#12544 closed (fixed)
Bogus If-Modified-Since header causes 500 in django.views.static.serve
Reported by: | Antti Kaihola | Owned by: | nobody |
---|---|---|---|
Component: | HTTP handling | Version: | dev |
Severity: | Keywords: | static | |
Cc: | Triage Stage: | Accepted | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | yes |
Easy pickings: | no | UI/UX: | no |
Description
Every now and then I get requests with a bogus If-Modified-Since
header like
If-Modified-Since: Fri, 34 Feb 3118 24:34:19 GMT
These cause a server error.
Since invalid dates are most certainly only used by malicious clients, it would probably be safe to respond with a "not modified" HTTP response.
Attachments (2)
Change History (9)
by , 15 years ago
Attachment: | 12544-handle-bogus-if-modified-since-r12117.diff added |
---|
comment:1 by , 15 years ago
Has patch: | set |
---|
The patch fixes the server error by responding with "not modified" to requests with a bogus If-Modified-Since
value. It also adds test cases for If-Modified-Since
values
- which are earlier than the mtime of the file
- which are later than the mtime of the file
- which are invalid
comment:2 by , 15 years ago
On a second thought, I haven't checked what RFCs say about handling bogus timestamps, and maybe it would be wiser to respond with "has been modified" just in case there are legitimate broken clients out there. Thoughts?
comment:3 by , 15 years ago
Checked the RFC:
a) If the request would normally result in anything other than a 200 (OK) status, or if the passed If-Modified-Since date is invalid, the response is exactly the same as for a normal GET. A date which is later than the server's current time is invalid.
Fixed patch upcoming...
by , 15 years ago
Attachment: | 12544-handle-bogus-if-modified-since-r12117.2.diff added |
---|
Fixed to comply with RFC 2616 section 14.25
comment:4 by , 15 years ago
Triage Stage: | Unreviewed → Accepted |
---|
comment:5 by , 14 years ago
Patch needs improvement: | set |
---|
The patch doesn't work for me, e.g. mktime_tz doesn't raise an OverflowError for me.
comment:6 by , 14 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Fix and tests: handle bogus If-Modified-Since headers gracefully