search

fusioninventory / fusioninventory-agent

FusionInventory Agent
http://fusioninventory.org/
GNU General Public License v2.0
251 stars 125 forks source link

Invalid Content-Type header #1044

Closed azurit closed 4 weeks ago

azurit commented 1 year ago

Hi,

FusionInventory Agent is using invalid value for Content-Type header: application/x-compress-zlib. See, for example, here for complete list of valid MIME types: https://www.freeformatter.com/mime-types-list.html

Even more, requests using such value for Content-Type header are blocked by default by ModSecurity WAF while using Core Rule Set ruleset.

As for fix, i suggest using standard way of HTTP data compression (see Content-Encoding header) instead of implementing custom way of doing so.

ddurieux commented 1 year ago

Hi, thanks for the information, the version 3 (in development), will be more in standard with JSON + HTTP(S). The format used come from the OCS Inventory Agent and we never changed the behavior, until this future version 3 ^_^