Re: FW: mod_proxy/9772: proxy: Ignoring duplicate HTTP header...

Wed, 13 Feb 2002 23:28:56 -0800 

Joshua Slive wrote:

> I really don't know what is going on with the proxy, so it is silly for me
> to be acting as an intermediary.  I'll just reopen this bug report, and
> anyone who wants can take a look at it.

This is a different bug entirely - it's to do with what proxy does when
it encounters IIS v4.0 brokenness, and website designer brokenness.

> Subject: Re: mod_proxy/9772: proxy: Ignoring duplicate HTTP header...
> 
> No, this patch did not fix the problem.
> Point a browser to the following url thru apache proxy to see the mess.
> 
>   http://cgi3.ebay.com/aw-cgi/eBayISAPI.dll?SignIn

This patch will definitely not fix this problem, as the problem lies
partially with ebay. The above URL returns the following response
headers:

HTTP/1.1 200 OK
Server: Microsoft-IIS/4.0
Date: Thu, 14 Feb 2002 07:17:54 GMT
Set-Cookie:
s=AQAAAAEAAAASAAAARgAAAKJkazwin3Q8QDE5Ni4zMC4xMjguMjZlMXRlc3RDb29raWUgJDIkTW96aWxsYS8kTlk0dFlbG1JY3U0NHdxcjBuLzRpLwA*f;
path=/; domain=.ebay.com
Set-Cookie: secure_ticket=n; path=/; domain=.ebay.com; secure
HTTP/1.1 200 OK
Server: Microsoft-IIS/4.0
Date: Thu, 14 Feb 2002 07:17:54 GMT
Set-Cookie:
s=AQAAAAEAAAASAAAARgAAAKJkazwin3Q8QDE5Ni4zMC4xMjguMjZlMXRlc3RDb29raWUgJDIkTW96aWxsYS8kTlk0dFlbG1JY3U0NHdxcjBuLzRpLwA*f;
path=/; domain=.ebay.com
HTTP/1.1 200 OK
Server: Microsoft-IIS/4.0
Date: Thu, 14 Feb 2002 07:17:54 GMT

Your "ignoring duplicate HTTP header" message is triggered by the
presence of multiple "HTTP/1.1 200 OK" lines, and is the correct
behavior. There are two additional lines, therefore you get two error
messages. The solution here is for Ebay to keep their webservers up to
date.

What is causing the page to be rendered in plain text however is the
fact that there is no Content-Type header associated with this page.
According to RFC2616, a content-type "SHOULD" be present. If it is not
present, then the client can either guess what it is based on file
extension or looking at a few bytes, otherwise it should be
"application/octet-stream".

So - the question is, should proxy be adding a content-type header to
responses without one? If we don't, we effectively tell the browser "you
deal with the broken content".

Comments?

Regards,
Graham
-- 
-----------------------------------------
[EMAIL PROTECTED]                "There's a moon
                                        over Bourbon Street
                                                tonight..."

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to