yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1299095] [NEW] Location header is set on HTTP 200

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dave Walker <davewalker@xxxxxxxxxx>
Date: Fri, 28 Mar 2014 16:36:08 -0000
Reply-to: Bug 1299095 <1299095@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Public bug reported:

Glance seems to be setting the http header of Location, when no redirect
is intended.  The contents of the Location field are equal to that of
the request.

I haven't been able to work out the reasoning of this, but it has
extended consqences of some webstacks and proxies seeing the Location
field, and turning it into a 302 (which glanceclient et al then follows,
causing a redirect loop).

Is this Location field used for anything meaningful?

To contrast, another Project has seen similar behavior here:
http://bitten.edgewall.org/ticket/607

Their interpenetration of RFC 2616 §14.30  is such that Glance's
behavior is incompatible with the RFC.

As example:

>From Glance running directly:
$ curl -i -X HEAD -H 'X-Auth-Token: a2dbc60c0b7641578215f4fb814ab33f' -H 'Content-Type: application/octe
t-stream' -H 'User-Agent: python-glanceclient' http://{REDACTED}/v1/images/2db2f647-866c-4cb8-8bf3-
646d20f6ee4c
HTTP/1.0 200 OK
Date: Fri, 28 Mar 2014 12:52:40 GMT
Server: WSGIServer/0.1 Python/2.7.3
Content-Type: text/html; charset=UTF-8
Content-Length: 0
x-image-meta-property-ramdisk_id: 401ec901-b01d-4bc7-96fb-660143a6d456
x-image-meta-id: 2db2f647-866c-4cb8-8bf3-646d20f6ee4c
x-image-meta-deleted: False
x-image-meta-container_format: ami
x-image-meta-checksum: f8a2eeee2dc65b3d9b6e63678955bd83
x-image-meta-protected: False
x-image-meta-min_disk: 0
x-image-meta-created_at: 2013-12-05T10:54:02
x-image-meta-size: 25165824
x-image-meta-status: active
x-image-meta-is_public: True
x-image-meta-min_ram: 0
x-image-meta-property-kernel_id: ff846cac-e6f6-49fc-a44e-69be33462c5b
x-image-meta-owner: e72df10b1afb49d2979d75bd00074365
x-image-meta-updated_at: 2013-12-05T10:54:02
x-image-meta-disk_format: ami
x-image-meta-name: cirros-0.3.1-x86_64-uec
Location: http://{REDACTED}/v1/images/2db2f647-866c-4cb8-8bf3-646d20f6ee4c
ETag: f8a2eeee2dc65b3d9b6e63678955bd83
x-openstack-request-id: req-77053d34-51f9-41b6-8ab1-d9693fc751d4

>From Glance running behind apache+fcgid+flup:
$ curl -i \
>              -X HEAD \
>              -H 'X-Auth-Token: a2dbc60c0b7641578215f4fb814ab33f' \
>              -H 'Content-Type: application/octet-stream' \
>              -H 'User-Agent: python-glanceclient' http://{REDACTED}/v1/images/2db2f647-866c-4cb8-8bf3-646d20f6ee4c
HTTP/1.1 302 Found
Date: Fri, 28 Mar 2014 12:58:28 GMT
Server: Apache
X-MS-Unique-Id: UzVx9ArGan4AACOJHOQAAAAF
x-image-meta-property-ramdisk_id: 401ec901-b01d-4bc7-96fb-660143a6d456
x-image-meta-id: 2db2f647-866c-4cb8-8bf3-646d20f6ee4c
x-image-meta-deleted: False
x-image-meta-container_format: ami
x-image-meta-checksum: f8a2eeee2dc65b3d9b6e63678955bd83
x-image-meta-protected: False
x-image-meta-min_disk: 0
x-image-meta-created_at: 2013-12-05T10:54:02
x-image-meta-size: 25165824
x-image-meta-status: active
x-image-meta-is_public: True
x-image-meta-min_ram: 0
x-image-meta-property-kernel_id: ff846cac-e6f6-49fc-a44e-69be33462c5b
x-image-meta-owner: e72df10b1afb49d2979d75bd00074365
x-image-meta-updated_at: 2013-12-05T10:54:02
x-image-meta-disk_format: ami
x-image-meta-name: cirros-0.3.1-x86_64-uec
ETag: f8a2eeee2dc65b3d9b6e63678955bd83
x-openstack-request-id: req-f0506f3d-c510-4a3f-9464-a37c82513811
Location: http://{REDACTED}/v1/images/2db2f647-866c-4cb8-8bf3-646d20f6ee4c
Content-Type: text/html; charset=iso-8859-1

** Affects: glance
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1299095

Title:
  Location header is set on HTTP 200

Status in OpenStack Image Registry and Delivery Service (Glance):
  New

Bug description:
  Glance seems to be setting the http header of Location, when no
  redirect is intended.  The contents of the Location field are equal to
  that of the request.

