Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Different response content-type when including -I

From: Toon Claes via curl-users <curl-users_at_cool.haxx.se>
Date: Wed, 08 Jan 2020 16:08:43 +0100

Hi,

I was debugging a content-type issue I was having in my application, and
I noticed something weird. Let me demonstrate:

On my server there's a file names 'avatar.png', but in fact the file
contains "Hello world", in plain text.

To fetch the file I'm seeing different behavior when I use the -I
command line param and when I don't. See the output below:

curl -v https://broken-avatars-one.gogitlab.ml/uploads/-/system/user/avatar/1/avatar.png
  * Trying 35.205.109.182:443...
  * TCP_NODELAY set
  * Connected to broken-avatars-one.gogitlab.ml (35.205.109.182) port 443 (#0)
  * ALPN, offering h2
  * ALPN, offering http/1.1
  * successfully set certificate verify locations:
  * CAfile: none
    CApath: /etc/ssl/certs
  * TLSv1.3 (OUT), TLS handshake, Client hello (1):
  * TLSv1.3 (IN), TLS handshake, Server hello (2):
  * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  * TLSv1.3 (IN), TLS handshake, Certificate (11):
  * TLSv1.3 (IN), TLS handshake, CERT verify (15):
  * TLSv1.3 (IN), TLS handshake, Finished (20):
  * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  * TLSv1.3 (OUT), TLS handshake, Finished (20):
  * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  * ALPN, server accepted to use h2
  * Server certificate:
  * subject: CN=broken-avatars-one.gogitlab.ml
  * start date: Dec 6 08:39:36 2019 GMT
  * expire date: Mar 5 08:39:36 2020 GMT
  * subjectAltName: host "broken-avatars-one.gogitlab.ml" matched cert's "broken-avatars-one.gogitlab.ml"
  * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
  * SSL certificate verify ok.
  * Using HTTP2, server supports multi-use
  * Connection state changed (HTTP/2 confirmed)
  * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  * Using Stream ID: 1 (easy handle 0x562fcbe9db50)
> GET /uploads/-/system/user/avatar/1/avatar.png HTTP/2
> Host: broken-avatars-one.gogitlab.ml
> user-agent: curl/7.67.0
> accept: */*
>
  * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  * old SSL session ID is stale, removing
  * Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
  < HTTP/2 200
  < server: nginx
  < date: Wed, 08 Jan 2020 14:57:39 GMT
  < content-type: text/plain; charset=utf-8
  < content-length: 12
  < ... [TRUNCATED]

Compared to:

curl -Iv https://broken-avatars-one.gogitlab.ml/uploads/-/system/user/avatar/1/avatar.png
  * Trying 35.205.109.182:443...
  * TCP_NODELAY set
  * Connected to broken-avatars-one.gogitlab.ml (35.205.109.182) port 443 (#0)
  * ALPN, offering h2
  * ALPN, offering http/1.1
  * successfully set certificate verify locations:
  * CAfile: none
    CApath: /etc/ssl/certs
  * TLSv1.3 (OUT), TLS handshake, Client hello (1):
  * TLSv1.3 (IN), TLS handshake, Server hello (2):
  * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  * TLSv1.3 (IN), TLS handshake, Certificate (11):
  * TLSv1.3 (IN), TLS handshake, CERT verify (15):
  * TLSv1.3 (IN), TLS handshake, Finished (20):
  * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  * TLSv1.3 (OUT), TLS handshake, Finished (20):
  * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  * ALPN, server accepted to use h2
  * Server certificate:
  * subject: CN=broken-avatars-one.gogitlab.ml
  * start date: Dec 6 08:39:36 2019 GMT
  * expire date: Mar 5 08:39:36 2020 GMT
  * subjectAltName: host "broken-avatars-one.gogitlab.ml" matched cert's "broken-avatars-one.gogitlab.ml"
  * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
  * SSL certificate verify ok.
  * Using HTTP2, server supports multi-use
  * Connection state changed (HTTP/2 confirmed)
  * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  * Using Stream ID: 1 (easy handle 0x564063725b50)
> HEAD /uploads/-/system/user/avatar/1/avatar.png HTTP/2
> Host: broken-avatars-one.gogitlab.ml
> user-agent: curl/7.67.0
> accept: */*
>
  * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  * old SSL session ID is stale, removing
  * Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
  < HTTP/2 200
  HTTP/2 200
  < server: nginx
  server: nginx
  < date: Wed, 08 Jan 2020 15:04:33 GMT
  date: Wed, 08 Jan 2020 15:04:33 GMT
  < content-type: image/png
  content-type: image/png
  < cache-control: max-age=300, public
  cache-control: max-age=300, public
  < content-disposition: inline; filename*=UTF-8''avatar.png; filename="avatar.png"
  content-disposition: inline; filename*=UTF-8''avatar.png; filename="avatar.png"
  < content-transfer-encoding: binary
  content-transfer-encoding: binary

So I'd like to understand why when including `-I` I'm getting
'content-type: image/png', even while 'accept: */*' is in the request? 

-- 
Toon
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2020-01-08