Always allow access to the http body and smarter encoding handling

[ahenket]

Use case: csv from Dutch national body comes back with Content-Type utf-8 but actual body utf-16 LE (BOM FF FE)

Reproduction (based on eXist-db 6)

declare namespace http              = "http://expath.org/ns/http-client";

http:send-request(
    <http:request method="GET" href="https://publicaties.rvig.nl/media/13307/download">
        <http:header name="Accept" value="text/csv"/>
        <http:header name="Cache-Control" value="no-cache"/>
        <http:header name="Max-Forwards" value="1"/>
    </http:request>
)[2]

The response comes back with Content-Type header containing utf-8 encoding, but since the actual contents are utf-16 I now get: "Failed to parse server's response: An invalid XML character (Unicode: 0x0) was found in the element content of the document."

I can override the server provided Content-Type using override-media-type="text/csv; charset=utf-16" but this requires me to know the encoding beforehand. I have reported the mismatched content-type to the responsible party but doubtful what or when that has any effect.

I would like to get to a place were I can always access the contents of a send-request() so I can work out some fall back scheme.

Ideally:

• Always allow me access to the body, as binary if all else fails so prevent hard uncatchable errors e.g. about hex 0
• Process body based on BOM if present before relying on Content-Type encoding
• Process body based on Content-Type encoding if no BOM present
• Process body based on UTF-8 if no BOM or Content-Type encoding present

[adamretter]

Running: curl -vv https://publicaties.rvig.nl/media/13307/download reveals:

< HTTP/1.1 200 OK
< Server: nginx
< Content-Type: text/csv; charset=UTF-8
< Content-Length: 120584
< Connection: keep-alive
< Cache-Control: public
< Date: Fri, 28 Nov 2025 08:35:37 GMT
< Last-Modified: Tue, 27 May 2025 17:13:28 GMT
< Content-Disposition: attachment; filename="Tabel33 Gemeententabel (gesorteerd op code).csv"
< Content-language: nl
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< Expires: Sun, 19 Nov 1978 05:00:00 GMT
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Accept-Ranges: bytes
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Referrer-Policy: no-referrer
< Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistiek.rijksoverheid.nl https://platform.twitter.com https://cdn.syndication.twimg.com https://cdn.talkjs.com https://app.talkjs.com https://capture.trackjs.com https://www.rovid.nl; img-src 'self' data: https://statistiek.rijksoverheid.nl https://cdn.syndication.twimg.com https://syndication.twitter.com https://pbs.twimg.com https://abs.twimg.com https://platform.twitter.com https://ton.twimg.com https://app.talkjs.com https://cdn.talkjs.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com https://app.talkjs.com https://cdn.talkjs.com; font-src 'self' data:; media-src 'self' https://www.rovid.nl https://app.talkjs.com https://cdn.talkjs.com; child-src 'self'; object-src 'self'; frame-src 'self' https://statistiek.rijksoverheid.nl https://www.youtube.com https://platform.twitter.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://player.vimeo.com https://app.talkjs.com; connect-src 'self' https://app.talkjs.com https://capture.trackjs.com; base-uri 'self'; frame-ancestors 'self'; form-action 'self'
<
Warning: Binary output can mess up your terminal. Use "--output -" to tell
Warning: curl to output it to your terminal anyway, or consider "--output
Warning: <FILE>" to save to a file.

Whilst the response headers claim that the response body will be text/csv; charset=UTF-8 of length 120584, clearly though curl doesn't agree that the response is text as we gett the message Warning: Binary output can mess up your terminal.

Looking at the response file:

❯ ls -la /tmp/response.bin
-rw-r--r--  1 aretter  wheel  120584 28 Nov 09:38 /tmp/response.bin

❯ file /tmp/response.bin
/tmp/response.bin: CSV text

So the file size is correctly reported by the server and the file command recognises its as CSV text. A quick look at the bytes making up the start of the file is revealing:

❯ od -t x1 -N 16 /tmp/response.bin
0000000    ff  fe  39  00  32  00  2e  00  31  00  30  00  20  00  47  00
0000020

If this was a UTF-8 encoded file that had the optional BOM at the start of the file, we would expect the first 3 bytes to be: ef bb bf. Instead as you noted, the first 2 bytes of this file indicate that this is UTF-16 encoded, specifically that it is UTF-16 LE (Little Endian) encoded.

I will take a look into how the response is handled when the ContentType / Encoding is wrong and see if we can make this more intelligent. Theoretically it should already always fallback to binary as you have suggested, but its quite possible we have not caught and handled some exceptions that we should have, let's see what I find...