You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ozone.apache.org by "Attila Doroszlai (Jira)" <ji...@apache.org> on 2022/06/12 09:51:00 UTC

[jira] [Resolved] (HDDS-6837) Headers are duplicated in Ozone UIs

     [ https://issues.apache.org/jira/browse/HDDS-6837?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Attila Doroszlai resolved HDDS-6837.
------------------------------------
    Fix Version/s: 1.3.0
       Resolution: Fixed

> Headers are duplicated in Ozone UIs
> -----------------------------------
>
>                 Key: HDDS-6837
>                 URL: https://issues.apache.org/jira/browse/HDDS-6837
>             Project: Apache Ozone
>          Issue Type: Bug
>          Components: OM, Ozone Datanode, Ozone Recon
>            Reporter: Ritesh H Shukla
>            Assignee: Ritesh H Shukla
>            Priority: Major
>              Labels: pull-request-available
>             Fix For: 1.3.0
>
>
> The headers currently are evaluated twice once for "/" and once for "/index.html" and are sent as a single response with duplicate headers.
> Duplicate headers can break the client depending on the header itself.
> Example: https://datatracker.ietf.org/doc/html/rfc6797#section-6.1
> {code:java}
> ➜  ~ curl --insecure -I https://ritesh717-1.ritesh717.root.hwx.site:9889/\#/Overview
> HTTP/1.1 200 OK
> Date: Tue, 07 Jun 2022 06:03:34 GMT
> Cache-Control: no-cache
> Expires: Tue, 07 Jun 2022 06:03:34 GMT
> Date: Tue, 07 Jun 2022 06:03:34 GMT
> Pragma: no-cache
> Content-Type: text/html
> Strict-Transport-Security: max-age=63072000; includeSubDomains
> X-Content-Type-Options: nosniff
> X-FRAME-OPTIONS: SAMEORIGIN
> X-XSS-Protection: 1; mode=block
> Expires: Tue, 07 Jun 2022 06:03:34 GMT
> Date: Tue, 07 Jun 2022 06:03:34 GMT
> Pragma: no-cache
> Strict-Transport-Security: max-age=63072000; includeSubDomains
> X-Content-Type-Options: nosniff
> X-FRAME-OPTIONS: SAMEORIGIN
> X-XSS-Protection: 1; mode=block
> Last-Modified: Wed, 01 Jun 2022 17:22:50 GMT
> Accept-Ranges: bytes
> Content-Length: 2267
> {code}
> With additional debug logs https://github.com/kerneltime/ozone/commit/2d45178ac8335941d528d2075473e7c0028ded32
> {code:java}
> 2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Cache-Control no-cache 
> 2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Expires Tue, 07 Jun 2022 06:03:34 GMT 
> 2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Pragma no-cache 
> 2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Date Tue, 07 Jun 2022 06:03:34 GMT 
> 2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Content-Type text/plain;charset=utf-8 
> 2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: MapEntry Strict-Transport-Security max-age=63072000; includeSubDomains
> 2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: MapEntry X-Content-Type-Options nosniff
> 2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: MapEntry X-FRAME-OPTIONS SAMEORIGIN
> 2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: MapEntry X-XSS-Protection 1; mode=block
> 2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Strict-Transport-Security max-age=63072000; includeSubDomains /
> 2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Cache-Control no-cache /
> 2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after X-Content-Type-Options nosniff /
> 2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Expires Tue, 07 Jun 2022 06:03:34 GMT /
> 2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Pragma no-cache /
> 2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after X-FRAME-OPTIONS SAMEORIGIN /
> 2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after X-XSS-Protection 1; mode=block /
> 2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Date Tue, 07 Jun 2022 06:03:34 GMT /
> 2022-06-07 06:03:34,364 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Content-Type text/plain;charset=utf-8 /
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Strict-Transport-Security max-age=63072000; includeSubDomains 
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Cache-Control no-cache 
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before X-Content-Type-Options nosniff 
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Expires Tue, 07 Jun 2022 06:03:34 GMT 
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Pragma no-cache 
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before X-FRAME-OPTIONS SAMEORIGIN 
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before X-XSS-Protection 1; mode=block 
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Date Tue, 07 Jun 2022 06:03:34 GMT 
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers before Content-Type text/html;charset=utf-8 
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: MapEntry Strict-Transport-Security max-age=63072000; includeSubDomains
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: MapEntry X-Content-Type-Options nosniff
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: MapEntry X-FRAME-OPTIONS SAMEORIGIN
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: MapEntry X-XSS-Protection 1; mode=block
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Strict-Transport-Security max-age=63072000; includeSubDomains /index.html
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Cache-Control no-cache /index.html
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after X-Content-Type-Options nosniff /index.html
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Expires Tue, 07 Jun 2022 06:03:34 GMT /index.html
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Pragma no-cache /index.html
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after X-FRAME-OPTIONS SAMEORIGIN /index.html
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after X-XSS-Protection 1; mode=block /index.html
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Date Tue, 07 Jun 2022 06:03:34 GMT /index.html
> 2022-06-07 06:03:34,365 WARN org.apache.hadoop.hdds.server.http.HttpServer2: Headers after Content-Type text/html;charset=utf-8 /index.html
> {code}



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org