Chromium sends invalid comma-separated If-Modified-Since header when Last-Modified sent twice
Reported by
niklas.h...@gmail.com,
Jul 22 2017
|
|||
Issue description
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36
Example URL:
Steps to reproduce the problem:
1. Make a web server return a response with the Last-Modified header being present twice, e.g. with this response in chrome://net-internals/#events:
t=2463 [st=1] HTTP_TRANSACTION_READ_RESPONSE_HEADERS
--> HTTP/1.1 200 OK
Last-Modified: Fri, 21 Jul 2017 15:01:56 GMT
Content-Length: 18028
Accept-Ranges: bytes
Date: Sat, 22 Jul 2017 17:21:14 GMT
Server: Warp/3.2.12
Content-Type: application/font-woff2
Last-Modified: Fri, 21 Jul 2017 15:01:56 GMT
2. Refresh that page
3. You'll see that Chromium sends an invalid If-Modified-Since entry:
t=55809 [st=0] HTTP_TRANSACTION_SEND_REQUEST_HEADERS
--> GET /static/myfont.woff2 HTTP/1.1
Host: localhost:8000
Connection: keep-alive
Origin: http://localhost:8000
If-Modified-Since: Fri, 21 Jul 2017 15:01:56 GMT, Fri, 21 Jul 2017 15:01:56 GMT
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36
Accept: */*
Referer: http://localhost:8000
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.8
Cookie: [71 bytes were stripped]
Notice the entry:
If-Modified-Since: Fri, 21 Jul 2017 15:01:56 GMT, Fri, 21 Jul 2017 15:01:56 GMT
What is the expected behavior?
Chromium sends only one, valid, not-comma-separated If-Modified-Since value, or does anything else but not send two dates comma-separated.
What went wrong?
According to https://stackoverflow.com/questions/4371328/are-duplicate-http-response-headers-acceptable:
"Multiple headers with the same name is ok if the entire field-value is defined as a comma-separated list of values."
Neither Last-Modified nor If-Modified-Since permit comma-separated values:
https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.29
https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.25
Independent of the fact that the web server returned an illegal response here (as Last-Modified can't be present twice), Chromium should not react to that with sending an invalid header itself (dates separated by comma don't seem to be permitted, and don't seem to make any sense to me).
I suspect that there's some logic in Chromium that automatically combines headers. I suspect it does so even when the result would be invalid.
Did this work before? N/A
Chrome version: 59.0.3071.109 Channel: stable
OS Version: Ubuntu 16.04
Flash Version:
,
Jul 26 2017
This is presumably a cache issue. I'd tend to favor just rejecting the response in the first place, encouraging people to fix their servers (What if the two headers have different values, for instance?) Given the huge number of weird middleboxes, in particular, not sure we really want to support this, unless we see it a lot in the wild.
,
Jul 27
Issue has not been modified or commented on in the last 365 days, please re-open or file a new bug if this is still an issue. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||
►
Sign in to add a comment |
|||
Comment 1 by jmukthavaram@chromium.org
, Jul 24 2017