search

jquery / codeorigin.jquery.com

jQuery CDN
https://releases.jquery.com
Other
57 stars 602 forks source link

Accept-Encoding values not treated as case-insensitive (i.e. GZIP vs gzip) #43

Closed timmywil closed 6 years ago

timmywil commented 6 years ago

Migrated from https://github.com/jquery/jquery/issues/4162

From @gibson042:

Issue confirmed. Content coding values (which are the contents of Accept-Encoding) are case-insensitive per RFC 7231, but code.jquery.com sends a response with no encoding in response to Accept-Encoding: GZIP (or other variants that are not all lowercase), and—here's the issue—lies about that lack of encoding by also including Content-Encoding: gzip.

Transcripts, with ### comments added.

no Accept-Encoding ```sh $ curl -sv http://code.jquery.com/jquery-2.2.4.min.js | head -c 10 | xxd * Trying 205.185.208.52... * Connected to code.jquery.com (205.185.208.52) port 80 (#0) > GET /jquery-2.2.4.min.js HTTP/1.1 > Host: code.jquery.com > User-Agent: curl/7.47.0 > Accept: */* > < HTTP/1.1 200 OK < Date: Fri, 31 Aug 2018 14:04:40 GMT < Connection: Keep-Alive < Accept-Ranges: bytes < Content-Length: 85578 ### unencoded size: 85578 < Content-Type: application/javascript; charset=utf-8 < Last-Modified: Fri, 20 May 2016 17:24:41 GMT < Server: nginx < ETag: W/"573f4859-14e4a" < Cache-Control: max-age=315360000 < Cache-Control: public < Access-Control-Allow-Origin: * < Vary: Accept-Encoding < X-HW: 1535724280.dop013.ny3.t,1535724280.cds046.ny3.c < { [1460 bytes data] 00000000: 2f2a 2120 6a51 7565 7279 /*! jQuery ### unencoded response * Failed writing body (892 != 16384) * Closing connection 0 ```
no Accept-Encoding: gzip ```sh $ curl -sv -H 'Accept-Encoding: gzip' http://code.jquery.com/jquery-2.2.4.min.js | head -c 10 | xxd * Trying 205.185.208.52... * Connected to code.jquery.com (205.185.208.52) port 80 (#0) > GET /jquery-2.2.4.min.js HTTP/1.1 > Host: code.jquery.com > User-Agent: curl/7.47.0 > Accept: */* > Accept-Encoding: gzip ### request for gzipped response > < HTTP/1.1 200 OK < Date: Fri, 31 Aug 2018 14:10:51 GMT < Connection: Keep-Alive < Accept-Ranges: bytes < Content-Encoding: gzip ### response is claimed to be gzipped < Content-Length: 34834 ### compressed size: 34834 < Content-Type: application/javascript; charset=utf-8 < Last-Modified: Fri, 20 May 2016 17:24:41 GMT < Server: nginx < ETag: W/"573f4859-14e4a" < Cache-Control: max-age=315360000 < Access-Control-Allow-Origin: * < Vary: Accept-Encoding < X-HW: 1535724651.dop012.ny3.t,1535724651.cds046.ny3.c < { [1460 bytes data] 00000000: 1f8b 0800 0000 0000 0003 .......... ### response appears gzipped, cf. https://tools.ietf.org/html/rfc1952#page-6 * Failed writing body (1500 != 9899) * Closing connection 0 ```
no Accept-Encoding: GZIP ```sh $ curl -sv -H 'Accept-Encoding: GZIP' http://code.jquery.com/jquery-2.2.4.min.js | head -c 10 | xxd * Trying 205.185.208.52... * Connected to code.jquery.com (205.185.208.52) port 80 (#0) > GET /jquery-2.2.4.min.js HTTP/1.1 > Host: code.jquery.com > User-Agent: curl/7.47.0 > Accept: */* > Accept-Encoding: GZIP ### unusual request for gzipped response > < HTTP/1.1 200 OK < Date: Fri, 31 Aug 2018 14:14:50 GMT < Connection: Keep-Alive < Accept-Ranges: bytes < Content-Encoding: gzip ### response is claimed to be gzipped < Content-Length: 85578 ### …but the size is as big as an unencoded response :\ < Content-Type: application/javascript; charset=utf-8 < Last-Modified: Fri, 20 May 2016 17:24:41 GMT < Server: nginx < ETag: W/"573f4859-14e4a" < Cache-Control: max-age=315360000 < Access-Control-Allow-Origin: * < Vary: Accept-Encoding < X-HW: 1535724890.dop004.ny3.t,1535724890.cds046.ny3.c < { [1460 bytes data] 00000000: 2f2a 2120 6a51 7565 7279 /*! jQuery ### non-gzipped! >:( * Failed writing body (2068 != 16384) * Closing connection 0 ```
mgol commented 6 years ago

@vchandrasn @thomhubers @jsandersrocks @debugthings Our CDN provider has applied a fix. Does it work for you now or not? If not, can you provide more details about the request you're sending and what you receive? Thanks!

vchandrasn commented 6 years ago

Hi Michal, It looks like the fix is working. I don't see any Azure failure ping tests related to this issue. Thanks for taking care of it.

Best, Chandra

On Wed, Sep 5, 2018 at 10:25 AM Michał Gołębiowski-Owczarek < notifications@github.com> wrote:

@vchandrasn https://github.com/vchandrasn @thomhubers https://github.com/thomhubers @jsandersrocks https://github.com/jsandersrocks @debugthings https://github.com/debugthings Our CDN provider has applied a fix. Does it work for you now or not? If not, can you provide more details about the request you're sending and what you receive? Thanks!

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jquery/codeorigin.jquery.com/issues/43#issuecomment-418750248, or mute the thread https://github.com/notifications/unsubscribe-auth/AVLPChSj-C_L9YZuezxml2qGLy7NfFXwks5uX97MgaJpZM4WX_ML .

--

Chandra Venkataraman

Lead .Net Developer

US 443-453-0131

jellyfish.net

The Global Boutique Agency

timmywil commented 6 years ago

Great! Glad to hear it's fixed.