On Tue, 2007-02-13 at 16:13 -0800, Kedar Panse wrote: > Sorry to pop the same thing again. It looks like in HttpParser.java > This method: > parseHeaders(InputStream is, String charset) > > checks for LWS chars like this > > if ((line.charAt(0) == ' ') || (line.charAt(0) == '\t')) { > blah blah. > } > else{ > Blah blah... > int colon = line.indexOf(":"); > if (colon < 0) { > throw new ProtocolException("Unable to parse header: " + > line); > } > Blah blah.... > } > > > So if the header is something like "Set-Cookie: user-cookie=xxxx; path=/; > domain=.xxx.com; secure HTTP/1.0 200" gets spitted in to 2 lines. Which is > kinda correct. But as you can see the next line now is HTTP/1.0 200. Here > there is no colon. Here httpclient thinks it's a bad header and throws the > error. > > However this should be handled I think, if it's a correct according to > folded headers in 2616. I ran across server that does return something like > this, and IE/FireFox does process it ok (off course server is IIS so.. not > confident about std) > > > You guys have any thought on this? >
Kedar, As far as I am concerned this case is an obvious violation of the HTTP spec. HttpClient is not a browser and is not meant to be lenient about HTTP messages that are completely messed up. Oleg > > Cheers! > > Kedar > > > -----Original Message----- > From: Kedar Panse [mailto:[EMAIL PROTECTED] > Sent: Monday, February 05, 2007 3:34 AM > To: 'Jakarta Commons Users List' > Subject: RE: [HTTPClient] Header parser > > Interesting. Let me try the same.. I must be making some mistake. I did had > RC4. Thanks! > > > > Kedar > > -----Original Message----- > From: Bindul Bhowmik [mailto:[EMAIL PROTECTED] > Sent: Sunday, February 04, 2007 1:35 AM > To: Jakarta Commons Users List > Subject: Re: [HTTPClient] Header parser > > Kedar, > > On 2/3/07, Kedar Panse <[EMAIL PROTECTED]> wrote: > > Actually there is not a new line, it's the same line where the set cookie > > header is. > > So the line contains: > > > > "Set-Cookie: user-cookie=xxxx; path=/; domain=.xxx.com; secure HTTP/1.0 > 200" > > > > Which I think makes this invalid. But I read somewhere that server can > > choose to change the protocol from HTTP/1.1 to HTTP/1.0 in such cases it > can > > send two of these headers? I am not quite sure if this is covered under > > folded headers thing. > > > > I am a bit confused now. I am not sure which version of HTTPClient you > are using, but I tried recreating this scenario using a simple > servlet, and HTTPClient code from TRUNK. > > If there is just a space between 'secure' and 'HTTP' the client does > not fail. Below are excerpts from my wire log. > > 13:01:22,578 [main] DEBUG [httpclient.wire.header] - << "HTTP/1.1 200 > OK[\r][\n]" > 13:01:22,593 [main] DEBUG [httpclient.wire.header] - << "Server: > Apache-Coyote/1.1[\r][\n]" > 13:01:22,593 [main] DEBUG [httpclient.wire.header] - << "Set-Cookie: > user-cookie="xxxx HTTP/1.0 200"[\r][\n]" > 13:01:22,593 [main] DEBUG [httpclient.wire.header] - << "Set-Cookie: > user-cookie1=xxxy; path=/; domain=localhost; secure HTTP/1.0 > 200[\r][\n]" > 13:01:22,593 [main] DEBUG [httpclient.wire.header] - << > "Content-Length: 0[\r][\n]" > 13:01:22,593 [main] DEBUG [httpclient.wire.header] - << "Date: Sat, > 03 Feb 2007 20:01:22 GMT[\r][\n]" > 13:01:22,625 [main] DEBUG [commons.httpclient.HttpMethodBase] - > Cookie accepted: "$Version=0; user-cookie=xxxx HTTP/1.0 200" > 13:01:22,625 [main] DEBUG [commons.httpclient.HttpMethodBase] - > Cookie accepted: "$Version=0; user-cookie1=xxxy; $Path=/; > $Domain=localhost" > > > > > Thanks! > > > > > > Kedar > > > > -----Original Message----- > > From: Bindul Bhowmik [mailto:[EMAIL PROTECTED] > > Sent: Saturday, February 03, 2007 3:18 PM > > To: Jakarta Commons Users List > > Subject: Re: [HTTPClient] Header parser > > > > Kedar, > > > > On 2/3/07, Kedar Panse <[EMAIL PROTECTED]> wrote: > > > Hello guys! > > > > > > > > > > > > I have been using HTTPClient for quite a while, thanks to you guys work! > > > Recently I came across a site, which I believe is returning bad headers. > > > HTTPClient seems to choke on > > > > > > > > > > > > Set-Cookie: user-cookie=xxxx; path=/; domain=.xxx.com; secure HTTP/1.0 > 200 > > > > The HTTP/1.0 200 is the status line of the HTTP response and is > > supposed to be the first line in the response [1]. HttpClient is > > trying to parse that field as a name value HTTP Header. > > > > Also, not evident in the email, I think there is a new line character > > between secure and HTTP in that line. > > > > > > > > content-type: text/html > > > > > > > > > > > > Exception I get is: > > > > > > > > > > > > WARNING: org.apache.commons.httpclient.ProtocolException: Unable to > parse > > > header: HTTP/1.0 200 > > > > > > > > > > > > > > > > > > Is this a valid header for cookie? Firefox/IE seem to get past it easy. > > Is > > > there any way to get around this? > > > > The way to get around this is to modify the HttpClient source. More > > specifically you need to modify the > > org.apache.commons.httpclient.HttpParser#readLine(InputStream, String) > > method and can make it lenient and ask it to ignore any lines that > > dont follow the standard 'header-name: header-value' pattern. You can > > modify the source and rebuild your own jar. > > > > I don't know your entire response, but if HttpClient has reached the > > state where it is parsing the headers, I assume the server has already > > sent a status line as the first line of response. > > > > > > > > > > > > > > > > > > > > Regards, > > > > > > > > > > > > Kedar > > > > > > > > > > Hope this helps, > > > > Regards, > > Bindul > > > > -- > > Bindul Bhowmik > > MindTree Consulting Ltd. > > > > Regards, > Bindul --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]