commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject RE: [HTTPClient] Header parser
Date Wed, 14 Feb 2007 15:34:46 GMT
On Tue, 2007-02-13 at 16:13 -0800, Kedar Panse wrote:
> Sorry to pop the same thing again.  It looks like in HttpParser.java
> This method:
> parseHeaders(InputStream is, String charset)
> 
> checks for LWS chars  like this
> 
>   if ((line.charAt(0) == ' ') || (line.charAt(0) == '\t')) {
> 		blah blah.
> 	}
>   else{
> 		Blah blah...
> 		int colon = line.indexOf(":");
>                 if (colon < 0) {
>                     throw new ProtocolException("Unable to parse header: " +
> line);
>                 }
> 		Blah blah....
> 	}
> 
> 
> So if the header is something like "Set-Cookie: user-cookie=xxxx; path=/;
> domain=.xxx.com; secure HTTP/1.0 200" gets spitted in to 2 lines. Which is
> kinda correct. But as you can see the next line now is HTTP/1.0 200.  Here
> there is no colon. Here httpclient thinks it's a bad header and throws the
> error. 
> 
> However this should be handled I think, if it's a correct according to
> folded headers in 2616.  I ran across server that does return something like
> this, and IE/FireFox does process it ok (off course server is IIS so.. not
> confident about std)
> 
> 
> You guys have any thought on this?
> 

Kedar,

As far as I am concerned this case is an obvious violation of the HTTP
spec. HttpClient is not a browser and is not meant to be lenient about
HTTP messages that are completely messed up.

Oleg

> 
> Cheers!
> 
> Kedar
> 
> 
> -----Original Message-----
> From: Kedar Panse [mailto:kedar@bancbridge.com] 
> Sent: Monday, February 05, 2007 3:34 AM
> To: 'Jakarta Commons Users List'
> Subject: RE: [HTTPClient] Header parser
> 
> Interesting. Let me try the same.. I must be making some mistake. I did had
> RC4. Thanks!
> 
> 
> 
> Kedar
> 
> -----Original Message-----
> From: Bindul Bhowmik [mailto:bindulbhowmik@gmail.com] 
> Sent: Sunday, February 04, 2007 1:35 AM
> To: Jakarta Commons Users List
> Subject: Re: [HTTPClient] Header parser
> 
> Kedar,
> 
> On 2/3/07, Kedar Panse <kedar@bancbridge.com> wrote:
> > Actually there is not a new line, it's the same line where the set cookie
> > header is.
> > So the line contains:
> >
> > "Set-Cookie: user-cookie=xxxx; path=/; domain=.xxx.com; secure HTTP/1.0
> 200"
> >
> > Which I think makes this invalid. But I read somewhere that server can
> > choose to change the protocol from HTTP/1.1 to HTTP/1.0 in such cases it
> can
> > send two of these headers? I am not quite sure if this is covered under
> > folded headers thing.
> >
> 
> I am a bit confused now. I am not sure which version of HTTPClient you
> are using, but I tried recreating this scenario using a simple
> servlet, and HTTPClient code from TRUNK.
> 
> If there is just a space between 'secure' and 'HTTP' the client does
> not fail. Below are excerpts from my wire log.
> 
> 13:01:22,578 [main] DEBUG [httpclient.wire.header]  - << "HTTP/1.1 200
> OK[\r][\n]"
> 13:01:22,593 [main] DEBUG [httpclient.wire.header]  - << "Server:
> Apache-Coyote/1.1[\r][\n]"
> 13:01:22,593 [main] DEBUG [httpclient.wire.header]  - << "Set-Cookie:
> user-cookie="xxxx  HTTP/1.0 200"[\r][\n]"
> 13:01:22,593 [main] DEBUG [httpclient.wire.header]  - << "Set-Cookie:
> user-cookie1=xxxy; path=/; domain=localhost; secure HTTP/1.0
> 200[\r][\n]"
> 13:01:22,593 [main] DEBUG [httpclient.wire.header]  - <<
> "Content-Length: 0[\r][\n]"
> 13:01:22,593 [main] DEBUG [httpclient.wire.header]  - << "Date: Sat,
> 03 Feb 2007 20:01:22 GMT[\r][\n]"
> 13:01:22,625 [main] DEBUG [commons.httpclient.HttpMethodBase]  -
> Cookie accepted: "$Version=0; user-cookie=xxxx  HTTP/1.0 200"
> 13:01:22,625 [main] DEBUG [commons.httpclient.HttpMethodBase]  -
> Cookie accepted: "$Version=0; user-cookie1=xxxy; $Path=/;
> $Domain=localhost"
> 
> >
> > Thanks!
> >
> >
> > Kedar
> >
> > -----Original Message-----
> > From: Bindul Bhowmik [mailto:bindulbhowmik@gmail.com]
> > Sent: Saturday, February 03, 2007 3:18 PM
> > To: Jakarta Commons Users List
> > Subject: Re: [HTTPClient] Header parser
> >
> > Kedar,
> >
> > On 2/3/07, Kedar Panse <kedar@bancbridge.com> wrote:
> > > Hello guys!
> > >
> > >
> > >
> > > I have been using HTTPClient for quite a while, thanks to you guys work!
> > > Recently I came across a site, which I believe is returning bad headers.
> > > HTTPClient seems to choke on
> > >
> > >
> > >
> > > Set-Cookie: user-cookie=xxxx; path=/; domain=.xxx.com; secure HTTP/1.0
> 200
> >
> > The HTTP/1.0 200 is the status line of the HTTP response and is
> > supposed to be the first line in the response [1]. HttpClient is
> > trying to parse that field as a name value HTTP Header.
> >
> > Also, not evident in the email, I think there is a new line character
> > between secure and HTTP in that line.
> >
> > >
> > > content-type: text/html
> > >
> > >
> > >
> > > Exception I get is:
> > >
> > >
> > >
> > > WARNING: org.apache.commons.httpclient.ProtocolException: Unable to
> parse
> > > header: HTTP/1.0 200
> > >
> > >
> > >
> > >
> > >
> > > Is this a valid header for cookie?  Firefox/IE seem to get past it easy.
> > Is
> > > there any way to get around this?
> >
> > The way to get around this is to modify the HttpClient source. More
> > specifically you need to modify the
> > org.apache.commons.httpclient.HttpParser#readLine(InputStream, String)
> > method and can make it lenient and ask it to ignore any lines that
> > dont follow the standard 'header-name: header-value' pattern. You can
> > modify the source and rebuild your own jar.
> >
> > I don't know your entire response, but if HttpClient has reached the
> > state where it is parsing the headers, I assume the server has already
> > sent a status line as the first line of response.
> >
> > >
> > >
> > >
> > >
> > >
> > > Regards,
> > >
> > >
> > >
> > > Kedar
> > >
> > >
> >
> > Hope this helps,
> >
> > Regards,
> > Bindul
> >
> > --
> > Bindul Bhowmik
> > MindTree Consulting Ltd.
> >
> 
> Regards,
> Bindul


---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org


Mime
View raw message