[JBoss JIRA] (WFLY-11558) Content-Type header is not set in HTTP response for directory resource in servlet directory-listing feature
by Jan Stourac (Jira)
[ https://issues.jboss.org/browse/WFLY-11558?page=com.atlassian.jira.plugin... ]
Jan Stourac updated WFLY-11558:
-------------------------------
Description:
[DefaultServlet|https://github.com/undertow-io/undertow/blob/master/servle...] does not set Content-Type HTTP header in response for the directory resource when directory-listing feature is enabled.
As browsers apparently try to guess appropriate Content-Type of the downloaded resource, this problem is not spotted unless in combination with [X-Content-Type-Options|https://developer.mozilla.org/en-US/docs/Web/HTTP/...] header is present in the HTTP response too. This header effectively discourages browser to guess the Content-Type of the resource.
Output for directory-listing request in attached reproducer [^helloworld-html5.war]:
{code}
$ curl -v http://127.0.0.1:8080/helloworld-html5/css/ >/dev/null
* Trying 127.0.0.1...
* TCP_NODELAY set
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> GET /helloworld-html5/css/ HTTP/1.1
> Host: 127.0.0.1:8080
> User-Agent: curl/7.59.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Connection: keep-alive
< Content-Length: 824
< Date: Fri, 04 Jan 2019 14:32:46 GMT
<
{ [824 bytes data]
100 824 100 824 0 0 804k 0 --:--:-- --:--:-- --:--:-- 804k
* Connection #0 to host 127.0.0.1 left intact
{code}
Notice that there is no Content-Type header in HTTP response.
was:
[DefaultServlet|https://github.com/undertow-io/undertow/blob/master/servle...] does not set Content-Type HTTP header in response for the directory resource when directory-listing feature is enabled.
As browsers apparently try to guess appropriate Content-Type of the downloaded resource, this problem is not spotted unless in combination with [X-Content-Type-Options|https://developer.mozilla.org/en-US/docs/Web/HTTP/...] header is present in the HTTP response too. This header effectively discourages browser to guess the Content-Type of the resource.
Output for directory-listing request in attached reproducer [^helloworld-html5.war]:
{code}
$ curl -v http://127.0.0.1:8080/helloworld-html5/css/ >/dev/null
* Trying 127.0.0.1...
* TCP_NODELAY set
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> GET /helloworld-html5/css/ HTTP/1.1
> Host: 127.0.0.1:8080
> User-Agent: curl/7.59.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Connection: keep-alive
< Content-Length: 824
< Date: Fri, 04 Jan 2019 14:32:46 GMT
<
{ [824 bytes data]
100 824 100 824 0 0 804k 0 --:--:-- --:--:-- --:--:-- 804k
* Connection #0 to host 127.0.0.1 left intact
{code}
> Content-Type header is not set in HTTP response for directory resource in servlet directory-listing feature
> -----------------------------------------------------------------------------------------------------------
>
> Key: WFLY-11558
> URL: https://issues.jboss.org/browse/WFLY-11558
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Affects Versions: 15.0.0.Final
> Reporter: Jan Stourac
> Assignee: Stuart Douglas
> Priority: Major
> Attachments: helloworld-html5.war
>
>
> [DefaultServlet|https://github.com/undertow-io/undertow/blob/master/servle...] does not set Content-Type HTTP header in response for the directory resource when directory-listing feature is enabled.
> As browsers apparently try to guess appropriate Content-Type of the downloaded resource, this problem is not spotted unless in combination with [X-Content-Type-Options|https://developer.mozilla.org/en-US/docs/Web/HTTP/...] header is present in the HTTP response too. This header effectively discourages browser to guess the Content-Type of the resource.
> Output for directory-listing request in attached reproducer [^helloworld-html5.war]:
> {code}
> $ curl -v http://127.0.0.1:8080/helloworld-html5/css/ >/dev/null
> * Trying 127.0.0.1...
