Opened 2 years ago
Last modified 2 years ago
#1236 assigned defect
Indico should not rely on the content-length header field
Reported by: | sylvestre | Owned by: | |
---|---|---|---|
Priority: | high | Milestone: | v2.6 |
Component: | General | Version: | 0.99 |
Keywords: | Cc: |
Description
The display of /abstractSubmission.py?confId=15 is failing on my indico instance.
The error is:
exception message => 'content-length' exception type => <type 'exceptions.KeyError'> traceback => File "/usr/local/lib/python2.7/dist-packages/indico-0.99-py2.7.egg/MaKaC/webinterface/rh/base.py", line 547, in process self._checkParams( self._reqParams ) File "/usr/local/lib/python2.7/dist-packages/indico-0.99-py2.7.egg/MaKaC/webinterface/rh/CFADisplay.py", line 206, in _checkParams headerSize = self._req.headers_in["content-length"] request handler => MaKaC.webinterface.rh.CFADisplay.RHAbstractSubmission url => http://fooo/abstractSubmission.py?confId=15 parameters => confId = 15 headers => Host: foo User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20100101 Firefox/10.0.12 Iceweasel/10.0.12 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: fr,en-us;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: http://foo/userAbstracts.py?confId=15 Cookie: Enabled=true; MAKACSESSION=215EAC2EAD300F61 Pragma: no-cache Cache-Control: no-cache user => [0] bar, bar <sylvestre@ledru.info> --------------------
In MaKaC/webinterface/rh/CFADisplay.py, this code is failing:
headerSize = self._req.headers_in["content-length"] AbstractParam._checkParams(self, params, self._conf, headerSize)
Change History (6)
comment:1 Changed 2 years ago by jbenito
- Milestone set to v1.1
- Priority changed from normal to high
comment:2 Changed 2 years ago by sylvestre
comment:3 Changed 2 years ago by jbenito
- Status changed from new to awaiting_merge
comment:4 Changed 2 years ago by jbenito
- Status changed from awaiting_merge to merging
comment:5 Changed 2 years ago by pferreir
Thanks a lot for the patch, but I don't think this is a good solution.
I have rolled it back as part of b001ea30ee4377a8e100b2bea56ac6544688b8ba.
I believe the correct, standard HTTP approach in this case is to return a 411 error (Length required) in case there is no such header. If anyone finds a good reason for us to silently allow this kind of behavior, please state it.
I will leave the ticket open till we properly handle this situation.
However, something is clearly wrong with your setup, or this wouldn't even happen at all.
comment:6 Changed 2 years ago by jbenito
- Milestone changed from v1.1 to v1.8
- Status changed from merging to assigned
Changing the code to:
fixes the issue described upper but loop on the abstractSubmission.py page