You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Ritesh H Shukla (Jira)" <ji...@apache.org> on 2022/06/07 06:15:00 UTC

[jira] [Created] (HDDS-6837) Headers are duplicated in Ozone UIs

Ritesh H Shukla created HDDS-6837:
-------------------------------------

             Summary: Headers are duplicated in Ozone UIs
                 Key: HDDS-6837
                 URL: https://issues.apache.org/jira/browse/HDDS-6837
             Project: Apache Ozone
          Issue Type: Bug
          Components: OM, Ozone Datanode, Ozone Recon
            Reporter: Ritesh H Shukla


The headers currently are evaluated twice once for "/" and once for "/index.html" and are sent as a single response with duplicate headers.
Duplicate headers can break the client depending on the header itself.

Example: https://datatracker.ietf.org/doc/html/rfc6797#section-6.1


{code:java}
➜  ~ curl --insecure -I https://ritesh717-1.ritesh717.root.hwx.site:9889/\#/Overview
HTTP/1.1 200 OK
Date: Tue, 07 Jun 2022 06:03:34 GMT
Cache-Control: no-cache
Expires: Tue, 07 Jun 2022 06:03:34 GMT
Date: Tue, 07 Jun 2022 06:03:34 GMT
Pragma: no-cache
Content-Type: text/html
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Content-Type-Options: nosniff
X-FRAME-OPTIONS: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Expires: Tue, 07 Jun 2022 06:03:34 GMT
Date: Tue, 07 Jun 2022 06:03:34 GMT
Pragma: no-cache
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Content-Type-Options: nosniff
X-FRAME-OPTIONS: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 01 Jun 2022 17:22:50 GMT
Accept-Ranges: bytes
Content-Length: 2267
{code}

With additional debug logs https://github.com/kerneltime/ozone/commit/2d45178ac8335941d528d2075473e7c0028ded32


{code:java}
2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Cache-Control no-cache 
2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Expires Tue, 07 Jun 2022 06:03:34 GMT 
2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Pragma no-cache 
2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Date Tue, 07 Jun 2022 06:03:34 GMT 
2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Content-Type text/plain;charset=utf-8 
2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: MapEntry Strict-Transport-Security max-age=63072000; includeSubDomains
2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: MapEntry X-Content-Type-Options nosniff
2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: MapEntry X-FRAME-OPTIONS SAMEORIGIN
2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: MapEntry X-XSS-Protection 1; mode=block
2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Strict-Transport-Security max-age=63072000; includeSubDomains /
2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Cache-Control no-cache /
2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after X-Content-Type-Options nosniff /
2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Expires Tue, 07 Jun 2022 06:03:34 GMT /
2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Pragma no-cache /
2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after X-FRAME-OPTIONS SAMEORIGIN /
2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after X-XSS-Protection 1; mode=block /
2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Date Tue, 07 Jun 2022 06:03:34 GMT /
2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Content-Type text/plain;charset=utf-8 /
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Strict-Transport-Security max-age=63072000; includeSubDomains 
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Cache-Control no-cache 
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before X-Content-Type-Options nosniff 
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Expires Tue, 07 Jun 2022 06:03:34 GMT 
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Pragma no-cache 
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before X-FRAME-OPTIONS SAMEORIGIN 
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before X-XSS-Protection 1; mode=block 
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Date Tue, 07 Jun 2022 06:03:34 GMT 
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Content-Type text/html;charset=utf-8 
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: MapEntry Strict-Transport-Security max-age=63072000; includeSubDomains
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: MapEntry X-Content-Type-Options nosniff
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: MapEntry X-FRAME-OPTIONS SAMEORIGIN
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: MapEntry X-XSS-Protection 1; mode=block
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Strict-Transport-Security max-age=63072000; includeSubDomains /index.html
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Cache-Control no-cache /index.html
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after X-Content-Type-Options nosniff /index.html
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Expires Tue, 07 Jun 2022 06:03:34 GMT /index.html
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Pragma no-cache /index.html
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after X-FRAME-OPTIONS SAMEORIGIN /index.html
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after X-XSS-Protection 1; mode=block /index.html
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Date Tue, 07 Jun 2022 06:03:34 GMT /index.html
2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Content-Type text/html;charset=utf-8 /index.html
{code}




--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org