Opened 6 years ago

Last modified 19 months ago

#9481 new defect

Header value being duplicated

Reported by: boushley Owned by: pde
Priority: High Milestone:
Component: HTTPS Everywhere/HTTPS Everywhere: Chrome Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When using HTTPS Everywhere for Chrome I've tracked down some errors with headers not being passed properly. Some of the headers returned from the service actual end up being doubled when HTTPS Everywhere is enabled.

I tracked this down in an application I'm writing that makes CORS HTTP Requests to the Dropbox API. I was seeing "SyntaxError: Unexpected token , " errors similar to this issue: https://trac.torproject.org/projects/tor/ticket/5952 but not in relation to Bootcamp. As I dug into the issue it became clear that a header that was supposed to be JSON was malformed.

After inspecting the header through Chrome's Network panel, and then through another proxy (to ensure it wasn't the server sending a double header) it became clear that the server was sending a valid response, but javascript inside of Chrome was seeing a broken response. The headers for the actual request are similar to the following:

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Aug 2013 11:26:57 GMT
Content-Type: text/plain; charset=ascii
Content-Length: 203
Connection: keep-alive
accept-ranges: bytes
x-dropbox-metadata: {"revision": 7, "rev": "7130446f9", "thumb_exists": false, "bytes": 203, "modified": "Fri, 09 Aug 2013 11:55:51 +0000", "client_mtime": "Fri, 09 Aug 2013 11:54:52 +0000", "path": "/some_file", "is_dir": false, "icon": "page_white", "root": "app_folder", "mime_type": "application/octet-stream", "size": "203 bytes"}
x-server-response-time: 200
etag: 7n
x-dropbox-request-id: 5fcfa0e9c0b1f00039d8901aaaad6738
pragma: public
cache-control: max-age=0
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Accept-Ranges, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time
X-RequestId: f89f279185cc3bcf4c5deeeeaaaeaaaa

The header that I was having problems with is the x-dropbox-metadata header. The value returned from the server was valid, but when javascript called xhr.getResponseHeader('x-dropbox-metadata') or xhr.getAllResponseHeaders() the value for 'x-dropbox-metadata' would be the correct value twice comma separated. So in this case we would see:

{"revision": 7, "rev": "7130446f9", "thumb_exists": false, "bytes": 203, "modified": "Fri, 09 Aug 2013 11:55:51 +0000", "client_mtime": "Fri, 09 Aug 2013 11:54:52 +0000", "path": "/some_file", "is_dir": false, "icon": "page_white", "root": "app_folder", "mime_type": "application/octet-stream", "size": "203 bytes"}, {"revision": 7, "rev": "7130446f9", "thumb_exists": false, "bytes": 203, "modified": "Fri, 09 Aug 2013 11:55:51 +0000", "client_mtime": "Fri, 09 Aug 2013 11:54:52 +0000", "path": "/some_file", "is_dir": false, "icon": "page_white", "root": "app_folder", "mime_type": "application/octet-stream", "size": "203 bytes"}

This caused a syntax error when parsing this value as JSON which is the symptom I mentioned at the start.

This problem reproduces every time for me, until I disable https everywhere. I tried disabling each of my plugins one at a time, and found that HTTPS Everywhere reliably causes this problem.

Child Tickets

Change History (1)

comment:1 Changed 19 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.