Re: Is empty Content Type of Request allowed in Tomcat?
Hi,
On Tue, Aug 30, 2011 at 5:31 PM, Konstantin Kolinko
knst.koli...@gmail.comwrote:
Attachments are usually dropped by mailing list software. The one you
mention above is no exception.
GET / HTTP/1.1
Date: Tue, 30 Aug 2011 02:28:50 GMT
Content-Type:
Authorization: AWS AKIAJHSWPWM6W6KUXAIQ:u4QnOMbP0vuTsgpUXQ0WfXIWz9c=
Host: s3.amazonaws.com:80
Connection: Keep-Alive
User-Agent: Cyberduck/4.1 (8911) (Windows 7/6.1) (x86)
Accept-Encoding: gzip,deflate
1) GET requests cannot have content, and thus having a Content-Type
header there is confusing.
2) Content-Type header is defined in section 14.17 of RFC2616 as
Content-Type = Content-Type : media-type
and
media-type = type / subtype *( ; parameter )
The media-type is not optional and it cannot be empty.
Thanks for letting me know and your further explanation!
By the way, my friend has provide me a workaround using filter, post it here
in case some other might need it.
I have tested it locally and it works.
1) CleanHeaderFilter.java
package org.sample;
import java.io.IOException;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.LinkedList;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
public class CleanHeaderFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
HttpServletRequest httpReq = new
HttpServletRequestWrapper((HttpServletRequest) request) {
@Override
public Enumeration getHeaderNames() {
if (GET.equalsIgnoreCase(getMethod())) {
CollectionString c = new LinkedListString();
Enumeration headers = super.getHeaderNames();
while (headers.hasMoreElements()) {
String header = (String) headers.nextElement();
if (!Content-Type.equalsIgnoreCase(header)) {
c.add(header);
} else {
System.err.println(Remove Content-Type for
GET);
}
}
return Collections.enumeration(c);
}
return super.getHeaderNames();
}
};
chain.doFilter(httpReq, response);
}
@Override
public void destroy() {
}
}
2) add following config to your web.xml
filter
filter-namecleanHeaderFilter/filter-name
filter-classorg.sample.CleanHeaderFilter/filter-class
/filter
filter-mapping
filter-namecleanHeaderFilter/filter-name
url-pattern/*/url-pattern
/filter-mapping
Re: Is empty Content Type of Request allowed in Tomcat?
On 30/08/2011 03:00, Isaac Li wrote: Thank André and Mark for your quick response, detailed answer and references! I'll try to report this issue to Cyberduck. One more question: when I uses current version of Cyberduck to connect Amazon S3, it can accept this kind of invalid request, is it a kind of fault tolerance design of Amazon S3? I assume so. Should it be encouraged? Servers should be tolerant of client errors but that is not an excuse for clients to violate the spec. It is certainly possible to modify Tomcat to add an option to ignore the invalid header but given the rarity of clients that do this, I don't see such a change as a priority. Mark or I missed something here? On Mon, Aug 29, 2011 at 9:44 PM, Mark Thomas ma...@apache.org wrote: On 29/08/2011 09:10, Isaac Li wrote: Hello, I'm using Cyberduck as client to send request to my web server which using apache-tomcat-7.0.16 as web container. When Cyberduck sent a request with an empty Content Type, web server returned following errors: Cyberduck is broken and is violating RFC2616. HTTP/1.1 400 Bad Request (text/plain) Bad Content-Type header value: '' I thought this error is reported by tomcat, since it has not running into my code. Tomcat is rejected this request. The request is invalid. I've enabled Tomcat debug log, and have no clue, following are some catalina log: If you want a clue, try reading RFC2616. So is it possible to modify tomcat setting to allow empty Content Type of request? No. or I should try other ways (I heard someone said adding some filters?) Whoever said a filter was a solution to this problem is clueless. The request is rejected long before the filters are reached. - and What's the detailed steps? 1. Get the bug in Cyberduck fixed. 2. Try again. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is empty Content Type of Request allowed in Tomcat?
2011/8/30 Isaac Li tingjun...@gmail.com: On Tue, Aug 30, 2011 at 10:00 AM, Isaac Li tingjun...@gmail.com wrote: Thank André and Mark for your quick response, detailed answer and references! I'll try to report this issue to Cyberduck. One more question: when I uses current version of Cyberduck to connect Amazon S3, See request at No.25 of Cyberduck_login_amazon_s3_ok.pcap (attched) Attachments are usually dropped by mailing list software. The one you mention above is no exception. GET / HTTP/1.1 Date: Tue, 30 Aug 2011 02:28:50 GMT Content-Type: Authorization: AWS AKIAJHSWPWM6W6KUXAIQ:u4QnOMbP0vuTsgpUXQ0WfXIWz9c= Host: s3.amazonaws.com:80 Connection: Keep-Alive User-Agent: Cyberduck/4.1 (8911) (Windows 7/6.1) (x86) Accept-Encoding: gzip,deflate 1) GET requests cannot have content, and thus having a Content-Type header there is confusing. 2) Content-Type header is defined in section 14.17 of RFC2616 as Content-Type = Content-Type : media-type and media-type = type / subtype *( ; parameter ) The media-type is not optional and it cannot be empty. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is empty Content Type of Request allowed in Tomcat?
