD><BODY>
<H1>ERROR</H1>
<H2>The requested URL could not be retrieved</H2>
<HR noshade size="1px">
<P>
While trying to process the request:
<PRE>

I've mangled the cookie content - just in case that included enough to log folk in - sorry.

Comment 1

[Simon Waters]

Indicated this was 2.0 branch - 2.0.0.10 Iceweasel 2.0.0.11 Firefox (on Windows 2000).

Adrian Chadd (Squid Users list) reported he reproduced on MacOS X - recommended a bug be filed against Firefox.

Comment 2

[Frank Wein [:mcsmurf]]

Can you test if this also occors with a current nightly-build from http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/ ?

Comment 3

[Simon Waters]

Reproduced behavior with Minefield build 3b3 dated "Jan 21 13:38".

Comment 4

[Michal Novotny [:michal]]

POST without "Content-Length" header is sent for example with following JS code:

var xmlhttp = new XMLHttpRequest();
xmlhttp.open("POST", docname, true);
xmlhttp.send(null);

Comment 5

[Michal Novotny [:michal]]

Attachment: fix

According to 7.2.2 in rfc1945 and 4.4 in rfc2616 there must be Content-Length header when message body in request is present. "Content-Length: 0" is added in nsHttpTransaction::Init() when it is needed. Although Firefox IMHO doesn't use chunked encoding in requests, there is a check for "Transfer-Encoding" for case that it will be changed in future.

Comment 6

[Boris Zbarsky [:bzbarsky]]

Comment on attachment 325853 [details] [diff] [review]
fix

This looks fine, but take out the "See bug ..." thing and cite the RFC instead, remove the extra parens around each of the first two == tests (so make it look like:

  (a == b || c == d) && ....
) and please make sure to add a regression test for this.

Comment 7

[Dan Mellem]

For CA teachers, http://avid.lacoe.edu/ doesn't work when behind a squid proxy server because of this bug. They're using an old version of mootools.js. The code in question on this site is:

getData('home.asp','main');

which effectively does:

var getPage = new Ajax('home.asp', {update: $('main'), evalScripts: true});
getPage.request();

but since the default option method: is POST, the page breaks. This bug fix will help work around this problem.

Thanks.

Comment 8

[Christian :Biesinger (don't email me, ping me on IRC)]

Comment on attachment 325853 [details] [diff] [review]
fix

No, this is wrong. There may be a content-length header in the body stream (if requestBodyHasHeaders is true), and in that case you shouldn't add this header here.

Comment 9

[Michal Novotny [:michal]]

Attachment: new fix

- doesn't add header if requestBodyHasHeaders is true
- better comment
- added test

Comment 10

[Christian :Biesinger (don't email me, ping me on IRC)]

Comment on attachment 340349 [details] [diff] [review]
new fix

Sorry that I'm making another suggestion here, but I thought some more about this..

You should only really get into this case if there is no request body. So it seems like you could replace this:

+        !requestBodyHasHeaders &&
+        !requestHead->PeekHeader(nsHttp::Content_Length) &&

with just checking for !requestBody

+++ netwerk/test/unit/test_bug412945.js	25 Sep 2008 16:37:09 -0000
+  var xmlhttp = Components.classes["@mozilla.org/xmlextras/xmlhttprequest;1"]
+                .createInstance(Components.interfaces.nsIXMLHttpRequest);


XMLHttpRequest is not a necko feature. Please move this test to content/ somewhere, and/or only use necko APIs.

Comment 11

[Michal Novotny [:michal]]

Attachment: patch v4

Comment 12

[Christian :Biesinger (don't email me, ping me on IRC)]

Comment on attachment 341019 [details] [diff] [review]
patch v4

+function TestListener() {
+}
+TestListener.prototype.onStartRequest = function(request, context) {
+}
+TestListener.prototype.onStopRequest = function(request, context, status) {
+  httpserv.stop();

please add newlines between the functions

Comment 13

[Michal Novotny [:michal]]

Attachment: patch v5

Comment 14

[Reed Loden [:reed]]

http://hg.mozilla.org/mozilla-central/rev/f3dbdd6d0c3e