-
Notifications
You must be signed in to change notification settings - Fork 17.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net/http: Content-Type sniffing interacts poorly with compression #31753
Comments
I ran into the same issue. Chrome is pretty smart about ignoring the bad content type and correctly interpreting files. Firefox is not. Firefox will attempt to interpret the raw GZIP bytes as JavaScript (and fail badly). |
@tombergan, thoughts? |
Referenced in andybalholm/redwood@8299e5d |
Change https://golang.org/cl/199799 mentions this issue: |
Change https://golang.org/cl/199841 mentions this issue: |
Updates golang/go#31753 Change-Id: I2481ffcff6626c08ef32a02cffb3f108737fa87e Reviewed-on: https://go-review.googlesource.com/c/net/+/199841 Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Change https://golang.org/cl/200102 mentions this issue: |
Updates x/net/http2 to git rev d66e71096ffb9f08f36d9aefcae80ce319de6d68 http2: end stream eagerly after sending the request body https://golang.org/cl/181157 (fixes #32254) all: fix typos https://golang.org/cl/193799 http2: fix memory leak in random write scheduler https://golang.org/cl/198462 (fixes #33812) http2: do not sniff body if Content-Encoding is set https://golang.org/cl/199841 (updates #31753) Also unskips tests from CL 199799. Change-Id: I241c0b1cd18cad5041485be92809137a973e33bd Reviewed-on: https://go-review.googlesource.com/c/go/+/200102 Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
What version of Go are you using (
go version
)?What did you do?
What did you expect to see?
Content-Type header of "text/html", or none at all.
What did you see instead?
Content-Type header of "application/x-gzip".
Since the content being written to the ResponseWriter is compressed with gzip, the Content-Type is being detected as application/x-gzip.
Content-Type sniffing should be disabled when there is a Content-Encoding header.
The text was updated successfully, but these errors were encountered: