I'm having problems getting SharePoint 2010/IIS 7.5 to respect byte-range requests. I'm developing a SharePoint 2010 Web Part using Silverlight, and am trying to retrieve part of a document stored inside SharePoint.
When I request a byte range of a file in SharePoint, the server responds with the entire file. However, if I request the same byte range from a file sitting on an Apache server, everything works as expected. Below are the http headers observed with Fiddler.
Any help would be really appreciated! Thanks.
Sent:
GET http://example.com/file.abc HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://example.com/index.html
Accept-Encoding: identity
Range: bytes=1061285-1064594
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.127 Safari/533.4
Host: example.com
Connection: Keep-Alive
SharePoint also takes login credentials:
Authorization: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==
Received from Apache:
HTTP/1.1 206 Partial Content
Date: Wed, 25 Aug 2010 22:40:34 GMT
Server: Apache/2.0.54
Last-Modified: Fri, 20 Aug 2010 23:27:18 GMT
ETag: "b68e346-103ea9-a3c20180"
Accept-Ranges: bytes
Content-Length: 3310
Vary: User-Agent
Content-Range: bytes 1061285-1064594/1064617
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/x-zip
Received from SharePoint 2010 / IIS 7.5
HTTP/1.1 200 OK
Cache-Control: private,max-age=0
Content-Length: 1064617
Content-Type: application/octet-stream
Expires: Tue, 10 Aug 2010 22:40:56 GMT
Last-Modified: Wed, 25 Aug 2010 19:28:39 GMT
ETag: "{5A1DF927-D8CD-4BC0-9590-8188CF777A3D},1"
Server: Microsoft-IIS/7.5
SPRequestGuid: 99799011-5bdc-489f-99fd-d060a56d3ae4
Set-Cookie: WSS_KeepSessionAuthenticated={7703be10-bb56-4fa1-ba8b-cd05f482859f}; path=/
X-SharePointHealthScore: 5
ResourceTag: rt:5A1DF927-D8CD-4BC0-9590-8188CF777A3D#00000000001
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename=file.abc
X-Download-Options: noopen
Public-Extension: http://schemas.microsoft.com/repl-2
Set-Cookie: WSS_KeepSessionAuthenticated={7703be10-bb56-4fa1-ba8b-cd05f482859f}; path=/
Persistent-Auth: true
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.4762
Date: Wed, 25 Aug 2010 22:40:56 GMT
The problem is that SharePoint caching is off be default, and needs to be turned on to enable byte-range requests. See Disk-Based Caching for Binary Large Objects.
Note http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35.2:
"A server MAY ignore the Range header."
Thus whenever you are using a Range header you must be able to handle a 200 response. The fact that your server doesn't appear to support range serving is unfortunate, but conformant.
Related
Although this question should be trivial, I didn't success to enable browser caching on web google app engine java server.
I've try to put this kind of thing in my appengine-web.xml:
<static-files>
<include path="/**.cache.**" expiration="365d" />
...
but when I'm looking the response header I find this in local:
Content-Length: 196084
Cache-Control: public, max-age=31536000
Expires: Fri, 10 Jan 2014 19:40:45 GMT
Content-Type: image/png
Last-Modified: Tue, 18 Dec 2012 21:41:22 GMT
Server: Jetty(6.1.x)
Which is fine... but this in production environment:
HTTP/1.1 304 Not Modified
ETag: "RV4Bpg"
X-AppEngine-Estimated-CPM-US-Dollars: $0.000000
X-AppEngine-Resource-Usage: ms=109 cpu_ms=0
Date: Thu, 10 Jan 2013 19:41:20 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Server: Google Frontend
Which is definitively not what I want :(
Any idea ? something I've missed ?
[EDIT]
for not yet downloaded content, my browser receive the following header:
HTTP/1.1 200 OK
ETag: "RV4Bpg"
Date: Fri, 11 Jan 2013 12:50:50 GMT
Expires: Sat, 11 Jan 2014 12:50:50 GMT
Cache-Control: public, max-age=31536000
X-AppEngine-Estimated-CPM-US-Dollars: $0.000000
X-AppEngine-Resource-Usage: ms=3 cpu_ms=0
Date: Fri, 11 Jan 2013 12:50:50 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/png
Server: Google Frontend
Content-Length: 196084
Proxy-Connection: Keep-Alive
Connection: Keep-Alive
X-RBT-Optimized-By: eu-dcc-sh02 (RiOS 6.5.5b) SC
An ETag and several contradictory 'Expires' and 'Cache-Control' ...
