Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/http: Content-Type sniffing interacts poorly with compression #31753

Closed
andybalholm opened this issue Apr 30, 2019 · 6 comments
Closed

net/http: Content-Type sniffing interacts poorly with compression #31753

andybalholm opened this issue Apr 30, 2019 · 6 comments

Comments

@andybalholm
Copy link
Contributor

@andybalholm andybalholm commented Apr 30, 2019

What version of Go are you using (go version)?

$ go version
go version go1.12.4 darwin/amd64

What did you do?

func serve(w http.ResponseWriter, r *http.Request) {
	w.Header().Set("Content-Encoding", "gzip")
	gzw := gzip.NewWriter(w)
	defer gzw.Close()
	io.WriteString(gzw, `<!doctype html><p>Hello</p>`)
}

What did you expect to see?

Content-Type header of "text/html", or none at all.

What did you see instead?

Content-Type header of "application/x-gzip".

Since the content being written to the ResponseWriter is compressed with gzip, the Content-Type is being detected as application/x-gzip.

Content-Type sniffing should be disabled when there is a Content-Encoding header.

@bradfitz bradfitz added this to the Go1.13 milestone May 1, 2019
@firelizzard18
Copy link

@firelizzard18 firelizzard18 commented May 1, 2019

I ran into the same issue. Chrome is pretty smart about ignoring the bad content type and correctly interpreting files. Firefox is not. Firefox will attempt to interpret the raw GZIP bytes as JavaScript (and fail badly).

@bradfitz
Copy link
Contributor

@bradfitz bradfitz commented May 1, 2019

@tombergan, thoughts?

@andybalholm
Copy link
Contributor Author

@andybalholm andybalholm commented Jun 20, 2019

@andybons andybons modified the milestones: Go1.13, Go1.14 Jul 8, 2019
@gopherbot
Copy link

@gopherbot gopherbot commented Oct 8, 2019

Change https://golang.org/cl/199799 mentions this issue: net/http: do not sniff response if Content-Encoding header is set

@gopherbot
Copy link

@gopherbot gopherbot commented Oct 8, 2019

Change https://golang.org/cl/199841 mentions this issue: http2: do not sniff body if Content-Encoding is set

gopherbot pushed a commit to golang/net that referenced this issue Oct 9, 2019
Updates golang/go#31753

Change-Id: I2481ffcff6626c08ef32a02cffb3f108737fa87e
Reviewed-on: https://go-review.googlesource.com/c/net/+/199841
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
@gopherbot
Copy link

@gopherbot gopherbot commented Oct 9, 2019

Change https://golang.org/cl/200102 mentions this issue: net/http: update bundled x/net/http2

@gopherbot gopherbot closed this in e24a628 Oct 9, 2019
gopherbot pushed a commit that referenced this issue Oct 9, 2019
Updates x/net/http2 to git rev d66e71096ffb9f08f36d9aefcae80ce319de6d68

    http2: end stream eagerly after sending the request body
    https://golang.org/cl/181157 (fixes #32254)

    all: fix typos
    https://golang.org/cl/193799

    http2: fix memory leak in random write scheduler
    https://golang.org/cl/198462 (fixes #33812)

    http2: do not sniff body if Content-Encoding is set
    https://golang.org/cl/199841 (updates #31753)

Also unskips tests from CL 199799.

Change-Id: I241c0b1cd18cad5041485be92809137a973e33bd
Reviewed-on: https://go-review.googlesource.com/c/go/+/200102
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
@golang golang locked and limited conversation to collaborators Oct 8, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.