[wp-trac] [WordPress Trac] #33626: wp_favicon_request() may set a bad value for Content-Length header
WordPress Trac
noreply at wordpress.org
Tue Sep 1 06:55:52 UTC 2015
#33626: wp_favicon_request() may set a bad value for Content-Length header
--------------------------+------------------------------
Reporter: martiusweb | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.0
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by martiusweb):
Hi, thanks for replying so fast :)
If output buffering (what I incorrectly called ob_cache in my first
message) is disabled, Content-Length won't be set, and the HTTP message
will not contain an erroneous Content-Length header value. I think only a
warning will be logged (and/or displayed).
I thought wordpress activated output buffering by default, but in the case
I investigated it may be because of a plugin or user's php configuration.
The very issue here is Content-Length set to 0, which is received by
Apache from the fcgi handler and sent to the client without verification.
The HTTP exchange looked like:
{{{
GET /favicon.ico HTTP/1.1
Host: whatever.com
Connection: keep-alive
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: image/vnd.microsoft.icon
GET /wp-admin/or-any-next-request/ HTTP/1.1
Host: whatever.com
Connection: keep-alive
<eeff>HTTP/1.1 200 OK <- the first 3 bytes are the BOM sent by the first
response
...
}}}
The last line cause confusions, for instance:
- ngnix as a reverse proxy had to issue a second TCP connection for the
second request because the first exchange it received is invalid (I wonder
if it can issue the 2nd request twice, which might be a problem if not
idempotent).
- a strict proxy issue a "bad gateway" because it failed to parse the
first line.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/33626#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list