Isaac Li wrote: Hello, I'm using Cyberduck as client to send request to my web server which using apache-tomcat-7.0.16 as web container. When Cyberduck sent a request with an empty Content Type, web server returned following errors: HTTP/1.1 400 Bad Request (text/plain) Bad Content-Type header value: '' That is clearly incorrect, so Tomcat would be right to complain. I thought this error is reported by tomcat, since it has not running into my code. ... So is it possible to modify tomcat setting to allow empty Content Type of request? Why should Tomcat be modifiedt to accept incorrect HTTP requests ? Tomcat is a HTTP server, so it must follow the HTTP specs. And the HTTP specs probably say that if a request header is clearly incorrect (as this one is), the server MUST respond with a 400 error. or I should try other ways Yes, fix the client. (Or report the problem on the Cyberduck mailing list). (I heard someone said adding some filters?) Would probably not help, as the error may be generated before the filter is ever called. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is empty Content Type of Request allowed in Tomcat?
On 29/08/2011 09:10, Isaac Li wrote: Hello, I'm using Cyberduck as client to send request to my web server which using apache-tomcat-7.0.16 as web container. When Cyberduck sent a request with an empty Content Type, web server returned following errors: Cyberduck is broken and is violating RFC2616. HTTP/1.1 400 Bad Request (text/plain) Bad Content-Type header value: '' I thought this error is reported by tomcat, since it has not running into my code. Tomcat is rejected this request. The request is invalid. I've enabled Tomcat debug log, and have no clue, following are some catalina log: If you want a clue, try reading RFC2616. So is it possible to modify tomcat setting to allow empty Content Type of request? No. or I should try other ways (I heard someone said adding some filters?) Whoever said a filter was a solution to this problem is clueless. The request is rejected long before the filters are reached. - and What's the detailed steps? 1. Get the bug in Cyberduck fixed. 2. Try again. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is empty Content Type of Request allowed in Tomcat?
Thank André and Mark for your quick response, detailed answer and references! I'll try to report this issue to Cyberduck. One more question: when I uses current version of Cyberduck to connect Amazon S3, it can accept this kind of invalid request, is it a kind of fault tolerance design of Amazon S3? Should it be encouraged? or I missed something here? On Mon, Aug 29, 2011 at 9:44 PM, Mark Thomas ma...@apache.org wrote: On 29/08/2011 09:10, Isaac Li wrote: Hello, I'm using Cyberduck as client to send request to my web server which using apache-tomcat-7.0.16 as web container. When Cyberduck sent a request with an empty Content Type, web server returned following errors: Cyberduck is broken and is violating RFC2616. HTTP/1.1 400 Bad Request (text/plain) Bad Content-Type header value: '' I thought this error is reported by tomcat, since it has not running into my code. Tomcat is rejected this request. The request is invalid. I've enabled Tomcat debug log, and have no clue, following are some catalina log: If you want a clue, try reading RFC2616. So is it possible to modify tomcat setting to allow empty Content Type of request? No. or I should try other ways (I heard someone said adding some filters?) Whoever said a filter was a solution to this problem is clueless. The request is rejected long before the filters are reached. - and What's the detailed steps? 1. Get the bug in Cyberduck fixed. 2. Try again. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is empty Content Type of Request allowed in Tomcat?
On Tue, Aug 30, 2011 at 10:00 AM, Isaac Li tingjun...@gmail.com wrote: Thank André and Mark for your quick response, detailed answer and references! I'll try to report this issue to Cyberduck. One more question: when I uses current version of Cyberduck to connect Amazon S3, See request at No.25 of Cyberduck_login_amazon_s3_ok.pcap (attched) GET / HTTP/1.1 Date: Tue, 30 Aug 2011 02:28:50 GMT Content-Type: Authorization: AWS AKIAJHSWPWM6W6KUXAIQ:u4QnOMbP0vuTsgpUXQ0WfXIWz9c= Host: s3.amazonaws.com:80 Connection: Keep-Alive User-Agent: Cyberduck/4.1 (8911) (Windows 7/6.1) (x86) Accept-Encoding: gzip,deflate it can accept this kind of invalid request, request at No.31 of Cyberduck_login_amazon_s3_ok.pcap 31 5.805868 207.171.189.80 192.168.1.104 HTTP/XML 64 HTTP/1.1 200 OK Is it a kind of fault tolerance design of Amazon S3? Should it be encouraged? or I missed something here? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
