[
https://issues.apache.org/jira/browse/SHINDIG-1186?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Paul Lindner resolved SHINDIG-1186.
-----------------------------------
Resolution: Fixed
Fix Version/s: 1.1-BETA4
patch applied. Thanks!
> /gadgets/metadata does not handle Transfer-Encoding according to the HTTP/1.1
> spec
> ----------------------------------------------------------------------------------
>
> Key: SHINDIG-1186
> URL: https://issues.apache.org/jira/browse/SHINDIG-1186
> Project: Shindig
> Issue Type: Bug
> Components: Java
> Affects Versions: 1.1-BETA4
> Reporter: Mark Weitzel
> Priority: Minor
> Fix For: 1.1-BETA4
>
> Attachments: Defect_95007_0.patch, RpcServletTest.java
>
> Original Estimate: 48h
> Remaining Estimate: 48h
>
> The HTTP spec states that if a header (request/response) contains a
> Transfer-Encoding that the receiver of the header, MUST
> ignore the Content-Length header. The RpcServlet in shindig checks the
> Content-Length, without checking the
> Transfer-Encoding and fails if it's not there. There are additional checks
> to be sure that the length is not arbitrarily
> large, and that it matches the length of the content received.
> However, when submit a request to Shindig we go through a proxy that uses
> Transfer-Encoding chunked which all HTTP/1.1 compliant actor's are supposed
> to support.
> The discussion for this issue is on the shindig-dev mailing list:
> http://markmail.org/message/lws6bupzpxguo7o2
> The limited response seemed to be that protection from DDOS was the likely
> reason for the checks, that type of protection
> ought to be provided by a cross cutting mechanism, and that those checks
> ought to be removed completely.
> Attached are a patch that matches the suggestion and a JUnit TestCase which
> will fail under the current codebase and
> should be made to pass regardless of the mechanism.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
