Re: IIS 5.0 Accept Header Bug: Any Workarounds?

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 10/06/04 

Date: Tue, 5 Oct 2004 22:53:10 -0700

The Accept header is in the HTTP specification for a good reason.

Hacking the web server to accept broken web clients, while allowing things
to "work", is ultimately more harmful in the long run than taking a stand.

1. It encourages clients to be even more broken because the server is
"expected" to change to accommodate (i.e. there's infinitely more clients to
fix than servers, so no one ever thinks about fixing the clients).
2. A communication specification that is not followed by clients and servers
is utterly useless
3. Over time, the lack of specification will cause more complex
compatibility problems

It is possible to hack IIS to munge/remove the incoming Accept header so
that no checking takes place.

However, realize that while this makes things "work", it is totally WRONG.
When client's encounter no resistance to their bad behavior, it will simply
propagate and get worse. This is one of the nightmares of the WWW -- having
the HTTP protocol bastardized by bad clients/servers. It should be shocking
to you that Apache is doing this since the ASF takes the ivory tower when it
comes to being faithful to the HTTP specification... 

-- 
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Ben Wilson" <removethis.bmwilson@picc.ca> wrote in message
news:Vhj7d.581361$gE.502567@pd7tw3no...
Hello again,
A follow-up to my previous post.
The cause seems to be that there is an empty MIME-Type between
application/xhtml+xml and application/x-wallet-appl.user-data-provision
within the Accept header:
application/xhtml+xml, ,application/x-wallet-appl.user-data-provision
If this is removed then it works as expected.
I realize this is really a client bug (the client is a Nokia 7610 phone) but
I don't really have control over the client.
IIS 6.0 does tolerant this errant client behavior and I was wondering if
anybody knows if IIS 5.0 can be persuaded to as well?
The easiest solution would seem to be to disable the Accept checking
entirely as Apache does.
Thanks,
Ben.
"Ben Wilson" <removethis.bmwilson@picc.ca> wrote in message
news:L_g7d.580269$gE.133950@pd7tw3no...
> Hello,
>
> Found an interesting problem in the way IIS 5.0 processes Accept headers.
>
> If I send this request (MIME-Type image/gif is setup for .gif files):
>
> GET /dl/45451176x39270AC00.gif HTTP/1.0
> User-Agent: Nokia7610
> Host: test.net
> Accept: audio/wav, audio/x-wav, audio/basic, audio/x-au, audio/au,
> audio/x-basic, video/mp4, video/mpeg4, video/3gpp,
> application/vnd.rn-realmedia, audio/AMR-WB, audio/AMR, application/sdp,
> audio/sp-midi, audio/x-beatnik-rmf, audio/midi, application/java-archive,
> text/vnd.sun.j2me.app-descriptor, application/vnd.wap.wmlc,
> text/vnd.wap.wml, application/vnd.wap.wbxml,
application/vnd.wap.wmlscriptc,
> text/html, application/vnd.wap.xhtml+xml, application/xhtml+xml, ,
> application/x-wallet-appl.user-data-provision, application/vnd.met.ticket,
> application/vnd.symbian.install, audio/x-pn-realaudio-plugin,
> audio/x-pn-realaudio, audio/mpegurl, audio/x-mpegurl, text/x-co-desc,
> application/vnd.oma.dd+xml, application/vnd.nokia.ringing-tone,
> text/vnd.symbian.wml.dtd, application/java, video/3gp, audio/rmf,
> audio/x-rmf, audio/x-midi, application/x-java-archive,
> application/vnd.oma.drm.message, application/x-x509-ca-cert, text/plain,
> text/X-vCard, text/calendar, text/x-vCalendar, text/css, image/*
> Connection: Close
>
> Then I get a 406 error despite the image/* Accept header. However if I
send
> this:
>
> GET /dl/45451176x39270AC00.gif HTTP/1.0
> User-Agent: Nokia7610
> Host: test.net
> Accept: image/*, audio/wav, audio/x-wav, audio/basic, audio/x-au,
audio/au,
> audio/x-basic, video/mp4, video/mpeg4, video/3gpp,
> application/vnd.rn-realmedia, audio/AMR-WB, audio/AMR, application/sdp,
> audio/sp-midi, audio/x-beatnik-rmf, audio/midi, application/java-archive,
> text/vnd.sun.j2me.app-descriptor, application/vnd.wap.wmlc,
> text/vnd.wap.wml, application/vnd.wap.wbxml,
application/vnd.wap.wmlscriptc,
> text/html, application/vnd.wap.xhtml+xml, application/xhtml+xml, ,
> application/x-wallet-appl.user-data-provision, application/vnd.met.ticket,
> application/vnd.symbian.install, audio/x-pn-realaudio-plugin,
> audio/x-pn-realaudio, audio/mpegurl, audio/x-mpegurl, text/x-co-desc,
> application/vnd.oma.dd+xml, application/vnd.nokia.ringing-tone,
> text/vnd.symbian.wml.dtd, application/java, video/3gp, audio/rmf,
> audio/x-rmf, audio/x-midi, application/x-java-archive,
> application/vnd.oma.drm.message, application/x-x509-ca-cert, text/plain,
> text/X-vCard, text/calendar, text/x-vCalendar, text/css
> Connection: Close
>
> Then it works fine.
>
> It seems as if IIS is only processing the first 'n' Accept headers as I
can
> put the image/* header at or near the start of the list, but once you get
> past a certain position it doesn't work any more.
>
> This isn't a problem with IIS6.0
>
> Grateful for any help!
>
>
> Best regards,
>
> Ben.
>
>
>