You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@shindig.apache.org by "Paul Lindner (JIRA)" <ji...@apache.org> on 2009/10/15 09:31:31 UTC

[jira] Resolved: (SHINDIG-1186) /gadgets/metadata does not handle Transfer-Encoding according to the HTTP/1.1 spec

     [ https://issues.apache.org/jira/browse/SHINDIG-1186?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Paul Lindner resolved SHINDIG-1186.
-----------------------------------

       Resolution: Fixed
    Fix Version/s: 1.1-BETA4

patch applied.  Thanks!

> /gadgets/metadata does not handle Transfer-Encoding according to the HTTP/1.1 spec
> ----------------------------------------------------------------------------------
>
>                 Key: SHINDIG-1186
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-1186
>             Project: Shindig
>          Issue Type: Bug
>          Components: Java
>    Affects Versions: 1.1-BETA4
>            Reporter: Mark Weitzel
>            Priority: Minor
>             Fix For: 1.1-BETA4
>
>         Attachments: Defect_95007_0.patch, RpcServletTest.java
>
>   Original Estimate: 48h
>  Remaining Estimate: 48h
>
> The HTTP spec states that if a header (request/response) contains a Transfer-Encoding that the receiver of the header, MUST
> ignore the Content-Length header.  The RpcServlet in shindig checks the Content-Length, without checking the
> Transfer-Encoding and fails if it's not there.  There are additional checks to be sure that the length is not arbitrarily
> large, and that it matches the length of the content received.
> However, when submit a request to Shindig we go through a proxy that uses Transfer-Encoding chunked which all HTTP/1.1 compliant actor's are supposed to support.
> The discussion for this issue is on the shindig-dev mailing list: http://markmail.org/message/lws6bupzpxguo7o2
> The limited response seemed to be that protection from DDOS was the likely reason for the checks, that type of protection
> ought to be provided by a cross cutting mechanism, and that those checks ought to be removed completely.
> Attached are a patch that matches the suggestion and a JUnit TestCase which will fail under the current codebase and
> should be made to pass regardless of the mechanism.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.