Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding Chi's GetHead middleware #14541

Merged
merged 2 commits into from
Feb 2, 2021
Merged

Conversation

faridtsl
Copy link
Contributor

@faridtsl faridtsl commented Feb 1, 2021

Before moving to Chi, HEAD requests were automatically answered by GET
handlers (SetAutoHead(true) from macaron was used).

This Change will restore the previous behaviour.

Before moving to Chi, HEAD requests were automatically answered by GET
handlers (SetAutoHead(true) from macaron was used).

This Change will restore the previous behaviour.
faridtsl added a commit to faridtsl/gitea that referenced this pull request Feb 1, 2021
This change adds the header Content-Length to HEAD HTTP requests.

The previous behaviour was blocking some Windows executables (i.e
bitsadmin.exe) from downloading files hosted in Gitea.

This along with PR go-gitea#14541, makes the web server compliant with HTTP RFC 2616 which states
"The methods GET and HEAD MUST be supported by all general-purpose servers"
and
"The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response."

This should also respond to issues go-gitea#8030 and go-gitea#14532.
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Feb 1, 2021
@6543 6543 added type/bug skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. labels Feb 1, 2021
@6543 6543 added this to the 1.14.0 milestone Feb 1, 2021
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Feb 2, 2021
@lafriks
Copy link
Member

lafriks commented Feb 2, 2021

🚀

@lafriks lafriks merged commit 1737a76 into go-gitea:master Feb 2, 2021
a1012112796 added a commit to a1012112796/gitea that referenced this pull request Feb 3, 2021
* master: (28 commits)
  [Docs] Clone filters (go-gitea#14555)
  update docs to show latest stable version (1.13.2) (go-gitea#14550)
  Adding Chi's GetHead middleware (go-gitea#14541)
  Changelog v1.13.2 (go-gitea#14535) (go-gitea#14543)
  [skip ci] Updated translations via Crowdin
  [API] List, Check, Add & delete endpoints for repository teams (go-gitea#13630)
  [skip ci] Updated translations via Crowdin
  rm redirect (go-gitea#14534)
  Upgrade 'css-minimizer-webpack-plugin' to the latest version (go-gitea#14527)
  Set the name Mapper in migrations (go-gitea#14526)
  Internal ssh server respect Ciphers, MACs and KeyExchanges settings (go-gitea#14523)
  Move middlewares to web/middleware (go-gitea#14480)
  Add Doctor FixWrongUserType (go-gitea#14522)
  [skip ci] Updated translations via Crowdin
  noop (go-gitea#14521)
  Update docs and comments to remove macaron (go-gitea#14491)
  [skip ci] Updated translations via Crowdin
  Fix json charset bug (go-gitea#14514)
  enhancement: add signoff option in commit form (go-gitea#14516)
  Fix load time bug (go-gitea#14508)
  ...
6543 pushed a commit that referenced this pull request Feb 5, 2021
* Add Content-Length header to HEAD requests

This change adds the header Content-Length to HEAD HTTP requests.

The previous behaviour was blocking some Windows executables (i.e
bitsadmin.exe) from downloading files hosted in Gitea.

This along with PR #14541, makes the web server compliant with HTTP RFC 2616 which states
"The methods GET and HEAD MUST be supported by all general-purpose servers"
and
"The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response."

This should also respond to issues #8030 and #14532.

* This change adds the header Content-Length to HEAD HTTP requests

Pass the Size of the content as a parameter to ServeData() instead of
calculating it using ioutil.ReadAll(reader) --> this call is dangerous
and can result in a denial of service.

* Add Content-Length header to HEAD requests

Quick fix for imported dependency not used.

* Check if size is positiv int ...

Co-authored-by: zeripath <art27@cantab.net>
@go-gitea go-gitea locked and limited conversation to collaborators Mar 11, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. type/bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants