hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 19235] - Problem with redirect on HEAD when (bad, naughty) server returns body content
Date Tue, 06 May 2003 17:28:23 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19235>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19235

Problem with redirect on HEAD when (bad, naughty) server returns body content





------- Additional Comments From olegk@apache.org  2003-05-06 17:28 -------
Eric,
Both approaches in question have their advantages and disadvantages. None of 
them is a panacea and is guaranteed to be able to recover gracefully in all 
possible scenarios. 

This, of course, is subjective but I just do not like the idea of scanning 
through the response body that may contain any arbitrary sequence of bytes. The 
use of header information is by no means a more effective method that the one 
you suggest, but it does appear a more proper, more compliant approach (at 
least to me). If a particular server sends just an arbitrary stream of garbage 
that has no correlation with information in the header, I do not think we 
should go at extraordinary lengths to recover from this kind of HTTP spec 
abuse. 

As to those modifications I made to HttpMethodBase they are (intended to be) 
mere clean-ups. They should have no performance impact of what so ever (or so 
I'd like to hope) I just moved the check for improperly terminated empty chunk-
encoded body from the ChunkedInputStream class to HttpMethodBase where we have 
more information about the execution environment and therefore are in a better 
position to take appropriate corrective measures. 

I agree this check may be inappropriate when executing in the strict mode. 
Unfortunately the RFC is a bit vague on whether an empty chunk-encoded response 
body must have a closing chunk or may be omitted altogether. There are 
conflicting opinions. For instance, the company that produces the IIS web 
server seems to subscribe to the latter point of view. 

Oleg

Mime
View raw message