[Cyberduck-trac] [Cyberduck] #8999: Cyberduck sends multiple content-type headers

Cyberduck trac at trac.cyberduck.io
Thu Sep 3 01:41:39 UTC 2015 

#8999: Cyberduck sends multiple content-type headers
------------------------+---------------------------------------------
    Reporter:  robbat2  |      Owner:  dkocher
        Type:  defect   |     Status:  new
    Priority:  high     |  Milestone:
   Component:  s3       |    Version:
    Severity:  normal   |   Keywords:  content-type, s3, headers, ceph
Architecture:           |   Platform:
------------------------+---------------------------------------------
 Ceph RadosGW, as used in DreamHost's DreamObjects, sends back the Content-
 Type header as "Content-type", with the "t" on "type" in lowercase.

 If you try to edit the metadata on an object, and leave that header with
 lowercase "type" as is for editing, AND on submission of changes Cyberduck
 sends an ADDITIONAL "Content-Type" header with the initial capitalization,
 and trips up in the JetS3 library.

 JetS3 throws this error:
 HTTP header name occurs multiple times in request with different values,
 probably due to mismatched capitalization when setting metadata names.
 Duplicate metadata name: 'Content-Type', All metadata:
 {Content-type=image/jpeg, x-amz-metadata-directive=REPLACE, Cache-
 Control=public,max-age=2592000, x-amz-copy-
 source=/CENSORED/CENSORED/CENSORED.jpg, x-amz-storage-class=STANDARD,
 Content-Type=application/octet-stream}

 The HTTP specification declares a few things that need to be considered
 for this:
 1. Field names are case-insensitive.

 2. Multiple instances of a field with the same name should be treated as
 if concatenated with a comma, but are ONLY valid if the field takes a
 list.
 http://greenbytes.de/tech/webdav/rfc2616.html#message.headers

 3. The Content-Type field must have a value of "type/subtype*(parameter)"
 http://greenbytes.de/tech/webdav/rfc2616.html#media.types

 Therefore, some changes are required:
 A. The edit interface for metadata/headers must prohibit the addition of
 multiple headers that are the same when considered without case.
 B. The client should NOT silently add the extra Content-Type header.

 Trying to send multiple content-type capitalizations to AmazonS3 causes S3
 to claim there is a signature mismatch.
 (As an aside, I'm fixing the Ceph RADOSGW to have the common
 capitalization of Content-Type, but CyberDuck should be fixed as well).

-- 
Ticket URL: <https://trac.cyberduck.io/ticket/8999>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list