On Tue, 2007-02-13 at 16:13 -0800, Kedar Panse wrote:
> Sorry to pop the same thing again. It looks like in HttpParser.java
> This method:
> parseHeaders(InputStream is, String charset)
>
> checks for LWS chars like this
>
> if ((line.charAt(0) == ' ') || (line.charAt(0) == '\t')) {
> blah blah.
> }
> else{
> Blah blah...
> int colon = line.indexOf(":");
> if (colon < 0) {
> throw new ProtocolException("Unable to parse header: " +
> line);
> }
> Blah blah....
> }
>
>
> So if the header is something like "Set-Cookie: user-cookie=xxxx; path=/;
> domain=.xxx.com; secure HTTP/1.0 200" gets spitted in to 2 lines. Which is
> kinda correct. But as you can see the next line now is HTTP/1.0 200. Here
> there is no colon. Here httpclient thinks it's a bad header and throws the
> error.
>
> However this should be handled I think, if it's a correct according to
> folded headers in 2616. I ran across server that does return something like
> this, and IE/FireFox does process it ok (off course server is IIS so.. not
> confident about std)
>
>
> You guys have any thought on this?
>
Kedar,
As far as I am concerned this case is an obvious violation of the HTTP
spec. HttpClient is not a browser and is not meant to be lenient about
HTTP messages that are completely messed up.
Oleg
>
> Cheers!
>
> Kedar
>
>
> -----Original Message-----
> From: Kedar Panse [mailto:[EMAIL PROTECTED]
> Sent: Monday, February 05, 2007 3:34 AM
> To: 'Jakarta Commons Users List'
> Subject: RE: [HTTPClient] Header parser
>
> Interesting. Let me try the same.. I must be making some mistake. I did had
> RC4. Thanks!
>
>
>
> Kedar
>
> -----Original Message-----
> From: Bindul Bhowmik [mailto:[EMAIL PROTECTED]
> Sent: Sunday, February 04, 2007 1:35 AM
> To: Jakarta Commons Users List
> Subject: Re: [HTTPClient] Header parser
>
> Kedar,
>
> On 2/3/07, Kedar Panse <[EMAIL PROTECTED]> wrote:
> > Actually there is not a new line, it's the same line where the set cookie
> > header is.
> > So the line contains:
> >
> > "Set-Cookie: user-cookie=xxxx; path=/; domain=.xxx.com; secure HTTP/1.0
> 200"
> >
> > Which I think makes this invalid. But I read somewhere that server can
> > choose to change the protocol from HTTP/1.1 to HTTP/1.0 in such cases it
> can
> > send two of these headers? I am not quite sure if this is covered under
> > folded headers thing.
> >
>
> I am a bit confused now. I am not sure which version of HTTPClient you
> are using, but I tried recreating this scenario using a simple
> servlet, and HTTPClient code from TRUNK.
>
> If there is just a space between 'secure' and 'HTTP' the client does
> not fail. Below are excerpts from my wire log.
>
> 13:01:22,578 [main] DEBUG [httpclient.wire.header] - << "HTTP/1.1 200
> OK[\r][\n]"
> 13:01:22,593 [main] DEBUG [httpclient.wire.header] - << "Server:
> Apache-Coyote/1.1[\r][\n]"
> 13:01:22,593 [main] DEBUG [httpclient.wire.header] - << "Set-Cookie:
> user-cookie="xxxx HTTP/1.0 200"[\r][\n]"
> 13:01:22,593 [main] DEBUG [httpclient.wire.header] - << "Set-Cookie:
> user-cookie1=xxxy; path=/; domain=localhost; secure HTTP/1.0
> 200[\r][\n]"
> 13:01:22,593 [main] DEBUG [httpclient.wire.header] - <<
> "Content-Length: 0[\r][\n]"
> 13:01:22,593 [main] DEBUG [httpclient.wire.header] - << "Date: Sat,
> 03 Feb 2007 20:01:22 GMT[\r][\n]"
> 13:01:22,625 [main] DEBUG [commons.httpclient.HttpMethodBase] -
> Cookie accepted: "$Version=0; user-cookie=xxxx HTTP/1.0 200"
> 13:01:22,625 [main] DEBUG [commons.httpclient.HttpMethodBase] -
> Cookie accepted: "$Version=0; user-cookie1=xxxy; $Path=/;
> $Domain=localhost"
>
> >
> > Thanks!
> >
> >
> > Kedar
> >
> > -----Original Message-----
> > From: Bindul Bhowmik [mailto:[EMAIL PROTECTED]
> > Sent: Saturday, February 03, 2007 3:18 PM
> > To: Jakarta Commons Users List
> > Subject: Re: [HTTPClient] Header parser
> >
> > Kedar,
> >
> > On 2/3/07, Kedar Panse <[EMAIL PROTECTED]> wrote:
> > > Hello guys!
> > >
> > >
> > >
> > > I have been using HTTPClient for quite a while, thanks to you guys work!
> > > Recently I came across a site, which I believe is returning bad headers.
> > > HTTPClient seems to choke on
> > >
> > >
> > >
> > > Set-Cookie: user-cookie=xxxx; path=/; domain=.xxx.com; secure HTTP/1.0
> 200
> >
> > The HTTP/1.0 200 is the status line of the HTTP response and is
> > supposed to be the first line in the response [1]. HttpClient is
> > trying to parse that field as a name value HTTP Header.
> >
> > Also, not evident in the email, I think there is a new line character
> > between secure and HTTP in that line.
> >
> > >
> > > content-type: text/html
> > >
> > >
> > >
> > > Exception I get is:
> > >
> > >
> > >
> > > WARNING: org.apache.commons.httpclient.ProtocolException: Unable to
> parse
> > > header: HTTP/1.0 200
> > >
> > >
> > >
> > >
> > >
> > > Is this a valid header for cookie? Firefox/IE seem to get past it easy.
> > Is
> > > there any way to get around this?
> >
> > The way to get around this is to modify the HttpClient source. More
> > specifically you need to modify the
> > org.apache.commons.httpclient.HttpParser#readLine(InputStream, String)
> > method and can make it lenient and ask it to ignore any lines that
> > dont follow the standard 'header-name: header-value' pattern. You can
> > modify the source and rebuild your own jar.
> >
> > I don't know your entire response, but if HttpClient has reached the
> > state where it is parsing the headers, I assume the server has already
> > sent a status line as the first line of response.
> >
> > >
> > >
> > >
> > >
> > >
> > > Regards,
> > >
> > >
> > >
> > > Kedar
> > >
> > >
> >
> > Hope this helps,
> >
> > Regards,
> > Bindul
> >
> > --
> > Bindul Bhowmik
> > MindTree Consulting Ltd.
> >
>
> Regards,
> Bindul
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
