100-continue and 401
nginx at lukaperkov.net
Wed Mar 20 09:15:27 UTC 2013
On Tue, Mar 19, 2013 at 05:09:38PM +0000, Nick Kew wrote:
> On 19 Mar 2013, at 12:31, Luka Perkov wrote:
> > I'm using nginx as a frontend for my SCGI application and I want to
> > $ curl -v -X POST -d "@/path/to/some/blob" http://127.0.0.1:8000/
> > * About to connect() to 127.0.0.1 port 8000 (#0)
> > * Trying 127.0.0.1...
> > * Connected to 127.0.0.1 (127.0.0.1) port 8000 (#0)
> >> POST / HTTP/1.1
> >> User-Agent: curl/7.29.0
> >> Host: 127.0.0.1:8000
> >> Accept: */*
> >> Content-Length: 3398
> >> Content-Type: application/x-www-form-urlencoded
> >> Expect: 100-continue
> That's OK.
> > < HTTP/1.1 100 Continue
> > < HTTP/1.1 401 Unauthorized
> That's not OK. It would need at least a blank line between
> those two to make an intermediate and a final response
> (without that it's broken).
If I add blank line before sending "401 Unauthorized" I end up with
$ curl -v -X POST -d "@/path/to/some/blob" http://127.0.0.1:8000/
* About to connect() to 127.0.0.1 port 8000 (#0)
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8000 (#0)
> POST / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 127.0.0.1:8000
> Accept: */*
> Cookie: queue=bla
> Content-Length: 3398
> Content-Type: application/x-www-form-urlencoded
> Expect: 100-continue
< HTTP/1.1 100 Continue
< HTTP/1.1 200 OK
< Server: nginx/1.3.14
< Date: Wed, 20 Mar 2013 09:05:18 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
Status: 401 Unauthorized
WWW-Authenticate: Basic realm="freeacs-ng"
And that is not what I want ;)
> The server should also wait for the payload it's just invited,
> but perhaps the client didn't wait before sending it?
Well, as far as I understand nginx can send SCGI request only after it
got the entire post body. And in order to get the post body it needs to
send "100 Continue"...
> > < WWW-Authenticate: Basic realm="bla-bla-bla"
> That's OK so long as it sends the (chunked) response promised.
> > * HTTP error before end of send, stop sending
> > <
> > * Closing connection 0
> … but the client thinks it didn't. Whoops!
I can make tcpdump captures if that would help...
> How much of those responses are being generated by your app?
> I'd expect the server to take care of protocol issues like the
> intermediate response and chunked encoding - unless your app
> disables it!
I would like that my SCGI daemon is in charge of user authorization
which will be performed based on HTTP authorization header.
Is that possible? And if yes what response should the SCGI daemon send?
More information about the nginx-devel