Zope sends malformed Vary header

Bug #143893 reported by Alexander Limi on 2007-03-25
Affects Status Importance Assigned to Milestone
Zope 2
Martijn Pieters

Bug Description

From http://dev.plone.org/plone/ticket/5786:

We have a proxy that checks the web site before allowing access, and if there is a mistake, we can't connect to your web site.

Your web site answers as a vary accept-encoding which is normal, but the next value is not correct. The line return for this Vary is "\n" instead of being "\r\n".


Wichert adds:

From ZPublisher.HTTPResponse.HTTPResponse.setHeader:

        key = name.lower()
        if accumulate_header(key):
            self.accumulated_headers = (
                "%s%s: %s\n" % (self.accumulated_headers, name, value))

Notice how that uses \n

This seems to be an issue in Zope. I'm not sure what the specs say, but it seems like both \r\n is required here.

Full case history:


Alexander Limi (limi) wrote :

And on IRC, Wichert added:

"HTTP RFCs say headers are \r\n seperated"


Christian Theune (ctheune) wrote :

That's my interpretation of RFC2616 as well:

"HTTP/1.1 defines the sequence CR LF as the end-of-line marker for
 all protocol elements except the entity-body (see appendix 19.3 for
 tolerant applications). The end-of-line marker within an
 entity-body is defined by its associated media type, as described
 in section 3.7.

       CRLF = CR LF

Martijn Pieters (mjpieters) wrote :

Status: Pending => Accepted

 Supporters added: mj

Yes, internally ZPublisher.HTTPResponse deliniates headers with only newline, but ZServer.HTTPResponse then uses '\r\n' to write out the headers. The end-result for the browser is '\r\n' delimeted headers.

There is a bug here though, but only when using addHeader; self.accumulated_headers is output directly, without cleaning up the header capitalisation (a SHOULD), and with \n separation instead of \r\n (a MUST). I'll fix the latter.

Now, if the Vary header was added using addHeader it will get \n deliminations indeed.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers