Hi,
On 8/13/21, Michael McMahon <michael.x.mcma...@oracle.com> wrote:
> Hi,
>
> A question about this issue. Can you explain why the server/proxy is
> sending a response body to a HEAD request?
>
> My reading of the RFCs suggests this is not allowed.
Thanks for your comment and sorry for the late reply. To put aside the
question about the support for non-compliant proxy servers, consider
the scenario with HTTPS tunneling where proxy server never sees the
HEAD request (it receives CONNECT). Please see the following abridged
interaction where HEAD request is initiated from java code to HTTPS
host some.hostname.com with proxy enabled:
Transmission Control Protocol, Src Port: 53335, Dst Port: 8080, Seq:
1, Ack: 1, Len: 185
Hypertext Transfer Protocol
CONNECT some.hostname.com:443 HTTP/1.1\r\n
User-Agent: Java/1.8.0_302\r\n
Host: some.hostname.com\r\n
Proxy-Connection: keep-alive\r\n
\r\n
Transmission Control Protocol, Src Port: 8080, Dst Port: 53335, Seq:
7245, Ack: 186, Len: 413
Hypertext Transfer Protocol
HTTP/1.1 407 Proxy Authentication Required\r\n
Proxy-Authenticate: NTLM\r\n
Proxy-Connection: close\r\n
Connection: close\r\n
Content-Length: 7384\r\n
\r\n
File Data: 7384 bytes
Line-based text data: text/html (39 lines)
<HTML><HEAD>\r\n
[...]
Transmission Control Protocol, Src Port: 53336, Dst Port: 8080, Seq:
1, Ack: 1, Len: 281
Hypertext Transfer Protocol
CONNECT some.hostname.com:443 HTTP/1.1\r\n
User-Agent: Java/1.8.0_302\r\n
Host: some.hostname.com\r\n
Proxy-Connection: keep-alive\r\n
Proxy-authorization: NTLM TlRM[...]\r\n
\r\n
Transmission Control Protocol, Src Port: 8080, Dst Port: 53336, Seq:
7245, Ack: 282, Len: 690
Hypertext Transfer Protocol
HTTP/1.1 407 Proxy Authentication Required\r\n
Proxy-Authenticate: NTLM TlRM[...]\r\n
Proxy-Connection: Keep-Alive\r\n
Connection: Keep-Alive\r\n
Content-Length: 7401\r\n
\r\n
File Data: 7401 bytes
Line-based text data: text/html (39 lines)
<HTML><HEAD>\r\n
[...]
Transmission Control Protocol, Src Port: 53336, Dst Port: 8080, Seq:
282, Ack: 7935, Len: 781
Hypertext Transfer Protocol
CONNECT some.hostname.com:443 HTTP/1.1\r\n
User-Agent: Java/1.8.0_302\r\n
Host: some.hostname.com\r\n
Proxy-Connection: keep-alive\r\n
Proxy-authorization: NTLM TlRML[...]\r\n
\r\n
Transmission Control Protocol, Src Port: 8080, Dst Port: 53336, Seq:
7935, Ack: 1063, Len: 39
Hypertext Transfer Protocol
HTTP/1.1 200 Connection established\r\n
\r\n
In this case the response code from "200 Connection established"
response cannot be read by jdk because response body from the last
CONNECT response was not fully read from the socket, jdk master will
fail with the following trace:
java.util.NoSuchElementException
at
java.base/java.util.StringTokenizer.nextToken(StringTokenizer.java:347)
at
java.base/sun.net.www.protocol.http.HttpURLConnection.doTunneling0(HttpURLConnection.java:2191)
[...]
This can be reproduced running NTLMHeadTest.java with TUNNEL argument.
SERVER and PROXY modes were added to the test for completeness, it may
be better to remove them.
>
> [...]
>
>> PR: https://git.openjdk.java.net/jdk/pull/4753
>
--
-Alex
