core
/
gitea
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add Content-Length header to HEAD requests (#14542) 

* Add Content-Length header to HEAD requests

This change adds the header Content-Length to HEAD HTTP requests.

The previous behaviour was blocking some Windows executables (i.e
bitsadmin.exe) from downloading files hosted in Gitea.

This along with PR #14541, makes the web server compliant with HTTP RFC 2616 which states
"The methods GET and HEAD MUST be supported by all general-purpose servers"
and
"The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response."

This should also respond to issues #8030 and #14532.

* This change adds the header Content-Length to HEAD HTTP requests

Pass the Size of the content as a parameter to ServeData() instead of
calculating it using ioutil.ReadAll(reader) --> this call is dangerous
and can result in a denial of service.

* Add Content-Length header to HEAD requests

Quick fix for imported dependency not used.

* Check if size is positiv int ...

Co-authored-by: zeripath <art27@cantab.net>
This commit is contained in:
Farid AYOUJIL 2021-02-05 21:10:40 +01:00 committed by GitHub
parent 4457d0e8d9
commit f72ce26326
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
routers/repo/attachment.go
View File

@ -152,7 +152,7 @@ func GetAttachment(ctx *context.Context) {
return
}
if err = ServeData(ctx, attach.Name, fr); err != nil {
if err = ServeData(ctx, attach.Name, attach.Size, fr); err != nil {
ctx.ServerError("ServeData", err)
return
}

11
routers/repo/download.go
View File

@ -20,7 +20,7 @@ import (
)
// ServeData download file from io.Reader
func ServeData(ctx *context.Context, name string, reader io.Reader) error {
func ServeData(ctx *context.Context, name string, size int64, reader io.Reader) error {
buf := make([]byte, 1024)
n, err := reader.Read(buf)
if err != nil && err != io.EOF {
@ -31,6 +31,11 @@ func ServeData(ctx *context.Context, name string, reader io.Reader) error {
}
ctx.Resp.Header().Set("Cache-Control", "public,max-age=86400")
if size >= 0 {
ctx.Resp.Header().Set("Content-Length", fmt.Sprintf("%d", size))
} else {
log.Error("ServeData called to serve data: %s with size < 0: %d", name, size)
}
name = path.Base(name)
// Google Chrome dislike commas in filenames, so let's change it to a space
@ -76,7 +81,7 @@ func ServeBlob(ctx *context.Context, blob *git.Blob) error {
}
}()
return ServeData(ctx, ctx.Repo.TreePath, dataRc)
return ServeData(ctx, ctx.Repo.TreePath, blob.Size(), dataRc)
}
// ServeBlobOrLFS download a git.Blob redirecting to LFS if necessary
@ -105,7 +110,7 @@ func ServeBlobOrLFS(ctx *context.Context, blob *git.Blob) error {
log.Error("ServeBlobOrLFS: Close: %v", err)
}
}()
return ServeData(ctx, ctx.Repo.TreePath, lfsDataRc)
return ServeData(ctx, ctx.Repo.TreePath, meta.Size, lfsDataRc)
}
return ServeBlob(ctx, blob)