> * TCP_NODELAY set
> % Total % Received % Xferd Average Speed Time Time Time Current
> Dload Upload Total Spent Left Speed
> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> > GET /helloworld-html5/css/ HTTP/1.1
> > Host: 127.0.0.1:8080
> > User-Agent: curl/7.59.0
> > Accept: */*
> >
> < HTTP/1.1 200 OK
> < Connection: keep-alive
> < Content-Length: 824
> < Date: Fri, 04 Jan 2019 14:32:46 GMT
> <
> { [824 bytes data]
> 100 824 100 824 0 0 804k 0 --:--:-- --:--:-- --:--:-- 804k
> * Connection #0 to host 127.0.0.1 left intact
> {code}
> Notice that there is no Content-Type header in HTTP response.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 5 months
[JBoss JIRA] (DROOLS-3474) Create HTML and CSS for List/Map data objects
by Amy Glass (Jira)
Amy Glass created DROOLS-3474:
---------------------------------
Summary: Create HTML and CSS for List/Map data objects
Key: DROOLS-3474
URL: https://issues.jboss.org/browse/DROOLS-3474
Project: Drools
Issue Type: Story
Components: Scenario Simulation and Testing
Reporter: Amy Glass
Assignee: Sarah Rambacher
Provide HTML and CSS for the designs in Drools-3098.
Will first provide HTML structure, and follow up with CSS styling.
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 5 months
[JBoss JIRA] (WFLY-11559) Content-Type header is not set in HTTP response for directory resource in servlet directory-listing feature
by Jan Stourac (Jira)
Jan Stourac created WFLY-11559:
----------------------------------
Summary: Content-Type header is not set in HTTP response for directory resource in servlet directory-listing feature
Key: WFLY-11559
URL: https://issues.jboss.org/browse/WFLY-11559
Project: WildFly
Issue Type: Bug
Components: Web (Undertow)
Affects Versions: 15.0.0.Final
Reporter: Jan Stourac
Assignee: Stuart Douglas
[DefaultServlet|https://github.com/undertow-io/undertow/blob/master/servle...] does not set Content-Type HTTP header in response for the directory resource when directory-listing feature is enabled.
As browsers apparently try to guess appropriate Content-Type of the downloaded resource, this problem is not spotted unless in combination with [X-Content-Type-Options|https://developer.mozilla.org/en-US/docs/Web/HTTP/...] header is present in the HTTP response too. This header effectively discourages browser to guess the Content-Type of the resource.
Output for directory-listing request in attached reproducer [^helloworld-html5.war]:
{code}
$ curl -v http://127.0.0.1:8080/helloworld-html5/css/ >/dev/null
* Trying 127.0.0.1...
* TCP_NODELAY set
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> GET /helloworld-html5/css/ HTTP/1.1
> Host: 127.0.0.1:8080
> User-Agent: curl/7.59.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Connection: keep-alive
< Content-Length: 824
< Date: Fri, 04 Jan 2019 14:32:46 GMT
<
{ [824 bytes data]
100 824 100 824 0 0 804k 0 --:--:-- --:--:-- --:--:-- 804k
* Connection #0 to host 127.0.0.1 left intact
{code}
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 5 months
[JBoss JIRA] (WFLY-11558) Content-Type header is not set in HTTP response for directory resource in servlet directory-listing feature
by Jan Stourac (Jira)
[ https://issues.jboss.org/browse/WFLY-11558?page=com.atlassian.jira.plugin... ]
Jan Stourac updated WFLY-11558:
-------------------------------
Description:
[DefaultServlet|https://github.com/undertow-io/undertow/blob/master/servle...] does not set Content-Type HTTP header in response for the directory resource when directory-listing feature is enabled.
As browsers apparently try to guess appropriate Content-Type of the downloaded resource, this problem is not spotted unless in combination with [X-Content-Type-Options|https://developer.mozilla.org/en-US/docs/Web/HTTP/...] header is present in the HTTP response too. This header effectively discourages browser to guess the Content-Type of the resource.