Is there several way to configure caching policy ? Could it come from my ISP ? or a proxy ?
When you are logged in to a Google App Engine application as an administrator:
The X-AppEngine-* headers shown in your question are included.
The Cache-Control: no-cache, must-revalidate header is included, because the X-AppEngine-* headers are private and must not be cached.
This is hidden at the end of the Responses section at https://developers.google.com/appengine/docs/python/runtime#Responses, which says that:
Responses with resource usage statistics will be made uncacheable.
Yes, Cache-Control is off because reply is HTTP 304.
The problem is that your browser saved the ETag: http://en.wikipedia.org/wiki/HTTP_ETag
Now for every request for the same url/content, browser provides ETag and GAE replies with HTTP 304 Not Modified.
Try changing the resource (image) at this url, checking another url that you have not yet loaded in this browser or using another browser or computer altogether.
Also, this is relevant: What takes precedence: the ETag or Last-Modified HTTP header?
I am debugging js code on localhost and I need to prevent the caching of files by the browser. I can't use a timestamp appended to the url because it erases chrome debugger breakpoints.
Usually I don't have to refresh the cache, but everyone in a while I do. It is a large problem because I go searching elsewhere for the bugs. I added this code to apache some time ago:
<IfModule mod_headers.c>
Header add Expires "Sun, 19 Nov 1978 05:00:00 GMT"
Header add Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
</IfModule>
Can someone explain why Apache would mistake a file for valid or provide some additions to the configuration code that could fix this once and for all?
Headers using the solution below:
<IfModule mod_expires.c>
expiresActive On
ExpiresDefault "access plus 1 seconds"
ExpiresByType text/html "access plus 1 seconds"
ExpiresByType text/javascript "access plus 1 seconds"
ExpiresByType application/x-javascript "access plus 1 seconds"
</IfModule>
http://localhost/static/images/%d0%9a%d0%be%d0%bf%d0%b8%d1%8f%20logo_inner.png
GET /static/images/%d0%9a%d0%be%d0%bf%d0%b8%d1%8f%20logo_inner.png HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://localhost/static/images/
Cache-Control: max-age=0
HTTP/1.1 200 OK
Date: Sun, 23 Dec 2012 19:33:20 GMT
Server: Apache/2.2.22 (Ubuntu)
Last-Modified: Thu, 28 Jun 2012 17:32:51 GMT
Etag: "b3c27-f1f-4c38bb88d96c0"
Accept-Ranges: bytes
Content-Length: 3871
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: image/png
HTTP/1.1 200 OK
Date: Sun, 23 Dec 2012 19:33:54 GMT
Server: Apache/2.2.22 (Ubuntu)
Last-Modified: Thu, 28 Jun 2012 17:32:51 GMT
Etag: "b3c27-f1f-4c38bb88d96c0"
Accept-Ranges: bytes
Content-Length: 3871
Cache-Control: max-age=1
Expires: Sun, 23 Dec 2012 19:33:55 GMT
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/png
The second request:
http://localhost/static/images/%d0%9a%d0%be%d0%bf%d0%b8%d1%8f%20logo_inner.png
GET /static/images/%d0%9a%d0%be%d0%bf%d0%b8%d1%8f%20logo_inner.png HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://localhost/static/images/
If-Modified-Since: Thu, 28 Jun 2012 17:32:51 GMT
If-None-Match: "b3c27-f1f-4c38bb88d96c0"
Cache-Control: max-age=0
HTTP/1.1 304 Not Modified
Date: Sun, 23 Dec 2012 19:34:58 GMT
Server: Apache/2.2.22 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=15, max=99
Etag: "b3c27-f1f-4c38bb88d96c0"
Expires: Sun, 23 Dec 2012 19:34:59 GMT
Cache-Control: max-age=1
When delivering static files, Apache sends an ETag header, which is something like a checksum of the file. The browser will cache the file and remember the ETag, which is sent with the next request.
If the file changes the browser ETag should differ and the webserver should resend, when the etag is equal, the webserver will respond with 304 Not Modified. The ETag mechanism has a higher priority than other cache headers.
