go-httpbin icon indicating copy to clipboard operation
go-httpbin copied to clipboard
verified publisher icon mccutchen

compat: `/response-headers` endpoint missing headers

Open sonbui00 opened this issue 2 years ago • 7 comments

I got a different response.

Original
 curl https://httpbin.org/response-headers\?access_token\=faketoken\&token_type\=Bearer   
{
  "Content-Length": "128", 
  "Content-Type": "application/json", 
  "access_token": "faketoken", 
  "token_type": "Bearer"
}

go-httpbin
 curl http://httpbin:9100/response-headers\?access_token\=faketoken\&token_type\=Bearer  
{
  "access_token": [
    "faketoken"
  ],
  "token_type": [
    "Bearer"
  ]
}

sonbui00 avatar Aug 07 '23 03:08 sonbui00

I still think this is worth fixing, at least in part. Copying and lightly adapting a comment I left on the reporter's abandoned attempt to fix this issue:

If we're aiming for compatibility, it's worth exploring what the original httpbin's behavior is in weird circumstances? Like, what happens with a request like /response-headers?Content-Length=999999999? I think we need some test coverage for at least that edge case, to codify whatever behavior we decide on.

Turns out, the behavior is interesting (TLS-related noise elided below):

$ curl -v --http1.1 'https://httpbin.org/response-headers?Content-Type=text/plain&Content-Length=99999'
*   Trying 54.210.149.139:443...
* Connected to httpbin.org (54.210.149.139) port 443 (#0)
> GET /response-headers?Content-Type=text/plain&Content-Length=99999 HTTP/1.1
> Host: httpbin.org
> User-Agent: curl/8.1.2
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Mon, 07 Aug 2023 22:40:24 GMT
< Content-Type: text/plain
< Content-Length: 99999
< Connection: keep-alive
< Server: gunicorn/19.9.0
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Credentials: true
< 
{
  "Content-Length": [
    "122", 
    "99999"
  ], 
  "Content-Type": [
    "application/json", 
    "text/plain"
  ]
}
* transfer closed with 99877 bytes remaining to read
* Closing connection 0
curl: (18) transfer closed with 99877 bytes remaining to read

I can convince myself that letting the incoming request to this specific endpoint dictate the actual Content-Length of the response could be useful for testing weird behavior in HTTP client or proxy code, so I'd be in favor of matching the Python implementation there.

Note that there's a weird chicken/egg problem with the output from original httpbin above: It has the correct final Content-Length value as the first item under that key in the response JSON, but … how could it compute the accurate content length of the response without serializing the whole thing, including the final value for Content-Length?

I'm probably overthinking it or missing something comically obvious, but it turns out their implementation of this endpoint is a weird loop, presumably to solve this problem?

mccutchen avatar Aug 15 '23 19:08 mccutchen