gziphandler icon indicating copy to clipboard operation
gziphandler copied to clipboard
verified publisher icon nytimes

Vary: Accept-encoding header is duplicated if inner handler sets it

Open austin-searchpilot opened this issue 6 years ago • 2 comments

If the inner HTTP handler sets a Vary: Accept-Encoding header, then as the gzip middleware will always add in the same header, the output will have two identical headers.

Here is a failing test case:

func TestEnsureVaryHeaderNoDuplicate(t *testing.T) {
	handler := GzipHandler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.Header().Add(vary, acceptEncoding)
		w.Write([]byte("test"))
		w.(io.Closer).Close()
	}))

	req := httptest.NewRequest("GET", "/", nil)
	req.Header.Set(acceptEncoding, "gzip")
	w := httptest.NewRecorder()
	handler.ServeHTTP(w, req)
	assert.Equal(t, w.Header()[vary], []string{acceptEncoding})
}

I don't think the HTTP spec explicitly disallows you from having the same key/value appearing twice in the headers but it feels tidier to only have one instance of it.

austin-searchpilot avatar Sep 12 '19 17:09 austin-searchpilot

I'm not sure there's a great way to fix this because technically the gziphandler package is adding the header BEFORE your inner handler, so technically your inner handler should be checking if the header already exists like so:


// if something else already set Vary: Accept-Encoding, don't set it twice
if !strings.Contains(w.Header().Get(vary), acceptEncoding) {
    w.Header().Add(vary, acceptEncoding)
}

jameshartig avatar Jan 22 '20 16:01 jameshartig

Get() only returns the first element of a slice. Have to iterate over the slice. Also use canonical values.

func AddVary(w http.ResponseWriter, value string) {
	value = textproto.CanonicalMIMEHeaderKey(value)
	for _, v := range w.Header()["Vary"] {
		if textproto.CanonicalMIMEHeaderKey(v) == value {
			return
		}
	}
	w.Header().Add("Vary", value)
}

renthraysk avatar Jan 26 '20 13:01 renthraysk