Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

An illegal '0' character is appended to a 304 Not Modified Response #197

Closed
JonnoFTW opened this Issue Jun 25, 2018 · 2 comments

Comments

Projects
None yet
2 participants
@JonnoFTW
Copy link

JonnoFTW commented Jun 25, 2018

When using the following app:

from pyramid.config import Configurator
def main(global_config, **settings):
    config = Configurator(settings=settings)
    config.add_static_view('static', 'static', cache_max_age=3600)
    return config.make_wsgi_app()

And this development.ini config:

[server:main]
use = egg:waitress#main
host = 0.0.0.0
port = 6543

And started with;

pserve development.ini

And then making the following GET request, (note the If-Modified-Since header):

GET /static/test.css HTTP/1.1
Host: localhost:6543
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-AU,en-GB;q=0.7,en;q=0.3
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
If-Modified-Since: Mon, 23 Jun 2018 10:28:41 GMT
Cache-Control: max-age=0

I get the normal response:

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Content-Length: 32
Content-Type: text/css; charset=UTF-8
Date: Sat, 23 Jun 2018 09:00:18 GMT
Expires: Sat, 23 Jun 2018 10:00:18 GMT
Last-Modified: Sat, 23 Jun 2018 08:54:31 GMT
Server: waitress

html, body {
    height: 100%;
}

However if the If-Modified-Since header is changed to later:

GET /static/test.css HTTP/1.1
Host: p:6543
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-AU,en-GB;q=0.7,en;q=0.3
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
If-Modified-Since: Mon, 23 Jun 2018 10:28:41 GMT
Cache-Control: max-age=0

I get this:

HTTP/1.1 304 Not Modified
Cache-Control: max-age=3600
Connection: close
Date: Sat, 23 Jun 2018 09:00:52 GMT
Expires: Sat, 23 Jun 2018 10:00:52 GMT
Last-Modified: Sat, 23 Jun 2018 08:54:31 GMT
Server: waitress
Transfer-Encoding: chunked

0

Note the illegal 0 in the body. I had to do this via telnet, making the same request with python requests shows the body as empty:

>>> requests.get('http://localhost:6543/static/landing_script.js',headers={'If-Modified-Since': 'Mon, 22 Jun 2018 10:28:31 GMT'}).content
b''

The problem with this is that if you put load balancing server in front, when it passes this through it errors out when the 0 appears:

https://support.citrix.com/article/CTX233721

@bertjwregeer

This comment has been minimized.

Copy link
Member

bertjwregeer commented Jun 25, 2018

It's not an illegal 0 character, it's literally ending the chunked transfer-encoding. Your proxy should ignore this, and simply send back the response wholesale.

Waitress is stating "the response body is going to be transfer encoded using chunking", and then right after that states: "0 bytes in this chunk" which closes the connection.

The spec says (https://tools.ietf.org/html/rfc7232):

A 304 response cannot contain a message-body; it is always terminated
by the first empty line after the header fields.

However the transfer-encoding should take effect. As a work-around you can enable the options specified in that document.

Related: #165 #152

@bertjwregeer

This comment has been minimized.

Copy link
Member

bertjwregeer commented Sep 1, 2018

Please take a look at #202, this should fix your issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.