Output for directory-listing request in attached reproducer [^helloworld-html5.war]:
{code}
$ curl -v http://127.0.0.1:8080/helloworld-html5/css/ >/dev/null
* Trying 127.0.0.1...
* TCP_NODELAY set
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> GET /helloworld-html5/css/ HTTP/1.1
> Host: 127.0.0.1:8080
> User-Agent: curl/7.59.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Connection: keep-alive
< Content-Length: 824
< Date: Fri, 04 Jan 2019 14:32:46 GMT
<
{ [824 bytes data]
100 824 100 824 0 0 804k 0 --:--:-- --:--:-- --:--:-- 804k
* Connection #0 to host 127.0.0.1 left intact
{code}
was:
DefaultServlet does not set Content-Type HTTP header in response for the directory resource when directory-listing feature is enabled.
As browsers apparently try to guess appropriate Content-Type of the downloaded resource, this problem is not spotted unless in combination with [X-Content-Type-Options|https://developer.mozilla.org/en-US/docs/Web/HTTP/...] header is present in the HTTP response too. This header effectively discourages browser to guess the Content-Type of the resource.
Output for directory-listing request in attached reproducer [^helloworld-html5.war]:
{code}
$ curl -v http://127.0.0.1:8080/helloworld-html5/css/ >/dev/null
* Trying 127.0.0.1...
* TCP_NODELAY set
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> GET /helloworld-html5/css/ HTTP/1.1
> Host: 127.0.0.1:8080
> User-Agent: curl/7.59.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Connection: keep-alive
< Content-Length: 824
< Date: Fri, 04 Jan 2019 14:32:46 GMT
<
{ [824 bytes data]
100 824 100 824 0 0 804k 0 --:--:-- --:--:-- --:--:-- 804k
* Connection #0 to host 127.0.0.1 left intact
{code}
> Content-Type header is not set in HTTP response for directory resource in servlet directory-listing feature
> -----------------------------------------------------------------------------------------------------------
>
> Key: WFLY-11558
> URL: https://issues.jboss.org/browse/WFLY-11558
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Affects Versions: 15.0.0.Final
> Reporter: Jan Stourac
> Assignee: Stuart Douglas
> Priority: Major
> Attachments: helloworld-html5.war
>
>
> [DefaultServlet|https://github.com/undertow-io/undertow/blob/master/servle...] does not set Content-Type HTTP header in response for the directory resource when directory-listing feature is enabled.
> As browsers apparently try to guess appropriate Content-Type of the downloaded resource, this problem is not spotted unless in combination with [X-Content-Type-Options|https://developer.mozilla.org/en-US/docs/Web/HTTP/...] header is present in the HTTP response too. This header effectively discourages browser to guess the Content-Type of the resource.
> Output for directory-listing request in attached reproducer [^helloworld-html5.war]:
> {code}
> $ curl -v http://127.0.0.1:8080/helloworld-html5/css/ >/dev/null
> * Trying 127.0.0.1...
> * TCP_NODELAY set
> % Total % Received % Xferd Average Speed Time Time Time Current
> Dload Upload Total Spent Left Speed
> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> > GET /helloworld-html5/css/ HTTP/1.1
> > Host: 127.0.0.1:8080
> > User-Agent: curl/7.59.0
> > Accept: */*
> >
> < HTTP/1.1 200 OK
> < Connection: keep-alive
> < Content-Length: 824
> < Date: Fri, 04 Jan 2019 14:32:46 GMT
> <
> { [824 bytes data]
> 100 824 100 824 0 0 804k 0 --:--:-- --:--:-- --:--:-- 804k
> * Connection #0 to host 127.0.0.1 left intact
> {code}
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 5 months
[JBoss JIRA] (WFLY-11558) Content-Type header is not set in HTTP response for directory resource in servlet directory-listing feature
by Jan Stourac (Jira)
[ https://issues.jboss.org/browse/WFLY-11558?page=com.atlassian.jira.plugin... ]
Jan Stourac updated WFLY-11558:
-------------------------------
Forum Reference: https://developer.jboss.org/thread/279393
> Content-Type header is not set in HTTP response for directory resource in servlet directory-listing feature
> -----------------------------------------------------------------------------------------------------------
>
> Key: WFLY-11558
> URL: https://issues.jboss.org/browse/WFLY-11558
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Affects Versions: 15.0.0.Final
> Reporter: Jan Stourac
> Assignee: Stuart Douglas
> Priority: Major
> Attachments: helloworld-html5.war
>
>
> DefaultServlet does not set Content-Type HTTP header in response for the directory resource when directory-listing feature is enabled.