To disable etags you can use apaches
FileETag None
http://httpd.apache.org/docs/current/en/mod/core.html#fileetag
Wikipedia has a nice article about the Etag header
http://en.wikipedia.org/wiki/HTTP_ETag
Edit
This should be a waterproof configuration
FileETag None
<ifModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</ifModule>
Don't forget that configuration changes require a server restart to take effect.
sudo /etc/init.d/httpd restart
EDIT2
Wrap filesMatch around the configuration to disable caching for specific file extensions only
<filesMatch ".(php|js|css)$">
FileETag None
[..]
</filesMatch>
If i understand your requirement correctly you want the web browser to not remember anything about the webpage you are accessing and your apache web server should treat it like a fresh page request. You may first want to enable mod_expires and mod_headers , i use ubuntu so mine was
a2enmod headers && a2enmod expires && service apache2 restart
than you want to add below code to do minimum cache-control,
<IfModule mod_expires.c>
expiresActive On
ExpiresDefault "access plus 1 seconds"
ExpiresByType text/html "access plus 1 seconds"
ExpiresByType text/javascript "access plus 1 seconds"
ExpiresByType application/x-javascript "access plus 1 seconds"
</IfModule>
If you are using firefox you can test this by installing/running Live Http header Plugin or if you are linux/unix you can run this request with curl -v your_url
I'm trying to access the REST Disqus API using the following url:
http://disqus.com/api/3.0/threads/listPosts.json
?api_key=myKey
&forum=myForum
&thread:ident=myIdent
When I go to the url in Chrome, it works fine. When I try to download it in WebClient, I have difficulty:
WebClient data = new WebClient();
Uri queryUri = new Uri(DisqusQuery + ident, UriKind.Absolute);
data.DownloadStringCompleted += new DownloadStringCompletedEventHandler(onDownloadCompleted);
data.DownloadStringAsync(queryUri);
The DownloadStringCompletedEventArgs contain the following error:
{"The remote server returned an error: NotFound."}
at System.Net.Browser.ClientHttpWebRequest.InternalEndGetResponse(IAsyncResult asyncResult)
at System.Net.Browser.ClientHttpWebRequest.<>c__DisplayClass2.<EndGetResponse>b__1(Object sendState)
at System.Net.Browser.AsyncHelper.<>c__DisplayClass4.<BeginOnUI>b__1(Object sendState)
at System.Reflection.RuntimeMethodInfo.InternalInvoke(RuntimeMethoThe thread '<No Name>' (0xfc10086) has exited with code 0 (0x0).
What could I be doing wrong?
Update: Looking in Fiddler shows that the response is this:
HTTP/1.1 400 BAD REQUEST
Date: Sun, 28 Aug 2011 14:51:39 GMT
Server: Apache/2.2.14 (Ubuntu)
Vary: Cookie,Accept-Encoding
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Length: 68
Connection: close
Content-Type: application/json
X-Pad: avoid browser bug
{"code": 11, "response": "Your API key is not valid on this domain"}
Here is the response when the request is from Chrome Incognito (not logged in to disqus):
HTTP/1.1 200 OK
Date: Mon, 29 Aug 2011 17:00:29 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Ratelimit-Remaining: 1000
Content-Encoding: gzip
Vary: Cookie,Accept-Encoding
X-Ratelimit-Limit: 1000
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
X-Ratelimit-Reset: 1314640800
Content-Length: 3120
Connection: close
Content-Type: application/json
/* expected JSON response */
Update 2: The above error is using my public key. Using the secret key results in:
HTTP/1.1 403 FORBIDDEN
Date: Sun, 28 Aug 2011 20:40:32 GMT
Server: Apache/2.2.14 (Ubuntu)
Vary: Cookie,Accept-Encoding
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: close
Transfer-Encoding: chunked
Content-Type: application/json
2a
{"code": 5, "response": "Invalid API key"}
0
FIX:
Add something similar to the following line to your HttpRequest:
client.Headers[HttpRequestHeader.Referer] = "http://mywebsite.com";
Longer Description:
The problem has to do with the way Windows Phone is setting the HTTP Referer header.
When running the successful request from the browser address bar, Fiddler showed me this:
GET /api/3.0/forums/listPosts.json?forum=disqus&api_key=jRml... HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate, peerdist
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; Zune 4.7; InfoPath.3; MS-RTC LM 8)
Connection: Keep-Alive
Host: disqus.com
Cookie: disqus_unique=...
