Opened 4 years ago
Closed 4 years ago
#2066 closed defect (invalid)
When proxying 204 responses with a Transfer-Encoding body, the body is not decoded but the header is dropped
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-module | Version: | 1.19.x |
| Keywords: | proxy | Cc: | |
| uname -a: | Linux nginx-ingress-controller-lgckg 5.3.0-1036-gke #38-Ubuntu SMP Sun Sep 6 05:59:13 UTC 2020 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.15.10
built by gcc 8.3.0 (Debian 8.3.0-5) built with OpenSSL 1.1.1b 26 Feb 2019 TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --modules-path=/etc/nginx/modules --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_sub_module --with-http_v2_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --with-http_secure_link_module --with-http_gunzip_module --with-file-aio --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module --without-http_uwsgi_module --without-http_scgi_module --with-cc-opt='-g -Og -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wno-deprecated-declarations -fno-strict-aliasing -D_FORTIFY_SOURCE=2 --param=ssp-buffer-size=4 -DTCP_FASTOPEN=23 -fPIC -I/root/.hunter/_Base/2c5c6fc/1daf6c5/92161a9/Install/include -Wno-cast-function-type -m64 -mtune=native' --with-ld-opt='-fPIE -fPIC -pie -Wl,-z,relro -Wl,-z,now -L/root/.hunter/_Base/2c5c6fc/1daf6c5/92161a9/Install/lib' --user=www-data --group=www-data --add-module=/tmp/build/ngx_devel_kit-0.3.1rc1 --add-module=/tmp/build/set-misc-nginx-module-0.32 --add-module=/tmp/build/headers-more-nginx-module-0.33 --add-module=/tmp/build/nginx-http-auth-digest-274490cec649e7300fea97fed13d84e596bbc0ce --add-module=/tmp/build/ngx_http_substitutions_filter_module-bc58cb11844bc42735bbaef7085ea86ace46d05b --add-module=/tmp/build/lua-nginx-module-fd90f4e8252e9d06419317fdf525b55c65e15a50 --add-module=/tmp/build/stream-lua-nginx-module-0.0.6rc5 --add-module=/tmp/build/lua-upstream-nginx-module-0.07 --add-module=/tmp/build/nginx-influxdb-module-0e2cb6cbf850a29c81e44be9e33d9a15d45c50e8 --add-dynamic-module=/tmp/build/nginx-opentracing-0.8.0/opentracing --add-dynamic-module=/tmp/build/ModSecurity-nginx-fc061a57a8b0abda79b17cbe103d78db803fa575 --add-dynamic-module=/tmp/build/ngx_http_geoip2_module-3.2 --add-module=/tmp/build/nginx_ajp_module-bf6cd93f2098b59260de8d494f0f4b1f11a84627 --add-module=/tmp/build/ngx_brotli |
||
Description
While proxying from Server to Client through an nginx proxy_pass,
if Server returns this response :
HTTP/1.1 204 No Content Transfer-Encoding: chunked 0
it is forwarded to the client as
HTTP/1.1 204 No Content 0
--
The problem is that the Transfer-Encoding header is stripped, but the body is not decoded at all.
I'm not an HTTP specialist, and I'm not exactly sure whether or not the initial 204 response with an "empty but chunked" body is valid ; however the response returned by nginx eventually is definitely invalid and makes some client crash (most notably the standard Node library will crash on this 204 with body response)
Note:
See TracTickets
for help on using tickets.
The original upstream server response is certainly is invalid: there should be no body in 204 responses, see RFC 7230:
So it is basically a 204 response with a meaningless
Transfer-Encoding: chunked, followed by a garbage0. The response as returned by nginx in your tests is similarly invalid, as the garbage data are forwarded to the client.In nginx 1.19.1 and newer, the garbage data will be discarded, and an appropriate warning will be logged to the error log. If you prefer this behaviour, consider upgrading.
Note well that regardless of what nginx does with the response, the upstream server in question returns an invalid response and needs to be fixed.