Closed
Bug 582468
Opened 14 years ago
Closed 2 years ago
HTTP_ACCEPT is not constant
Categories
(Core :: Networking: HTTP, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: mozilla_bugs, Unassigned)
Details
User-Agent: Opera/9.80 (X11; Linux i686; U; en) Presto/2.6.30 Version/10.60 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.6) Gecko/20100628 Ubuntu/10.04 (lucid) Firefox/3.6.6 When accessing an html document, my HTTP_ACCEPT is set to "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", however when accessing a JavaScript file that has been included in the <head> section of that same page, the HTTP_ACCEPT used when accessing the JS changes to *.* Reproducible: Always Steps to Reproduce: 1.On a PHP enabled server, create an HTML document with the following tag in the <head> section: <script src="js.php" type="text/javascript"></script> 2.Create js.php with the following contents: <?php echo 'alert("'.$_SERVER['HTTP_ACCEPT'].'");'; ?> 3.Go to js.php directly and notice that HTTP_ACCEPT is displayed correctly in the source code 4.Go to your HTML file and notice that *.* is alerted Expected Results: HTTP_ACCEPT should not change depending on the mime-type or content-type, but should always remain constant.
Comment 1•13 years ago
|
||
Can you post an example webpage to test this?
Reporter | ||
Comment 2•13 years ago
|
||
Sure: http://www.adventure-inn.com/mozilla/http_accept.php The source for http_accept.php is: <?php echo "<?"; ?>xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>HTTP_ACCEPT test</title> <script src="http_accept_js.php" type="text/javascript"></script> </head> <body> <p>Your HTTP_ACCEPT for HTML files is: <?php echo $_SERVER['HTTP_ACCEPT']; ?></p> </body> </html> and http_accept_js.php is: document.write ("<p>Your HTTP_ACCEPT for JS files is: <?php echo $_SERVER['HTTP_ACCEPT']; ?></p>"); Results: In Opera 11.01: Your HTTP_ACCEPT for JS files is: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 Your HTTP_ACCEPT for HTML files is: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 In Firefox 3.6.14: Your HTTP_ACCEPT for JS files is: */* Your HTTP_ACCEPT for HTML files is: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 This generally is not a problem, however for an application I am developing, I decided to implement some session hijack detection and besides the general IP change detection, one of the things I tried verifying didn't change was the HTTP_ACCEPT, which worked well with Opera, but when testing in Firefox, it was constantly throwing errors since HTTP_ACCEPT was not constant.
Comment 3•4 years ago
|
||
According to https://developer.mozilla.org/en-US/docs/Web/HTTP/Content_negotiation/List_of_default_Accept_values all browser now use . fo script files so this can be closed.
Comment 4•2 years ago
|
||
All browsers use different values for different types of content at this point, including for images, stylesheets, videos, etc. - see https://developer.mozilla.org/en-US/docs/Web/HTTP/Content_negotiation/List_of_default_Accept_values . This is expected.
Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Component: Preferences → Networking: HTTP
Product: Firefox → Core
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•