> As browsers apparently try to guess appropriate Content-Type of the downloaded resource, this problem is not spotted unless in combination with [X-Content-Type-Options|https://developer.mozilla.org/en-US/docs/Web/HTTP/...] header is present in the HTTP response too. This header effectively discourages browser to guess the Content-Type of the resource.
> Output for directory-listing request in attached reproducer [^helloworld-html5.war]:
> {code}
> $ curl -v http://127.0.0.1:8080/helloworld-html5/css/ >/dev/null
> * Trying 127.0.0.1...
> * TCP_NODELAY set
> % Total % Received % Xferd Average Speed Time Time Time Current
> Dload Upload Total Spent Left Speed
> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> > GET /helloworld-html5/css/ HTTP/1.1
> > Host: 127.0.0.1:8080
> > User-Agent: curl/7.59.0
> > Accept: */*
> >
> < HTTP/1.1 200 OK
> < Connection: keep-alive
> < Content-Length: 824
> < Date: Fri, 04 Jan 2019 14:32:46 GMT
> <
> { [824 bytes data]
> 100 824 100 824 0 0 804k 0 --:--:-- --:--:-- --:--:-- 804k
> * Connection #0 to host 127.0.0.1 left intact
> {code}
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 5 months
[JBoss JIRA] (WFLY-11558) Content-Type header is not set in HTTP response for directory resource in servlet directory-listing feature
by Jan Stourac (Jira)
[ https://issues.jboss.org/browse/WFLY-11558?page=com.atlassian.jira.plugin... ]
Jan Stourac updated WFLY-11558:
-------------------------------
Steps to Reproduce:
# unzip wildfly and start: {{./bin/standalone.sh}}
# connect to CLI: {{./bin/jboss-cli.sh -c}}
# deploy attached simple war app with example directory - [^helloworld-html5.war]
# enable directory-listing:
{code}
/subsystem=undertow/servlet-container=default:write-attribute(name=directory-listing,value=true)
reload
{code}
# perform request via browser to {{http://localhost:8080/helloworld-html5/css}} - page is rendered correctly with js and css styles downloaded properly
# configure X-Content-Type-Options header and enable directory-listing
{code}
/subsystem=undertow/configuration=filter/response-header=x-content:add(header-name=X-Content-Type-Options,header-value=nosniff)
/subsystem=undertow/server=default-server/host=default-host/filter-ref=x-content:add()
{code}
# perform same request again and see that js and css styles have not been downloaded due to the css directory resource has been rendered as a raw text instead of html code.
was:
# unzip wildfly and start: {{./bin/standalone.sh}}
# connect to CLI: {{./bin/jboss-cli.sh -c}}
# deploy attached simple war app with example directory - [^helloworld-html5.war]
# enable directory-listing:
{code}
/subsystem=undertow/servlet-container=default:write-attribute(name=directory-listing,value=true)
reload
{code}
# perform request via browser to {{http://localhost:8080/helloworld-html5/css}} - page is rendered correctly with js and css styles downloaded properly by server
# configure X-Content-Type-Options header and enable directory-listing
{code}
/subsystem=undertow/configuration=filter/response-header=x-content:add(header-name=X-Content-Type-Options,header-value=nosniff)
/subsystem=undertow/server=default-server/host=default-host/filter-ref=x-content:add()
{code}
# perform same request again and see that js and css styles have not been downloaded due to the css directory resource has been rendered as a raw text instead of html code.
