diff options
| author | Farid AYOUJIL <faridtsl@users.noreply.github.com> | 2021-02-05 21:10:40 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-02-05 21:10:40 +0100 |
| commit | f72ce26326ea31d4bea8116e11c4c4f96b68639d (patch) | |
| tree | a5bc937906107d6807e4f25fe1d5d1ff5f3df124 /routers | |
| parent | 4457d0e8d9b09e7577242a8bc005ef9d43be4e8c (diff) | |
| download | gitea-f72ce26326ea31d4bea8116e11c4c4f96b68639d.tar.gz gitea-f72ce26326ea31d4bea8116e11c4c4f96b68639d.zip | |
Add Content-Length header to HEAD requests (#14542)
* Add Content-Length header to HEAD requests
This change adds the header Content-Length to HEAD HTTP requests.
The previous behaviour was blocking some Windows executables (i.e
bitsadmin.exe) from downloading files hosted in Gitea.
This along with PR #14541, makes the web server compliant with HTTP RFC 2616 which states
"The methods GET and HEAD MUST be supported by all general-purpose servers"
and
"The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response."
This should also respond to issues #8030 and #14532.
* This change adds the header Content-Length to HEAD HTTP requests
Pass the Size of the content as a parameter to ServeData() instead of
calculating it using ioutil.ReadAll(reader) --> this call is dangerous
and can result in a denial of service.
* Add Content-Length header to HEAD requests
Quick fix for imported dependency not used.
* Check if size is positiv int ...
Co-authored-by: zeripath <art27@cantab.net>
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/repo/attachment.go | 2 | ||||
| -rw-r--r-- | routers/repo/download.go | 11 |
2 files changed, 9 insertions, 4 deletions
diff --git a/routers/repo/attachment.go b/routers/repo/attachment.go index 5b699abc8d..5df9cdbf12 100644 --- a/routers/repo/attachment.go +++ b/routers/repo/attachment.go @@ -152,7 +152,7 @@ func GetAttachment(ctx *context.Context) { return } - if err = ServeData(ctx, attach.Name, fr); err != nil { + if err = ServeData(ctx, attach.Name, attach.Size, fr); err != nil { ctx.ServerError("ServeData", err) return } diff --git a/routers/repo/download.go b/routers/repo/download.go index f04dac6aa5..50f893690b 100644 --- a/routers/repo/download.go +++ b/routers/repo/download.go @@ -20,7 +20,7 @@ import ( ) // ServeData download file from io.Reader -func ServeData(ctx *context.Context, name string, reader io.Reader) error { +func ServeData(ctx *context.Context, name string, size int64, reader io.Reader) error { buf := make([]byte, 1024) n, err := reader.Read(buf) if err != nil && err != io.EOF { @@ -31,6 +31,11 @@ func ServeData(ctx *context.Context, name string, reader io.Reader) error { } ctx.Resp.Header().Set("Cache-Control", "public,max-age=86400") + if size >= 0 { + ctx.Resp.Header().Set("Content-Length", fmt.Sprintf("%d", size)) + } else { + log.Error("ServeData called to serve data: %s with size < 0: %d", name, size) + } name = path.Base(name) // Google Chrome dislike commas in filenames, so let's change it to a space @@ -76,7 +81,7 @@ func ServeBlob(ctx *context.Context, blob *git.Blob) error { } }() - return ServeData(ctx, ctx.Repo.TreePath, dataRc) + return ServeData(ctx, ctx.Repo.TreePath, blob.Size(), dataRc) } // ServeBlobOrLFS download a git.Blob redirecting to LFS if necessary @@ -105,7 +110,7 @@ func ServeBlobOrLFS(ctx *context.Context, blob *git.Blob) error { log.Error("ServeBlobOrLFS: Close: %v", err) } }() - return ServeData(ctx, ctx.Repo.TreePath, lfsDataRc) + return ServeData(ctx, ctx.Repo.TreePath, meta.Size, lfsDataRc) } return ServeBlob(ctx, blob) |