-
-
Notifications
You must be signed in to change notification settings - Fork 169
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
206 Partial Content requests raise/crash ERR_HTTP_TRAILER_INVALID #742
Comments
That's interesting, we basically stream audio content from GridFS via 206 and the slightlycustomized Any hint how to reproduce this? |
You must have a request including
This should then
The response should typically look like: I observed this locally with minio and did not test this against AWS S3, but I doubt that this should change the result. The second and all upcoming requests look like this then, notice that the range increases: Though you won't see this as the server crashes on the first request. |
Hope this helps, I reproduced the crash with this:
|
@jankapunkt If you're not able to reproduce this, I'll make a repro by tomorrow. |
Thanks a lot I will check this out against our current builds |
Small update, I am currently working on a reproduction, so far I could not get https://github.com/VeliovGroup/Meteor-Files-Demos/tree/master/demo-simplest-streaming to crash. |
This seems to be caused in conjunction with Nginx, this comment helped a lot. I added
and the crash is gone. Nginx uses I still try to figure out what exactly happens here. This is especially confusing as https://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html e.g. HTTP 1.1 introduced |
I am finally able to reproduce this with https://github.com/VeliovGroup/Meteor-Files/tree/master/demo-simplest-streaming. Run that project, grab the mp3 URL, and run the following (
while
This should mean that we can DOS attack Meteor-Files Servers now 🚨. Though I could not crash https://files.veliov.com/ as it enforces HTTP1.1 which modern web proxies should always do nowadays 😅 I think that https://github.com/VeliovGroup/Meteor-Files/blob/master/server.js#L242-L246 needs to cover https://github.com/VeliovGroup/Meteor-Files/blob/master/server.js#L1840 as well and set one of those headers, depending on the request e.g. if range requested or not, or if it is an HTTP1 or HTTP1.1 request. |
Wow really great work @menelike |
Thanks to @jankapunkt and @menelike There will be corresponding updates in the codebase as well
- 🐞 Fix #742, thanks to @menelike and @jankapunkt - 🤓 Update *TypeScript* definitions, thanks to @OliverColeman PR #743, see #226 thread for details - 🤝 Compatibility with `meteor@1.10.2` - 📋 Documentation update to address issue described in #737, thanks to @menelike, @Lickshotz, @s-ol, and @jankapunkt
v1.14.2 - 🐞 Fix #742, thanks to @menelike and @jankapunkt - 🤓 Update *TypeScript* definitions, thanks to @OliverColeman PR #743, see #226 thread for details - 🤝 Compatibility with `meteor@1.10.2` - 📋 Documentation update to address issue described in #737, thanks to @menelike, @Lickshotz, @s-ol, and @jankapunkt
@menelike @jankapunkt thank you guys for investigation.
|
When piping audio files from S3 through Meteor-Files with
interceptDownload()
andserve()
the server crashed on some files withERR_HTTP_TRAILER_INVALID
from https://github.com/nodejs/node/blob/d01a06a916efd30844e1e0a38e79dc0054fc4451/lib/_http_outgoing.js#L458-L460 (tested on node12.6.1
).I think the reason for this is that on Status code
206
bothContent-Range
andTransfer-Encoding
are set, and if I am not mistaken they conflict. If I understand the specs correctly those are not allowed to be used together:https://github.com/VeliovGroup/Meteor-Files/blob/master/server.js#L242-L246
https://github.com/VeliovGroup/Meteor-Files/blob/master/server.js#L1840
My knowledge of HTTP headers is limited, hopefully, this gives you some clues @dr-dimitru .
My current workaround is to pass my own
responseHeaders()
without thecase 206
part.The text was updated successfully, but these errors were encountered: