sends incomplete request when read access to attachment denied by AppArmor

Bug #1777095 reported by Hadmut Danisch on 2018-06-15
This bug affects 1 person
Affects Status Importance Assigned to Milestone
firefox (Ubuntu)

Bug Description


I just reported an ubuntu bug #1777094 and wanted to upload the configuration files as attachments (using ubuntu 18.04 and firefox), but I always just get the error message

Bad Request

Your browser sent a request that this server could not understand.


Hadmut Danisch (hadmut) wrote :

If I try to attach with chromium, I get a different error message:

Diese Website ist nicht erreichbar
Die Webseite unter ist möglicherweise vorübergehend nicht verfügbar oder wurde dauerhaft an eine neue Webadresse verschoben.

Colin Watson (cjwatson) wrote :

I don't see these failing requests in our access logs, which is odd.

Could you please capture details of the failures using your browser's developer tools? In Firefox, Tools -> Web Developer -> Network, then try to upload an attachment, then find the POST request to +addcomment. I'd like the request parameters (in the Params tab) and the request and response headers (in the Headers tab), but please omit the Cookie request header and the Set-Cookie response header.

The failure in Chromium suggests a local network problem to me ...

Changed in launchpad:
status: New → Incomplete
Hadmut Danisch (hadmut) wrote :

I've found the problem.

I had the file at a location, where firefox (due to apparmor) could not read it. Unfortunately firefox does not raise any error message, just silently discards the parameter, and launchpad then can't deal with the request and does not even show the regular frame, just a blank white page with that error message.

Request URL:
Request method: POST
Remote address:
Status code: 400 Bad Request
Version: HTTP/1.1

Request Headers:

Accept text/html,application/xhtml+xm…plication/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate, br
Accept-Language de-DE,en-US;q=0.7,en;q=0.3
Connection keep-alive
Content-Length 1417
Content-Type multipart/form-data; boundary=…15243462251093695542292916172
Cookie lp=C [I removed that here]
Upgrade-Insecure-Requests 1
User-Agent Mozilla/5.0 (X11; Ubuntu; Linu…) Gecko/20100101 Firefox/60.0

No parameters for this request

Colin Watson (cjwatson) on 2018-06-19
Changed in launchpad:
importance: Undecided → High
status: Incomplete → Triaged
tags: added: lp-bugs ui
Colin Watson (cjwatson) wrote :

This is actually failing before it gets as far as Launchpad. Apache's mod_proxy_http is throwing away the request, something like this (this is from a local development installation, but I verified this against Apache logs from our "dogfood" site):

  [Tue Jun 19 20:15:28.820917 2018] [proxy_http:error] [pid 774:tid 3958287168] (70007)The timeout specified has expired: [client] AH01095: prefetch request body failed to (localhost) from (), referer:

It looks like, when AppArmor prevents reading an attachment, Firefox sends request headers with a non-zero Content-Length, but then fails to actually follow up by sending that amount of content. Launchpad can't work around this, because as I mentioned it fails (non-configurably) at the Apache stage before it gets to the webapp.

I think the only place this can be fixed is in Firefox.

affects: launchpad → firefox (Ubuntu)
tags: removed: lp-bugs ui
summary: - Your browser sent a request that this server could not understand.
+ sends incomplete request when read access to attachment denied by
+ AppArmor
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers