Glance

Location header is set on HTTP 200

Bug #1299095 reported by Dave Walker
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Fix Released
Undecided
Dave Walker
Glance 2014.2 "juno"

Bug Description

Glance seems to be setting the http header of Location, when no redirect is intended. The contents of the Location field are equal to that of the request.

I haven't been able to work out the reasoning of this, but it has extended consqences of some webstacks and proxies seeing the Location field, and turning it into a 302 (which glanceclient et al then follows, causing a redirect loop).

Is this Location field used for anything meaningful?

To contrast, another Project has seen similar behavior here:
http://bitten.edgewall.org/ticket/607

Their interpenetration of RFC 2616 §14.30 is such that Glance's behavior is incompatible with the RFC.

As example:

From Glance running directly:
$ curl -i -X HEAD -H 'X-Auth-Token: a2dbc60c0b7641578215f4fb814ab33f' -H 'Content-Type: application/octe
t-stream' -H 'User-Agent: python-glanceclient' http://{REDACTED}/v1/images/2db2f647-866c-4cb8-8bf3-
646d20f6ee4c
HTTP/1.0 200 OK
Date: Fri, 28 Mar 2014 12:52:40 GMT
Server: WSGIServer/0.1 Python/2.7.3
Content-Type: text/html; charset=UTF-8
Content-Length: 0
x-image-meta-property-ramdisk_id: 401ec901-b01d-4bc7-96fb-660143a6d456
x-image-meta-id: 2db2f647-866c-4cb8-8bf3-646d20f6ee4c
x-image-meta-deleted: False
x-image-meta-container_format: ami
x-image-meta-checksum: f8a2eeee2dc65b3d9b6e63678955bd83
x-image-meta-protected: False
x-image-meta-min_disk: 0
x-image-meta-created_at: 2013-12-05T10:54:02
x-image-meta-size: 25165824
x-image-meta-status: active
x-image-meta-is_public: True
x-image-meta-min_ram: 0
x-image-meta-property-kernel_id: ff846cac-e6f6-49fc-a44e-69be33462c5b
x-image-meta-owner: e72df10b1afb49d2979d75bd00074365
x-image-meta-updated_at: 2013-12-05T10:54:02
x-image-meta-disk_format: ami
x-image-meta-name: cirros-0.3.1-x86_64-uec
Location: http://{REDACTED}/v1/images/2db2f647-866c-4cb8-8bf3-646d20f6ee4c
ETag: f8a2eeee2dc65b3d9b6e63678955bd83
x-openstack-request-id: req-77053d34-51f9-41b6-8ab1-d9693fc751d4

From Glance running behind apache+fcgid+flup:
$ curl -i \
> -X HEAD \
> -H 'X-Auth-Token: a2dbc60c0b7641578215f4fb814ab33f' \
> -H 'Content-Type: application/octet-stream' \
> -H 'User-Agent: python-glanceclient' http://{REDACTED}/v1/images/2db2f647-866c-4cb8-8bf3-646d20f6ee4c
HTTP/1.1 302 Found
Date: Fri, 28 Mar 2014 12:58:28 GMT
Server: Apache
X-MS-Unique-Id: UzVx9ArGan4AACOJHOQAAAAF
x-image-meta-property-ramdisk_id: 401ec901-b01d-4bc7-96fb-660143a6d456
x-image-meta-id: 2db2f647-866c-4cb8-8bf3-646d20f6ee4c
x-image-meta-deleted: False
x-image-meta-container_format: ami
x-image-meta-checksum: f8a2eeee2dc65b3d9b6e63678955bd83
x-image-meta-protected: False
x-image-meta-min_disk: 0
x-image-meta-created_at: 2013-12-05T10:54:02
x-image-meta-size: 25165824
x-image-meta-status: active
x-image-meta-is_public: True
x-image-meta-min_ram: 0
x-image-meta-property-kernel_id: ff846cac-e6f6-49fc-a44e-69be33462c5b
x-image-meta-owner: e72df10b1afb49d2979d75bd00074365
x-image-meta-updated_at: 2013-12-05T10:54:02
x-image-meta-disk_format: ami
x-image-meta-name: cirros-0.3.1-x86_64-uec
ETag: f8a2eeee2dc65b3d9b6e63678955bd83
x-openstack-request-id: req-f0506f3d-c510-4a3f-9464-a37c82513811
Location: http://{REDACTED}/v1/images/2db2f647-866c-4cb8-8bf3-646d20f6ee4c
Content-Type: text/html; charset=iso-8859-1

Revision history for this message
Dave Walker (davewalker) wrote :

"The Location header specifies a redirect. There are two kinds. If the Location value is a full URL (e.g. http://www.fastcgi.com/servers/apache), the effect is to generate an HTTP 302 response. If the Location value is an absolute path (e.g. /servers/apache), the effect is to execute a recursive request for that path within the server, and return the response of that request. The Status and Location headers are mutually exclusive."
 -- http://www.fastcgi.com/om_archive/servers/apache/apache-fastcgi/mod_fastcgi.html

Dave Walker (davewalker)
Changed in glance:
assignee: nobody → Dave Walker (davewalker)
status: New → In Progress
Revision history for this message
Dave Walker (davewalker) wrote :

The bot hasn't updated this, but there is a change proposed at:
https://review.openstack.org/83981

Thanks.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to glance (master)

Reviewed: https://review.openstack.org/83981
Committed: https://git.openstack.org/cgit/openstack/glance/commit/?id=e2a7fe8f56313a801ba58922b2451a6b03b6ca4b
Submitter: Jenkins
Branch: master

commit e2a7fe8f56313a801ba58922b2451a6b03b6ca4b
Author: Dave Walker (Daviey) <email address hidden>
Date: Sat Mar 29 19:26:13 2014 +0000

    Do not set Location header on HTTP/OK (200) responses

    Previously v1 API was setting 'Location' header on responses that
    did not require it. The is incompatible with RFC-2616 §14.30, and
    causes some webstacks to convert the 200 response to 302 Found.
    This had the consequence of forcing a redirect loop in glance
    client.

    This patch removes 3 superfluous 'Location' header additions in
    the v1 image API.

    Change-Id: Ic971ec356f80dff5a9e6f2f16d242a06341a142f
    Closes-bug: 1299095
    Signed-off-by: Dave Walker (Daviey) <email address hidden>

Changed in glance:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in glance:
milestone: none → juno-1
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in glance:
milestone: juno-1 → 2014.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.