Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/http: Content-Type sniffing interacts poorly with compression #31753

Closed
andybalholm opened this issue Apr 30, 2019 · 6 comments
Closed

net/http: Content-Type sniffing interacts poorly with compression #31753

andybalholm opened this issue Apr 30, 2019 · 6 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Go1.14

Comments

@andybalholm
Copy link
Contributor

andybalholm commented Apr 30, 2019
edited

What version of Go are you using (go version)?

$ go version
go version go1.12.4 darwin/amd64

What did you do?

func serve(w http.ResponseWriter, r *http.Request) {
	w.Header().Set("Content-Encoding", "gzip")
	gzw := gzip.NewWriter(w)
	defer gzw.Close()
	io.WriteString(gzw, `<!doctype html><p>Hello</p>`)
}

What did you expect to see?

Content-Type header of "text/html", or none at all.

What did you see instead?

Content-Type header of "application/x-gzip".

Since the content being written to the ResponseWriter is compressed with gzip, the Content-Type is being detected as application/x-gzip.

Content-Type sniffing should be disabled when there is a Content-Encoding header.
@bradfitz bradfitz added this to the Go1.13 milestone May 1, 2019
@bradfitz bradfitz added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label May 1, 2019
@firelizzard18
Copy link
Contributor

I ran into the same issue. Chrome is pretty smart about ignoring the bad content type and correctly interpreting files. Firefox is not. Firefox will attempt to interpret the raw GZIP bytes as JavaScript (and fail badly).

@bradfitz
Copy link
Contributor

bradfitz commented May 1, 2019

@tombergan, thoughts?

@andybalholm
Copy link
Contributor Author

Referenced in andybalholm/redwood@8299e5d

@andybons andybons modified the milestones: Go1.13, Go1.14 Jul 8, 2019
@gopherbot
Copy link

Change https://golang.org/cl/199799 mentions this issue: net/http: do not sniff response if Content-Encoding header is set

@gopherbot
Copy link

Change https://golang.org/cl/199841 mentions this issue: http2: do not sniff body if Content-Encoding is set

gopherbot pushed a commit to golang/net that referenced this issue Oct 9, 2019
@odeke-em
http2: do not sniff body if Content-Encoding is set
d66e710 
Updates golang/go#31753

Change-Id: I2481ffcff6626c08ef32a02cffb3f108737fa87e
Reviewed-on: https://go-review.googlesource.com/c/net/+/199841
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
@gopherbot
Copy link

Change https://golang.org/cl/200102 mentions this issue: net/http: update bundled x/net/http2

gopherbot pushed a commit that referenced this issue Oct 9, 2019
@odeke-em
net/http: update bundled x/net/http2
829fae3 
Updates x/net/http2 to git rev d66e71096ffb9f08f36d9aefcae80ce319de6d68

    http2: end stream eagerly after sending the request body
    https://golang.org/cl/181157 (fixes #32254)

    all: fix typos
    https://golang.org/cl/193799

    http2: fix memory leak in random write scheduler
    https://golang.org/cl/198462 (fixes #33812)

    http2: do not sniff body if Content-Encoding is set
    https://golang.org/cl/199841 (updates #31753)

Also unskips tests from CL 199799.

Change-Id: I241c0b1cd18cad5041485be92809137a973e33bd
Reviewed-on: https://go-review.googlesource.com/c/go/+/200102
Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
@aryszka aryszka mentioned this issue Feb 28, 2020
Merged
@empijei empijei mentioned this issue Sep 7, 2020
Open
@golang golang locked and limited conversation to collaborators Oct 8, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Go1.14
Development

No branches or pull requests
5 participants
@bradfitz @andybons @andybalholm @firelizzard18 @gopherbot