Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

img/png not recognised #233

Open
ForteanOrg opened this issue Jul 25, 2020 · 1 comment
Open

img/png not recognised #233

ForteanOrg opened this issue Jul 25, 2020 · 1 comment

Comments

@ForteanOrg
Copy link

ForteanOrg commented Jul 25, 2020
edited
Loading

Folks, I can't wrap my head around this.

Location of (online) badge: https://chapter.isc2.nl/app/uploads/2020/07/Registered.png

Output of wget (with debug and all):

# wget --server-response -d https://chapter.isc2.nl/app/uploads/2020/07/Registered.png
DEBUG output created by Wget 1.12 on linux-gnu.

--2020-07-25 23:26:22--  https://chapter.isc2.nl/app/uploads/2020/07/Registered.png
Resolving chapter.isc2.nl... 93.186.183.91
Caching chapter.isc2.nl => 93.186.183.91
Connecting to chapter.isc2.nl|93.186.183.91|:443... connected.
Created socket 3.
Releasing 0x085dde08 (new refcount 1).
Initiating SSL handshake.
Handshake successful; connected socket 3 to SSL handle 0x085fad40
certificate:
  subject: /CN=chapter.isc2.nl
  issuer:  /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
X509 certificate successfully verified and matches host chapter.isc2.nl

---request begin---
GET /app/uploads/2020/07/Registered.png HTTP/1.0
User-Agent: Wget/1.12 (linux-gnu)
Accept: */*
Host: chapter.isc2.nl
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response... 
---response begin---
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 25 Jul 2020 21:26:15 GMT
**Content-Type: image/png**
Content-Length: 15882
Connection: keep-alive
X-Content-Type-Options: nosniff
Last-Modified: Sat, 25 Jul 2020 18:37:39 GMT
ETag: "384b41-3e0a-5ab48625c9636"
Accept-Ranges: bytes
X-Powered-By: PleskLin

---response end---

  HTTP/1.1 200 OK
  Server: nginx
  Date: Sat, 25 Jul 2020 21:26:15 GMT
  **Content-Type: image/png**
  Content-Length: 15882
  Connection: keep-alive
  X-Content-Type-Options: nosniff
  Last-Modified: Sat, 25 Jul 2020 18:37:39 GMT
  ETag: "384b41-3e0a-5ab48625c9636"
  Accept-Ranges: bytes
  X-Powered-By: PleskLin
Registered socket 3 for persistent reuse.
Length: 15882 (16K) [image/png]
Saving to: “Registered.png”

Note that the headers state that this is a img/png

When verifying the badge, the following error occurs:
FETCH_HTTP_NODE: Unknown Content-Type (Not image/png or image/svg+xml). Response could not be interpreted from url https://chapter.isc2.nl/app/uploads/2020/07/Registered.png

JSON data:
{ "report": { "validationSubject": "https://chapter.isc2.nl/app/uploads/2020/07/Registered.png", "valid": false, "messages": [ { "messageLevel": "ERROR", "name": "FETCH_HTTP_NODE", "success": false, "result": "Unknown Content-Type (Not image/png or image/svg+xml). Response could not be interpreted from url https://chapter.isc2.nl/app/uploads/2020/07/Registered.png" } ], "errorCount": 1, "warningCount": 0 }, "graph": [], "input": { "input_type": "url", "value": "https://chapter.isc2.nl/app/uploads/2020/07/Registered.png" } }
@ForteanOrg
Copy link
Author

Just a thought: could it be caused by the "X-Content-Type-Options: nosniff" header? Seems that our site sets it. It is intended to be interpreted by browsers and should force the browser not to sniff the content but to believe the server when it says that it is a img/png. I wonder how that makes things more secure, but there you have it. Servers can't lie, right..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ForteanOrg