> Content-Type header is not set in HTTP response for directory resource in servlet directory-listing feature
> -----------------------------------------------------------------------------------------------------------
>
> Key: WFLY-11558
> URL: https://issues.jboss.org/browse/WFLY-11558
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Affects Versions: 15.0.0.Final
> Reporter: Jan Stourac
> Assignee: Stuart Douglas
> Priority: Major
> Attachments: helloworld-html5.war
>
>
> DefaultServlet does not set Content-Type HTTP header in response for the directory resource when directory-listing feature is enabled.
> As browsers apparently try to guess appropriate Content-Type of the downloaded resource, this problem is not spotted unless in combination with [X-Content-Type-Options|https://developer.mozilla.org/en-US/docs/Web/HTTP/...] header is present in the HTTP response too. This header effectively discourages browser to guess the Content-Type of the resource.
> Output for directory-listing request in attached reproducer [^helloworld-html5.war]:
> {code}
> $ curl -v http://127.0.0.1:8080/helloworld-html5/css/ >/dev/null
> * Trying 127.0.0.1...
> * TCP_NODELAY set
> % Total % Received % Xferd Average Speed Time Time Time Current
> Dload Upload Total Spent Left Speed
> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> > GET /helloworld-html5/css/ HTTP/1.1
> > Host: 127.0.0.1:8080
> > User-Agent: curl/7.59.0
> > Accept: */*
> >
> < HTTP/1.1 200 OK
> < Connection: keep-alive
> < Content-Length: 824
> < Date: Fri, 04 Jan 2019 14:32:46 GMT
> <
> { [824 bytes data]
> 100 824 100 824 0 0 804k 0 --:--:-- --:--:-- --:--:-- 804k
> * Connection #0 to host 127.0.0.1 left intact
> {code}
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 5 months
[JBoss JIRA] (WFLY-11558) Content-Type header is not set in HTTP response for directory resource in servlet directory-listing feature
by Jan Stourac (Jira)
Jan Stourac created WFLY-11558:
----------------------------------
Summary: Content-Type header is not set in HTTP response for directory resource in servlet directory-listing feature
Key: WFLY-11558
URL: https://issues.jboss.org/browse/WFLY-11558
Project: WildFly
Issue Type: Bug
Components: Web (Undertow)
Affects Versions: 15.0.0.Final
Reporter: Jan Stourac
Assignee: Stuart Douglas
Attachments: helloworld-html5.war
DefaultServlet does not set Content-Type HTTP header in response for the directory resource when directory-listing feature is enabled.
As browsers apparently try to guess appropriate Content-Type of the downloaded resource, this problem is not spotted unless in combination with [X-Content-Type-Options|https://developer.mozilla.org/en-US/docs/Web/HTTP/...] header is present in the HTTP response too. This header effectively discourages browser to guess the Content-Type of the resource.
Output for directory-listing request in attached reproducer [^helloworld-html5.war]:
{code}
$ curl -v http://127.0.0.1:8080/helloworld-html5/css/ >/dev/null
* Trying 127.0.0.1...
* TCP_NODELAY set
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
> GET /helloworld-html5/css/ HTTP/1.1
> Host: 127.0.0.1:8080
> User-Agent: curl/7.59.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Connection: keep-alive
< Content-Length: 824
< Date: Fri, 04 Jan 2019 14:32:46 GMT
<
{ [824 bytes data]
100 824 100 824 0 0 804k 0 --:--:-- --:--:-- --:--:-- 804k
* Connection #0 to host 127.0.0.1 left intact
{code}
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
5 years, 5 months