Messages

1

Programmers corner / Re: HTTP Header Size Problem

« on: August 17, 2018, 10:18:46 AM »

New version 2.3m has been installed and

Code: [Select]

[+download]
{.remove header|ETag.}
{.remove header|Set-cookie.}
has been added to hfs.events.

It works perfectly now.

Thanks a lot for this very fast fix.

Regards,
Lothar

2

Programmers corner / HTTP Header Size Problem

« on: August 14, 2018, 01:09:33 PM »

Hallo Forum,

so far I used HFS version 2.2f as a simple binary file server.
If HFS got an HTTP-Request /GET/update.bin, the HTTP-Response Header was

HTTP / 1.1 200 OK
Content-Type: application / octet-stream
Content Length: 75470
Accept-Ranges: bytes
Content-Disposition: attachment; filename = "update.bin";
Last-Modified: Fri, 08 Sep 2017 09:39:43 GMT

For security reasons I wanted to update HFS to the current version.
But version 2.3k now answers with:

HTTP / 1.1 200 OK
Content-Type: application / octet-stream
Content Length: 75470
Accept-Ranges: bytes
Set-Cookie: HFS_SID_ = 0.818251500837505; path = /; HttpOnly
ETag: B0772E23A80C880E27639CEF62C2F1A1
Last-Modified: Fri, 08 Sep 2017 09:39:43 GMT
Content-Disposition: attachment; filename = "update.bin";

That's nearly 100 bytes more information which my (embedded) system does not need and unfortunately creates a buffer overflow because I only provided a 256 bytes buffer for HTTP-Response. The whole HTTP header will be dropped off immediately.

Is there an easy way to turn off Set-Cookie and ETag?

And if not, ist there an security reason not to use 2.2f any longer?

Regards,
Lothar