Bug 23181 - Status 304 (Not modified) and chunking leads to an incorrect reponse
Summary: Status 304 (Not modified) and chunking leads to an incorrect reponse
Status: RESOLVED LATER
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Core (show other bugs)
Version: 2.0-HEAD
Hardware: Other other
: P3 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: MassUpdate
Depends on:
Blocks:
 
Reported: 2003-09-15 17:36 UTC by keilh
Modified: 2018-11-07 21:08 UTC (History)
0 users



Attachments
test files (12.70 KB, application/octet-stream)
2013-08-14 09:20 UTC, Dieter Paradeiser
Details

Note You need to log in before you can comment on or make changes to this bug.
Description keilh 2003-09-15 17:36:46 UTC
In the case of status 304 the 'Transfer-Encoding' encoding header will be 
supressed (http_protocol.c line 1672) but in 'chunk_filter(..)' the 
terminating chunk will be written in every case (http_core.c line 253).

So the following response results:

HTTP/1.1 304 Not Modified
Date: Thu, 11 Sep 2003 03:18:09 GMT
Server: Apache/2.0.45 (Unix) mod_ssl/2.0.45 OpenSSL/0.9.7b
Connection: close
ETag: excxgxgxuy6tre
Expires: Mon, 01 Jan 2004 01:00:00 GMT
0

And in the case of keep alive the client will read afer the next request 
the terminating chunk will  be readed first etc. 
And that is because the http spec. says explicitly in the case of 304 
ther is no body at all. (And that means not an empty body)

So chunking  ha sto be disabled for status 304 (http_protocol.c line 1672)
Comment 1 Jeff Trawick 2003-10-10 12:52:47 UTC
Got a testcase?  What enabled chunked transfer encoding to start with?

(Not doubting your analysis, but I'd like to see it in action.)

Thanks!
Comment 2 Dieter Paradeiser 2013-08-13 15:04:12 UTC
I have the same problem on 2.2.23, proxy with ajp connection to tomcat.

When the browser did not send the header "If-Modified-Since", the response contains a body (the body is a content from an other response, who was delivered by a other response) before header.

If I turn off "Keep-Alive" on Browser it will works correctly.

request:
GET https://none.at/jira/s/en_UK2j9dor-418945332/854/16/1.0/_/download/batch/jira.webresources:old_header_resources/jira.webresources:old_header_resources.css HTTP/1.1
Host: tasktrack.telekom.at
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0
Accept: text/css,*/*;q=0.1
Accept-Language: en,de-de;q=0.8,de;q=0.5,en-us;q=0.3
Accept-Encoding: gzip, deflate
Referer: https://tasktrack.telekom.at/jira/secure/Dashboard.jspa
Cookie: JSESSIONID=E808A752B02307B0BABE6431D8E530A3; atlassian.xsrf.token=AP1H-ZIAC-5B1M-681R|bb8ae707705da9d759f45bde330a2353cd069313|lin; mywork.tab.tasks=false
Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXX
Connection: keep-alive
If-None-Match: "1376079000000"
Cache-Control: max-age=0


response:
#greenhopper_menu_no_project{padding-right:3px;}
.jsuLocation .jsuMap,.jsuLocation .jsuHideMap,.jsuLocation .jsuMapNotFound{display:none;}
.jsuLocation .jsuMap{width:100%;height:300px;}
.jsuLocation.notFound .jsuMapNotFound{text-align:center;}
.jsuLocation .jsuHideMap{float:right;}
.jsuLocation.open .jsuHideMap,.jsuLocation.open .jsuMap,.jsuLocation.notFound .jsuMapNotFound{display:block;}
form.aui .aui-icon.icon-applinks-key,.aui-icon.icon-applinks-key{background:url("/jira/s/en_UK2j9dor-418945332/854/16/3.10.4/_/download/resources/com.atlassian.applinks.applinks-plugin:applinks-public/images/icon_key.png") no-repeat scroll 0 0 transparent;width:16px;height:16px;}
form.aui .aui-icon.icon-applinks-key-success,.aui-icon.icon-applinks-key-success{background:url("/jira/s/en_UK2j9dor-418945332/854/16/3.10.4/_/download/resources/com.atlassian.applinks.applinks-plugin:applinks-public/images/icon_key_success.png") no-repeat scroll 0 0 transparent;width:16px;height:16px;}
span.applinks-auth-request{background:#fffff0;border:1px solid #ccc;-webkit-border-radius:3px;-moz-border-radius:3px;border-radius:3px 3px 3px 3px;display:inline-block;margin:1px 0;padding:2px 4px;}
span.applinks-auth-request a:link,span.applinks-auth-request a:visited{color:#00f;}
span.applinks-auth-request .applinks-request-description{background:url("/jira/s/en_UK2j9dor-418945332/854/16/3.10.4/_/download/resources/com.atlassian.applinks.applinks-plugin:applinks-public/images/icon_key.png") no-repeat 0 1px;padding-left:20px;}
form.aui .issue-link-applinks-authentication-message .aui-message:first-child {
    margin-top: 10px;
}
HTTP/1.1 304 Not Modified
Date: Tue, 13 Aug 2013 14:50:57 GMT
Connection: Keep-Alive
Keep-Alive: timeout=30, max=81
ETag: "1376079000000"
Expires: Wed, 13 Aug 2014 14:51:00 GMT
Cache-Control: max-age=31536000
Cache-Control: public
Comment 3 Dieter Paradeiser 2013-08-14 09:20:21 UTC
Created attachment 30730 [details]
test files

*) install httpd-2.2.25-win32-x86-no_ssl.msi
*) modify config for port and proxy (attached)
*) install apache-tomcat-7.0.42.zip
*) add apache-test.war to webapps (attached)
*) start tomcat
*) start httpd
*) trace communication with Fiddler2 or other tool between apache and browser
*) open FF or Chrome and call http://localhost:9999/apache-test
*) refresh with F5
*) some responses are damaged!
Comment 4 William A. Rowe Jr. 2018-11-07 21:08:34 UTC
Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd.

As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd.

If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question.

If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with.

Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.