X-P2P-PeerDist: Version=1.0
When I examined the request sent by Silverlight in Fiddler, I saw the following:
GET /api/3.0/forums/listPosts.json?forum=disqus&api_key=jRml... HTTP/1.1
Accept: */*
Referer: file:///Applications/Install/9036AAF3-F213-4CFB-B57E-576A05E1896D/Install/
Accept-Encoding: identity
User-Agent: NativeHost
Host: disqus.com
Connection: Keep-Alive
By removing the Referer header and resubmitting via Fiddler, the query worked as I expected! So... all you need to do is manually set the HTTP Referer header to something you control (rather than letting Silverlight do it for you) and you should be good to go.
Oh - and also make sure you're using your public key, not the secret key.
/ck
Looks like the browser is getting additional info like username or something: X-User: anon:182210122933. This is missing when WebClient gets its response back. I guess this has something todo with the fact that you are logged in in the browser or that you have a typo in your api key.
Another interesting pointroject for you would be a library like http://disqussharp.codeplex.com/ which handles authentication most of the time.
Good luck!
I have a django-nonrel app running in Google App Engine and am wanting all the content to be gzipped.
I keep reading that GAE automatically gzips the content but when I check the headers using Firefox's web developer toolbar I get the following result:
Via: 1.1 TL-ISA1
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Transfer-Encoding: chunked
Expires: Thu, 09 Dec 2010 12:23:46 GMT
Date: Thu, 09 Dec 2010 12:23:46 GMT
Content-Type: text/html; charset=utf-8
Etag: "463ad22512f09050f76a291c11d9746d"
Server: Google Frontend
Last-Modified: Thu, 09 Dec 2010 12:23:46 GMT
Cache-Control: max-age=0
200 OK
I was expecting to see Content-Encoding: gzip, but since it is not there, my assumption is that the content is not being gzipped as it should.
Am I missing something? For example, do I need to do something extra if I am using django-nonrel?
Just to add, I am new to Web development - so don't be afraid to patronise. Thanks
Gzip should work out of the box, you are probably requesting the page through a proxy.
I'd like to access to a web application which requires spnego authentification.
This application is running on a network on which i'm connected by VPN connection. Proxy not used.
It works fine under IE6/7/8, Chrome but not firefox 3.6.13
The matter on firefox is: I don't have the prompt message box to enter username and password
To configure my FF, i applied the following instructions, adding the domain name to the trusted and delegation uris fields.
Trying to access to the application, i get the following error message:
A browser did not respond to authentication challenge sent by a server.
Most probably your browser is not configured properly to handle SPNEGO authentication challenge or does not support SPNEGO.
Please, contact your System Administrator to deal with the problem.
Using TCPMon to get an overview of the informations received:
GET /AppName HTTP/1.1
Host: app.domain:8182
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729; .NET4.0E)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: JSESSIONID=6E058E24D9E1873C80B14C56EC59B1E4
GET /AppName/ HTTP/1.1
Host: app.domain:8182
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729; .NET4.0E)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: JSESSIONID=6E058E24D9E1873C80B14C56EC59B1E4
GET /AppName/logon HTTP/1.1
Host: app.domain:8182
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729; .NET4.0E)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: JSESSIONID=6E058E24D9E1873C80B14C56EC59B1E4
HTTP/1.1 302 Déplacé Temporairement
Server: Apache-Coyote/1.1
Location: http://app.domain:8182/AppName/
Transfer-Encoding: chunked
Date: Tue, 14 Dec 2010 16:16:28 GMT
0
HTTP/1.1 302 Déplacé Temporairement
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181417)/JBossWeb-2.0
Location: http://app.domain:8182/AppName/logon
Content-Type: text/html
Content-Length: 0
Date: Tue, 14 Dec 2010 16:16:28 GMT
HTTP/1.1 401 Non-Autorisé
Server: Apache-Coyote/1.1
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 01:00:00 CET
WWW-Authenticate: Negotiate
Connection: close
Content-Type: text/html
Transfer-Encoding: chunked
Date: Tue, 14 Dec 2010 16:16:28 GMT
4b9
I've checked for the other browsers and i got the same informations.
Do someone have an idea why FF can't interprete it, prompt a dialog box or enter the application ?
Thanks in advance for any help.
Best regards.