I'm receiving inbox via pop3 using JavaMail (1.5.0). One of the servers sends the wrong-formated content-type string. There is encoding added after boundaries. It looks like:
Content-Type: multipart/mixed;
boundary="=_NextPart_2rfkindysadvnqw3nerasdf";koi8-r
It causes an error on parsing:
javax.mail.internet.ParseException: Expected '=', got "null" at
javax.mail.internet.ParameterList.<init>(ParameterList.java:250) at
javax.mail.internet.ContentType.<init>(ContentType.java:114) at
javax.mail.internet.MimeMultipart.parse(MimeMultipart.java:580) at
javax.mail.internet.MimeMultipart.getCount(MimeMultipart.java:325)
Is there any possible way to correct mail stream before actual parsing?
I've tried to compile sourses of the library to extend the functionality but this is not as easy as it should be (not sure where to settle bugfix).
See the description of the mail.mime.contenttypehandler property in the javadocs for the javax.mail.internet package. That allows you to write a class that cleans up the Content-Type value before JavaMail uses it.
And of course you should report this bogus header to either the server vendor or more likely the vendor of the mailer that created the message.
Related
I am writing an ISAPI Extension on Windows 10 using VS 2017 and regular C.
It works great but now I am having trouble with error handling. I am purposely encountering an error to make sure the error message is correct. When the client app (not a browser) and IIS are on the same machine I get my expected error message. When I connect to a copy on another pc, I get the IIS generic html for the 500 status.
Here is where I generate the header:
// Send HTTP headers
SendHttpHeaders(pECB, "500 Internal Server Error", "Content-Type: text/plain\r\n\r\n");
SendHttpHeaders is my wrapper function for sending the headers. I s
Here are the last two lines of code:
pECB->dwHttpStatusCode = HTTP_STATUS_SERVER_ERROR;
return HSE_STATUS_ERROR;
Why am I not getting my custom message?
Unless IIS is configured otherwise, detailed error messages are only shown to browsers connecting from localhost.
While the linked post describes how to control this behaviour, note that this blocking is intended as a security feature, and (as they mention) depending on your site implementation, this can expose internal details to public view when error conditions are triggered (i.e. ones you are not expecting to make use of this behaviour, such as from a bug). This may or may not be a security concern depending on your operating environment (eg. public internet vs corporate intranet), data sensitivity, etc.
After connecting to a server, I need to use the GET command to get all the information from it. I am, for some reason, not allowed to put \r\n after my get command, so the command I'm sending to the server is something like GET http://somethingrandom.com HTTP/1.0.
After sending the request to the address, I do not receive the same output that a normal GET from a terminal would:
To be more specific, I receive the following information:
The http status
Some odd data:
Date
Server
Last-Modified
ETag
Accept-Ranges
Content-Length
Vary
Connection
Content-Type
I think that the role of \r\n is to exactly ignore that information. (In this example the extra <head> tag information). If it has something to do with my code(most probably) I'll provide it afterwards.
The first command you use on the terminal is actually the program GET which does a proper HTTP request using the Perl LWP library and gives you the response back. The HTTP/1.0 at the end of the command you gave is actually ignored because only the URL is expected. Thus GET is similar to curl or wget. You can even call GET --help for the exact usage.
The thing you are trying do in C is to deal with HTTP without any library. In this case you have to properly read and parse the response, i.e. exactly the thing which GET, curl or wget commands do for you if you use these commands. To do this properly you need to understand the HTTP protocol first. While HTTP/1.0 is not the latest standard I recommend to study this first because it is the simplest one and it is still accepted by web servers. See RFC 1945 for the standard.
From reading the standard you will see, that there is a HTTP response header and body, delimited by \r\n. Thus, you need to take the information from the header in order to interpret the body properly. In the simplest case you can just strip the header.
I'm trying to send JSON HTTP request from Google App Engine application and retrieve response, and while this works great locally, it suddenly breaks when I deploy it to GAE.
To be more precise, the HTTP response body that is returned to my application ends up looking like this instead of being simple JSON:
�\bD�[��8��ʖϣ�M�M$ �\\�bA` #!r���~pvk�cR]�_7E�
I did find one set of circumstances where I get correct response on GAE which might give some insight at this behavior - if the response doesn't have content-type header it goes through fine, but as soon as there is content-encoding header set to "gzip" present I get the incorrect garbage above as a response body.
Unfortunately I don't have control over the service I'm calling. So the only choice I have is to fix this somehow on my side, but to fix it I'm trying to understand the difference between what Google does to response. Does anyone know?
I understand that Google does some things to HTTP traffic. Is it forcing gzip on my responses as well?
I've also tried playing with encodings, trying to read response as utf-8, and setting utf-8 as default encoding for my GAE application as recommended here, but with no effect. I've ruled out incorrect processing of response in my code or anything I'm using, at least I think so, otherwise I'd have the same problems locally. I'm trying to understand what exactly is happening with hope that this will give me some idea how to prevent it.
EDIT: I figured it out and did a workaround but it's still a workaround, not a solution. So my GAE app calls another web service from outside GAE which sometimes gzips response and sometimes doesn't. If it does, GAE strips away content-type header from response, thus preventing my app from correctly decoding response body. My workaround so far is to get response bytes and test if response is valid JSON, unzipping it manually if it isn't. Would still want to know if stripping content-type can be prevented...
As explained at https://cloud.google.com/appengine/kb/#compression , the application should not supply the content-encoding header: "Google App Engine does its best to serve gzipped content to browsers that support it. Taking advantage of this scheme is automatic and requires no modifications to applications".
I believe that the origin of this architecture (that content encoding is not controlled by the application side of things -- on App Engine, your application code -- but by the server/gateway side) originated with WSGI, the Python standard interface of applications to web servers/gateways (which App Engine uses on the Python runtime), but the architecture makes enough sense that we generalized it -- as the above page puts it, "This approach avoids some well-known bugs with gzipped content in popular browsers.".
The client is far from powerless, and in fact, if it so chooses, can control the content encoding -- still quoting, "To force gzipped content to be served, clients may supply 'gzip' as the value of both the Accept-Encoding and User-Agent request headers. Content will never be gzipped if no Accept-Encoding header is present.".
I need to send a multipart document to a server. IT seems however that the server expects the boundary to be a specific sequence "********". If I use multipart request, it seems to default to something else even when I add a request header.
That is indeed missing in the current version of Codename One (didn't expect people would need functionality like this).
We will add a setBoundary(String) method for the next update in 3 weeks or so.
Iam writing a C program to interact with HTTPs server. Server is expecting the data without
any assignments(Ex: normally a request can be "https://xz.aspx?name=google" where as is it
possible to send the name "https://xz.aspx?google"). Currently server is getting an entry
log for my request but not able to fetch request data.
1.Is it possible to send a value with out assignment?
2.Will .net look for default assignments?
3.Is there anything else to probe?
The data you're sending is just whatever you put in the query part of the request-uri in the HTTP request.
That data can be almost anything you like (as long as it is using letters that are valid according to RFC2616). The "assignments" concept is not something HTTP knows or uses, it is just a common way for clients and servers to deal with the data.
so... Yes, you can send a value "without assignment" with curl. Weather the receiver will like it or understand it is a completely different matter.