[
https://issues.apache.org/jira/browse/TS-3693?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14615429#comment-14615429
]
Sudheer Vinukonda edited comment on TS-3693 at 7/6/15 6:21 PM:
---------------------------------------------------------------
But, my concern is that, requests that would otherwise always return an error
(e.g. 404 - Not found on Accelerator), would now return a "100-CONT" followed
by the error. You don't think that's odd/poor behavior?
Below's my comment on the github PR:
"I'm a little concerned about this change - this would mean that requests that
would otherwise return an error would always return a "100 CONT" first. It
seems quite odd that, a request would get a "100 CONT" followed by a "404 - Not
found on Accelerator", for example (or even a "403 - Forbidden", for e.g with
quick_filter).
The current implementation of the "100 CONT" is already a hack (and not inline
with the spec), but, at least, it ensures that the requests pass the proxy
checks/validations.
Making this change now to send a "100 CONT" immediately after seeing (and basic
parsing of) the request, to all cases (not just the cases where a intercept
plugin is being used) seems pretty bad to me. It may even open up a
vulnerability that someone can exploit (e.g. keep pounding the box with a POST
request with Expect header).
I'd wait for [~zwoop] 's comments to see if he thinks this is not an issue."
was (Author: sudheerv):
But, my concern is that, requests that would otherwise always return an error
(e.g. 404 - Not found on Accelerator), would now return a "100-CONT" followed
by the error. You don't think that's odd/poor behavior?
> Move 100-continue logic to read client header for intercept plugins
> -------------------------------------------------------------------
>
> Key: TS-3693
> URL: https://issues.apache.org/jira/browse/TS-3693
> Project: Traffic Server
> Issue Type: Improvement
> Components: HTTP
> Reporter: Bryan Call
> Assignee: Bryan Call
> Labels: yahoo
> Fix For: 6.1.0
>
>
> From https://github.com/apache/trafficserver/pull/216 :
> Currently, ATS handles "Expect: 100-continue" header in
> HttpSM::state_send_server_request_header. In intercept plugin case, ATS may
> have no chance to run into this logic, it handles the header in a later point
> - HttpSM::state_send_server_request_header. I did not take this into account
> when I wrote the first patch. Now we have an intercept plugin use case in
> yahoo, and I think we need to move the handle logic some earlier, right after
> finish parsing the client request header.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
