open-build-service icon indicating copy to clipboard operation
open-build-service copied to clipboard

Published 20 hours ago verified publisher icon openSUSE

OBS cannot handle payloads send with Transfer-Encoding: chunked

Open dcermak opened this issue 5 years ago • 3 comments

Issue Description

When sending a PUT request to OBS with the header Transfer-Encoding: chunked instead of a know content-length, OBS will choke on the payload and respond with a rather puzzling: Document is empty, not allowed for #{schema_file}.

Expected Result

OBS should either accept chunked payloads, as some application frameworks (e.g. nodejs' http.request) use that by default or it should respond with an error message that indicates the actual error.

How to Reproduce

  1. Launch mini-obs from https://github.com/openSUSE/openSUSE-release-tools
  2. create a new user
  3. run:
$ curl --user $USER:$PASSWORD -H "Transfer-Encoding: chunked" -H "Content-Type:application/octet-stream" -X PUT "http://localhost:8080/source/home:$USER:test/_meta" -d "<project name='home:$USER:test'>
  <title>Test Project</title>
  <description>Test project for UI tests</description>
</project>
"
<status code="validation_failed">
  <summary>Document is empty, not allowed for project</summary>
</status>
  1. on the other hand this works:
$ curl --user $USER:$PASSWORD -H "Content-Type:application/octet-stream" -X PUT "http://localhost:8080/source/home:$USER:test/_meta" -d "<project name='home:$USER:test'>
  <title>Test Project</title>
  <description>Test project for UI tests</description>
</project>
"
<status code="validation_failed">
  <summary>Document is empty, not allowed for project</summary>
</status>

Wireshark reveals that the difference between the two requests is the different Transfer-Encoding and the resulting missing Content-Length field when using chunked transfers. It appears that the HTTP parser cannot decode the chunk size field and assumes that the payload is nothing, resulting in the error emitted by this piece of code: https://github.com/openSUSE/open-build-service/blob/da963324ccdf7483b1e142b4fbd437350b8d9760/src/api/lib/opensuse/validator.rb#L94-L98

dcermak avatar Apr 02 '20 16:04 dcermak

@mlschroe Do you maybe have an idea what could be the culprit here?

dcermak avatar Apr 14 '20 17:04 dcermak

No clue, sorry. This does not reach the backend, it must be some problem on the rails side.

mlschroe avatar Jun 24 '20 13:06 mlschroe

@adrianschroeter you got an idea what could be the issue here?

dcermak avatar Jun 26 '20 12:06 dcermak