> On Sept. 3, 2015, 4:03 p.m., Kevin Sweeney wrote:
> > Are you sure this works? AIUI it's Transfer-Encoding: gzip that we need to 
> > worry about, not content-encoding (which is part of the entity being 
> > served). Most web frameworks have a facility whereby they will locate 
> > pre-compressed assets, usually with a .gz suffix.
> > 
> > For example, if a directory contains `a.js` and `a.js.gz`, a client's 
> > request for a.js with the header `'accept-encoding: gzip'` will result in 
> > the server responding with the contents of `a.js.gz`, and the headers 
> > `transfer-encoding: gzip` and `content-type: application/javascript`. The 
> > client will generally decompress the result on the fly. OTOH, a request for 
> > `a.js.gz` should result in the unmodified file with `content-encoding: 
> > application/gzip`. See this stackoverflow post: [1]
> > 
> > [1] 
> > http://stackoverflow.com/questions/11641923/transfer-encoding-gzip-vs-content-encoding-gzip

Bottle doesn't support setting `Transfer-Encoding` it only sets 
`Content-Encoding`. If we explicitly specify a `mimetype` argument it doesn't 
[guess](https://github.com/bottlepy/bottle/blob/534a2e08ac0ef55dd542a3a83b1118188c6a399b/bottle.py#L2518)
 resulting in the desired behaviour. Regardless I think we should serve all 
data as `application/octet-stream` to signal that it is opaque data that should 
not be handled by the browser.


- Zameer


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38111/#review97691
-----------------------------------------------------------


On Sept. 3, 2015, 3:15 p.m., Zameer Manji wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38111/
> -----------------------------------------------------------
> 
> (Updated Sept. 3, 2015, 3:15 p.m.)
> 
> 
> Review request for Aurora and Joshua Cohen.
> 
> 
> Bugs: AURORA-1479
>     https://issues.apache.org/jira/browse/AURORA-1479
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> This disables the mimetype guessing of files served by the chroot browser and 
> sets it to the standard `application/octet-stream` mimetype. This prevents 
> browsers from trying to decompress gzipped files or other surprising 
> behaviour for users.
> 
> 
> Diffs
> -----
> 
>   src/main/python/apache/thermos/observer/http/file_browser.py 
> 1750f5bd0937f8ce411f976db488bf5d14930577 
> 
> Diff: https://reviews.apache.org/r/38111/diff/
> 
> 
> Testing
> -------
> 
> ./pants test src/test/python/apache/thermos/observer::
> Manual inspection of Content-Type header via vagrant.
> 
> 
> Thanks,
> 
> Zameer Manji
> 
>

Reply via email to