On Thu, Dec 29, 2011 at 9:52 AM, Daniel Stenberg <daniel_at_haxx.se> wrote:

> On Wed, 28 Dec 2011, Alex Vinnik wrote:
>
> Unearthed one more interesting redirect case at least for me :) ... curl
>> gets into infinite redirect loop with a website and exists after hitting
>> redirect limit.
>>
>> Here is how to reproduce it. Verbose libcurl output is below
>>
>> curl -ivL http://www.kqzyfj.com/click-0-**10721226<http://www.kqzyfj.com/click-0-10721226>
>>
>> In a nutshell... It is clear that one of the early re-directors provides
>> mixed case Location url http://www.UltraFragrances.**com/<http://www.UltraFragrances.com/>which is not correct.
>>
>
> It might be clear that this is the reason for what is going on. It is not
> clear to me that it is "not correct". (And it might not even be the reason
> for this failure.)
>
Have a feeling curl might need an option to force host header to lower case.

>
> The host name in a URL (URI) is specificly specified to be case
> insensitive. ABC.com is the same as abc.com and AbC.com. Therfore,
> UltraFragrances.com is the same host as ultrafragrances.com and using
> either version in the Host: header should be equivalent.
>
> I would claim that separating them only on the basis of different case in
> the host name would be violating specs.
>
> I'll admit that there's a problem when browsers act differently on a site
> when that different behahavior is what makes things work - and such
> behaviors many times end up pushing us towards doing weirdo stuff even
> though we shouldn't have to.
>
> As usual Chrome just handles it fine by converting first incorrect mixed
>> case Location url to all lower case. Any workaround for this case?
>>
>
> Are you saying Chrome always lowercases host names in the Host: header?
> Did you check how other browsers act in this situation?
>
Yes I do see that Chrome always converts to lower case. Also tried Firefox,
Opera and IE and they all can navigate to final destination. Assuming they
convert as well. But have not verified it.

>
> Perhaps even more importantly, if you would hack your curl verson to lower
> case the host name in the header, does it truly make this operation work
> against this site? There's actually a risk that the site uses some other
> heuristic to do this weirdness that we just haven't spotted.

I am gonna give it it a try... can you suggest which part does it.

>
>
> --
>
> / daniel.haxx.se
> ------------------------------**------------------------------**-------
> List admin: http://cool.haxx.se/list/**listinfo/curl-library<http://cool.haxx.se/list/listinfo/curl-library>
> Etiquette: http://curl.haxx.se/mail/**etiquette.html<http://curl.haxx.se/mail/etiquette.html>
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-12-29