  I haven't been able to work out the reasoning of this, but it has
  extended consqences of some webstacks and proxies seeing the Location
  field, and turning it into a 302 (which glanceclient et al then
  follows, causing a redirect loop).

  Is this Location field used for anything meaningful?

  To contrast, another Project has seen similar behavior here:
  http://bitten.edgewall.org/ticket/607

  Their interpenetration of RFC 2616 §14.30  is such that Glance's
  behavior is incompatible with the RFC.

  As example:

  From Glance running directly:
  $ curl -i -X HEAD -H 'X-Auth-Token: a2dbc60c0b7641578215f4fb814ab33f' -H 'Content-Type: application/octe
  t-stream' -H 'User-Agent: python-glanceclient' http://{REDACTED}/v1/images/2db2f647-866c-4cb8-8bf3-
  646d20f6ee4c
  HTTP/1.0 200 OK
  Date: Fri, 28 Mar 2014 12:52:40 GMT
  Server: WSGIServer/0.1 Python/2.7.3
  Content-Type: text/html; charset=UTF-8
  Content-Length: 0
  x-image-meta-property-ramdisk_id: 401ec901-b01d-4bc7-96fb-660143a6d456
  x-image-meta-id: 2db2f647-866c-4cb8-8bf3-646d20f6ee4c
  x-image-meta-deleted: False
  x-image-meta-container_format: ami
  x-image-meta-checksum: f8a2eeee2dc65b3d9b6e63678955bd83
  x-image-meta-protected: False
  x-image-meta-min_disk: 0
  x-image-meta-created_at: 2013-12-05T10:54:02
  x-image-meta-size: 25165824
  x-image-meta-status: active
  x-image-meta-is_public: True
  x-image-meta-min_ram: 0
  x-image-meta-property-kernel_id: ff846cac-e6f6-49fc-a44e-69be33462c5b
  x-image-meta-owner: e72df10b1afb49d2979d75bd00074365
  x-image-meta-updated_at: 2013-12-05T10:54:02
  x-image-meta-disk_format: ami
  x-image-meta-name: cirros-0.3.1-x86_64-uec
  Location: http://{REDACTED}/v1/images/2db2f647-866c-4cb8-8bf3-646d20f6ee4c
  ETag: f8a2eeee2dc65b3d9b6e63678955bd83
  x-openstack-request-id: req-77053d34-51f9-41b6-8ab1-d9693fc751d4

  From Glance running behind apache+fcgid+flup:
  $ curl -i \
  >              -X HEAD \
  >              -H 'X-Auth-Token: a2dbc60c0b7641578215f4fb814ab33f' \
  >              -H 'Content-Type: application/octet-stream' \
  >              -H 'User-Agent: python-glanceclient' http://{REDACTED}/v1/images/2db2f647-866c-4cb8-8bf3-646d20f6ee4c
  HTTP/1.1 302 Found
  Date: Fri, 28 Mar 2014 12:58:28 GMT
  Server: Apache
  X-MS-Unique-Id: UzVx9ArGan4AACOJHOQAAAAF
  x-image-meta-property-ramdisk_id: 401ec901-b01d-4bc7-96fb-660143a6d456
  x-image-meta-id: 2db2f647-866c-4cb8-8bf3-646d20f6ee4c
  x-image-meta-deleted: False
  x-image-meta-container_format: ami
  x-image-meta-checksum: f8a2eeee2dc65b3d9b6e63678955bd83
  x-image-meta-protected: False
  x-image-meta-min_disk: 0
  x-image-meta-created_at: 2013-12-05T10:54:02
  x-image-meta-size: 25165824
  x-image-meta-status: active
  x-image-meta-is_public: True
  x-image-meta-min_ram: 0
  x-image-meta-property-kernel_id: ff846cac-e6f6-49fc-a44e-69be33462c5b
  x-image-meta-owner: e72df10b1afb49d2979d75bd00074365
  x-image-meta-updated_at: 2013-12-05T10:54:02
  x-image-meta-disk_format: ami
  x-image-meta-name: cirros-0.3.1-x86_64-uec
  ETag: f8a2eeee2dc65b3d9b6e63678955bd83
  x-openstack-request-id: req-f0506f3d-c510-4a3f-9464-a37c82513811
  Location: http://{REDACTED}/v1/images/2db2f647-866c-4cb8-8bf3-646d20f6ee4c
  Content-Type: text/html; charset=iso-8859-1

To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1299095/+subscriptions
Follow ups

[Bug 1299095] Re: Location header is set on HTTP 200
From: Thierry Carrez, 2014-06-11
[Bug 1299095] [NEW] Location header is set on HTTP 200
From: Dave Walker, 2014-03-28
References

[Bug 1299095] [NEW] Location header is set on HTTP 200
From: Dave Walker, 2014-03-28