Content-Range header parser doesn't accept asterisk for complete-length field
Reported by
zbbjorn...@gmail.com,
Mar 24 2018
|
|||||||
Issue description
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
Steps to reproduce the problem:
1. Send an HTTP 206 response with "Content-Range: bytes 100-200/*", e.g. to resume an interrupted download.
What is the expected behavior?
Download should resume.
What went wrong?
Chrome shows a "Failed - No file" response in the UI, which translates to DOWNLOAD_INTERRUPT_REASON_SERVER_BAD_CONTENT.
It looks like the ParseContentRangeHeaderFor206 method [1] makes no attempt to handle the ASCII asterisk "*" for the complete-length (instance_length) field. From RFC7233 [2]:
> An asterisk character ("*") in place of the complete-length indicates
> that the representation length was unknown when the header field was
> generated.
Firefox handles this correctly. That is, a response that looks like this (modified slightly from [3]) works fine:
HTTP/1.1 206 Partial Content
Date: Wed, 15 Nov 1995 06:25:24 GMT
Last-Modified: Wed, 15 Nov 1995 04:58:08 GMT
Content-Length: 1741
Content-Type: multipart/byteranges; boundary=THIS_STRING_SEPARATES
--THIS_STRING_SEPARATES
Content-Type: application/pdf
Content-Range: bytes 500-999/*
...the first range...
--THIS_STRING_SEPARATES
Content-Type: application/pdf
Content-Range: bytes 1000-1999/*
...the second range
--THIS_STRING_SEPARATES--
(I can't figure out how to get Edge to send a Range header to test this there.)
[1] https://cs.chromium.org/chromium/src/net/http/http_util.cc?dr=C&l=252
[2] https://tools.ietf.org/html/rfc7233#section-4.2
[3] https://tools.ietf.org/html/rfc7233#section-4.1
Did this work before? No
Does this work in other browsers? Yes
Chrome version: 64.0.3282.186 Channel: stable
OS Version: 10.0
Flash Version:
,
Mar 27 2018
,
Mar 27 2018
Thanks for the report. First of all, could you say a bit more about how this actually gets hit? At net/ level at least we don't ever generate multiple ranges ourselves, and don't handle multipart/byteranges[1], but I am not immediately sure of what happens if something like XHR or Fetch try. [1] That seems mostly OK because of: "A server MUST NOT generate a multipart response to a request for a single range, since a client that does not request multiple parts might not support multipart responses." ... but then again, APIs that let one set headers...
,
Mar 27 2018
(Grabbing a netlog as described in https://www.chromium.org/for-testers/providing-network-details might also be helpful)
,
Mar 27 2018
Thanks for reviewing.
You're right that Chrome doesn't generate a multi-range request ever, and it looks like I might be in error to respond with multipart/byteranges based on the quote you posted.
I think Chrome does need to at least handle "Content-Range: 100-200/*" (section 4.2, middle of page 13). (Note that the RFC doesn't say what the client is supposed to do after receiving a response like that -- presumably it should issue another request with "Range: bytes=201-"?)
Specifically, I'm trying to serve a resumable ("Accept-Ranges: bytes") download for dynamically generated content (total Content-Length unknown). I'm confused whether or not RFC7233 allows this. The initial request uses "Transfer-Encoding: chunked", but the subsequent Range requests don't seem to support an equivalent chunked transfer (Content-Range requires a byte length one way or another). Using multipart/byteranges as shown in my OP was the closest possible solution I could identify. I might try to seek clarification with IETF.
,
Mar 27 2018
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 27 2018
Ah, actually it looks like IETF is currently working on the scenario that I described, and I just need to be patient. https://tools.ietf.org/html/draft-ietf-httpbis-rand-access-live-02 and being discussed on the ietf-http-wg list.
,
Mar 27 2018
As for single request with variable length: yep, current limitation; one that's not trivial to fix, but not as big as supporting multipart would be, I think. (Our range handling in general probably needs a refactor, but I haven't come up with anything constructive at this point).
,
Mar 28 2018
|
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by ajha@chromium.org
, Mar 26 2018