Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/http: Content-Type sniffing interacts poorly with compression #31753

Open
andybalholm opened this issue Apr 30, 2019 · 3 comments

Comments

@andybalholm
Copy link

commented Apr 30, 2019

What version of Go are you using (go version)?

$ go version
go version go1.12.4 darwin/amd64

What did you do?

func serve(w http.ResponseWriter, r *http.Request) {
	w.Header().Set("Content-Encoding", "gzip")
	gzw := gzip.NewWriter(w)
	defer gzw.Close()
	io.WriteString(gzw, `<!doctype html><p>Hello</p>`)
}

What did you expect to see?

Content-Type header of "text/html", or none at all.

What did you see instead?

Content-Type header of "application/x-gzip".

Since the content being written to the ResponseWriter is compressed with gzip, the Content-Type is being detected as application/x-gzip.

Content-Type sniffing should be disabled when there is a Content-Encoding header.

@bradfitz bradfitz added this to the Go1.13 milestone May 1, 2019

@firelizzard18

This comment has been minimized.

Copy link

commented May 1, 2019

I ran into the same issue. Chrome is pretty smart about ignoring the bad content type and correctly interpreting files. Firefox is not. Firefox will attempt to interpret the raw GZIP bytes as JavaScript (and fail badly).

@bradfitz

This comment has been minimized.

Copy link
Member

commented May 1, 2019

@tombergan, thoughts?

@andybalholm

This comment has been minimized.

Copy link
Author

commented Jun 20, 2019

@andybons andybons modified the milestones: Go1.13, Go1.14 Jul 8, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.