-
-
Notifications
You must be signed in to change notification settings - Fork 853
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UI - 304 'Not Modified' cached handling causes some requests to fail, can affect reverse-proxies #2053
Comments
curl also complains when I mimic the 304 request directly without using a reverse proxy: curl -vvv 'http://localhost:5000/static/images/gradient-border.png' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0' -H 'Accept: image/avif,image/webp,*/*' -H 'Accept-Language: de,en-US;q=0.7,en;q=0.3' -H 'Accept-Encoding: gzip, deflate, br' -H 'Connection: keep-alive' -H 'If-Modified-Since: Wed, 20 Dec 2023 14:34:01 GMT' -H 'If-None-Match: "1703082841.0-21990-1682970004"' -H 'TE: trailers'
Edit: apparently the |
thanks for the nice report.. yeah interesting, it seems to be (atleast in your screenshot) only the static assets right? and only images.. These are served here changedetection.io/changedetectionio/flask_app.py Line 1239 in 3d1e102
what's interesting is that requesting static assets leaves a not amazing
even tho there's no real specific caching setup there |
To be open, I dont know anything about caddy and I wont be installing caddy to figure it out (i dont have the time) although I'm happy to work people on this if they provide more debug info, one thing you can try is google something like 'flask caddy python zero content length' or something? |
The problem is that caddy and traefik are both using the go standard library which tends to follow the spec very closely:
The presence of any kind of body triggers the error. curl seems to be a bit more lenient and only logs it as warning:
My previous curl example should be enough to reproduce this warning without any kind of reverse proxy setup. |
but running your curl command gives me a
no 304, always 200 |
I dont understand what you're trying to say here - I can see that the application always returns 200, I never see 304. |
Most likely because the date values in the header fields of my example are too old now to trigger a 304 response in the backend. I derived the example from the network tab in Firefox by copying the curl command for a request that yielded a 304 response. All curl related tests were done without caddy. |
If I make a request that yields the response
And I take the values from that response, and make another curl request which should set the right headers, I can trigger
and then monitor it with tcpdump/wireshark, I can see is that what this comes down to? |
Exactly. You can compare it with e.g. curl -vvv http://httpstat.us/304 |
yeah ok... so it means something like https://stackoverflow.com/questions/3811595/flask-werkzeug-how-to-attach-http-content-length-header-to-file-download hmmm but |
So yeah, if I change the response to
it still doesnt show the |
googling something like |
I think that
So the output would describe an empty chunk:
This smells like an upstream issue. |
Could you try it with the https://tedboy.github.io/flask/interface_api.useful_funcs.html#flask.send_file |
same output..
maybe when they added |
yes, however things like screenshots should be security/access limited |
Can you derive a minimal reproducible example from this? That would be enough to raise an issue at https://github.com/pallets/flask/issues |
@bt90 actually |
@bt90 pallets/werkzeug#2392 :-) is this the same ? |
Sounds related, but shouldn't that fix already be part of the version used by changedetection? I just noticed that flask dropped the 3.0.0 release in September. Should we test with this version combined with the latest werkzeug release before creating an issue? On the other hand, it's a new major release and I have no idea how much work that means for you... Also: Sorry to waste your time on such minor issues 😅 |
@bt90 i'm unable to replicate this bug outside of changedetection.io , could you try this repo and tell me if you can tweak the headers and make the bug appear? https://github.com/dgtlmoon/flask-304-modified-extra-in-reply-test |
@bt90 yes, see the repo https://github.com/dgtlmoon/flask-304-modified-extra-in-reply-test , we need to find out why it happens in this repo, but not that test repo |
@bt90 found it!!! when i added the |
This issue has certainly been a fun ride 😆 |
they are talking about |
@bt90 @Constantin1489 #2029 might be a workaround |
yeah I think trying a gunicorn or gevent branch could be the way here (or it will add more issues :-) ) |
@dgtlmoon thanks for your detective work. Filled eventlet/eventlet#862 and blatantly stole your Wireshark screenshot 😉 |
No probs, a wireshark screenshot is worth a thousand words :-) added you as a collab on that 304 test repo |
Hmm i can't seem to get the example to switch to chunked transfer encoding.
|
added the |
That solved it. I can reproduce it now:
|
Potential fix: eventlet/eventlet#747 |
** TLDR; ** Looks like an upstream bug that causes this, scroll to bottom
Describe the bug
I'm running changedetection with caddy as a reverse proxy. While the UI is perfectly usable, I am getting some errors in the browser's network tab and also in caddy's logs:
The issue seems to have been reported previously as #1977, but with little to no information on how to reproduce it or what exactly the problem is.
The error message itself comes from the go standard library used by caddy, and is an indication that the backend (in this case changedetection) is violating the HTTP spec as described in golang/go#19895 (comment)
I have only been able to reproduce this with the browser cache enabled. My guess is that the handling of 304 responses is the culprit here. The backend sets the
content-length: 0
header. If any content is passed anyway, this would trigger the error.Version
v0.45.9
To Reproduce
Groups
andSettings
with the browser cache enabledExpected behavior
No errors.
Desktop
The text was updated successfully, but these errors were encountered: