followup

2019-04-10 10:25:13 -04:00 · 2019-04-10 10:25:13 -04:00 · 4c1e08e92d
commit 4c1e08e92d
parent f46f9f1bd3
2 changed files with 48 additions and 0 deletions
--- a/doc/bugs/Unable_to_get47addurl_to_http_link58_download_failed58_InvalidHeader_34preload34.mdwn
+++ b/doc/bugs/Unable_to_get47addurl_to_http_link58_download_failed58_InvalidHeader_34preload34.mdwn
@ -73,3 +73,7 @@ local repository version: 5


 [[!meta author=yoh]]
+
+> closing as there are no code changes to git-annex that can fix this,
+> it has to be fixed in either http-client or the web server. [[done]]
+> --[[Joey]]
--- a/doc/bugs/Unable_to_get47addurl_to_http_link58_download_failed58_InvalidHeader_34preload34/comment_1_247f3c1dfea3cdb0b398c015f4c4d44b._comment
+++ b/doc/bugs/Unable_to_get47addurl_to_http_link58_download_failed58_InvalidHeader_34preload34/comment_1_247f3c1dfea3cdb0b398c015f4c4d44b._comment
@ -0,0 +1,44 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2019-04-10T13:58:03Z"
+ content="""
+curl -v shows the problem response
+
+	< Server: openresty/1.7.10.1
+	< Date: Wed, 10 Apr 2019 13:57:10 GMT
+	< Content-Type: application/octet-stream
+	< Content-Length: 773788987
+	< Connection: keep-alive
+	< Last-Modified: Mon, 11 Mar 2019 16:35:02 GMT
+	< ETag: "5c868e36-2e1f153b"
+	< Accept-Ranges: bytes
+	< Strict-Transport-Security: max-age=15768000; includeSubdomains;
+	< preload
+	< X-Frame-Options: DENY
+	< X-Content-Type-Options: nosniff
+
+It looks like the server is sending "preload" on its own line rather
+than being part of the Strict-Transport-Security header.
+
+Just in case, I found another url that uses HSTS preload, and git-annex
+can download that:
+
+	joey@darkstar:~>curl -v -o foo https://www.torproject.org/ 2>&1 | grep preload
+	< Strict-Transport-Security: max-age=15768000; preload
+	joey@darkstar:~/tmp/c>git annex addurl https://www.torproject.org/
+	addurl https://www.torproject.org/ 
+	(to www.torproject.org_) ok
+
+The web server is probably violating standard HTTP to some extent with that
+response. Of course, it's possible to parse the response less strictly and
+not fail on the malformed header. Still, fixing the web server is probably the
+fastest way to fix the immediate problem (as well as make HSTS preloading
+actually be used).
+
+Issue filed on http-client, <https://github.com/snoyberg/http-client/issues/398>
+with a prospective patch.
+
+I don't see any changes to git-annex that can help with the problem, so
+I'll close this bug report.
+"""]]