Welcome! Log In Create A New Profile

Advanced

400 bad requests now returning http headers? ( crossdomain.xml )

Posted by Thaxll 
Hi,

I'm using Nginx to serve a file called crossdomain.xml, that file is used by
Flash client to allow socket crossdomain Policy. It's a trick that many
people are using instead of having a dedicated app to server that file. The
trick is to return that xml file when nginx get a bad request. Since a
recent version ( 1.4.7+ ) it seems that a bad request replies include HTTP
headers and therefore breaking the Flash client ( instead of returning only
the data without headers ). Is there a way to remove those headers? Also I
searched in the changelog and didn't find any hints about that change?

Example: perl -e 'printf "<policy-file-request/>%c",0' | nc test.com 843

HTTP/1.1 400 Bad Request
Server: nginx
Date: Tue, 10 Jun 2014 18:44:00 GMT
Content-Type: text/xml
Content-Length: 308
Connection: close
ETag: "5385f727-134"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">;
<cross-domain-policy>
<allow-access-from domain="*" secure="false" to-ports="*"/>
<site-control permitted-cross-domain-policies="master-only" />
</cross-domain-policy>

Regards,

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,250772,250772#msg-250772

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Hello!

On Tue, Jun 10, 2014 at 02:49:58PM -0400, Thaxll wrote:

> Hi,
>
> I'm using Nginx to serve a file called crossdomain.xml, that file is used by
> Flash client to allow socket crossdomain Policy. It's a trick that many
> people are using instead of having a dedicated app to server that file. The
> trick is to return that xml file when nginx get a bad request. Since a
> recent version ( 1.4.7+ ) it seems that a bad request replies include HTTP
> headers and therefore breaking the Flash client ( instead of returning only
> the data without headers ). Is there a way to remove those headers? Also I
> searched in the changelog and didn't find any hints about that change?

Quote from http://nginx.org/en/CHANGES, changes with nginx 1.5.5:

*) Change: now nginx assumes HTTP/1.0 by default if it is not able to
detect protocol reliably.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Hi Maxim,

Thank you for the quick reply, I guess there is no workaround for that
problem? It isn't possible to remove headers or specify a dummy protocol for
Nginx?

Thank you,

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,250772,250776#msg-250776

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Hello!

On Tue, Jun 10, 2014 at 04:07:28PM -0400, Thaxll wrote:

> Hi Maxim,
>
> Thank you for the quick reply, I guess there is no workaround for that
> problem? It isn't possible to remove headers or specify a dummy protocol for
> Nginx?

I don't think there is anything that can be done at the
configuration level. On the other hand, it should be more or less
trivial to write a module to force nginx to think the protocol was
HTTP/0.9 and to respond accordingly.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Maxim Dounin Wrote:
-------------------------------------------------------
> Hello!
>
> On Tue, Jun 10, 2014 at 04:07:28PM -0400, Thaxll wrote:
>
> > Hi Maxim,
> >
> > Thank you for the quick reply, I guess there is no workaround for
> that
> > problem? It isn't possible to remove headers or specify a dummy
> protocol for
> > Nginx?
>
> I don't think there is anything that can be done at the
> configuration level. On the other hand, it should be more or less
> trivial to write a module to force nginx to think the protocol was
> HTTP/0.9 and to respond accordingly.
>
> --
> Maxim Dounin
> http://nginx.org/
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


Found a one solution Max?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,250772,250870#msg-250870

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Hello,
this is possible too late but may useful

I have'nt found any solution
and just recompiled the Nginx with a little patch

i've changed file ./src/http/ngx_http_request.c

in function ngx_http_create_request:

r->http_version = NGX_HTTP_VERSION_10

to

r->http_version = NGX_HTTP_VERSION_9

this may ugly but now working as expected

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,250772,277525#msg-277525

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login