如何将格式错误的HTTP响应写入“保证”类似于HTTP 500的东西 [英] How to write malformed HTTP response to "guarantee" something akin to HTTP 500

问题描述

假设我开始写响应体，但是有一些错误，我需要指出它是一个HTTP 500，即使HTTP 200 OK标头已被写为标题...
怎么能我在回复的主体上写了一些保证会出错的内容，以便客户将响应解释为某种错误？

Say I started writing to the response body, but there was some error, and I need to indicate that it's an HTTP 500 even if an HTTP 200 OK header was already written as a header... How can I write something to the body of the response that's guaranteed to be malformed so that the response is interpreted as some sort of error by the client?

推荐答案

一般来说，这是不可能的。有些客户只关心响应标题，可能会停止关注标题后发送的内容。

In general, this is impossible. Some clients only care about the response header, and may stop paying attention to what you send after the header.

但对于某些客户，在某些情况下，这可能是有可能的。

But with certain clients, in certain cases, this may be possible.

我假设 HTTP / 1.1 这里。 HTTP / 2 可能会提供更多机会，因为协议中还有更多内容，实施通常更严格。相反，HTTP / 1.0是笨重的，因此更难破解。

I assume HTTP/1.1 here. HTTP/2 probably gives even more opportunities, because there’s more to screw up in the protocol, and the implementations are often stricter. Conversely, HTTP/1.0 is dumber and laxer, so harder to break.

1. 在响应结束前关闭连接，如您的框架表示。如果您的回复框架为 Content-Length：100 ，请在发送有效负载的第100个字节之前关闭。如果您的回复框架为 Transfer-Encoding：chunked ，请在发送最终空块之前关闭。如果客户希望收到整个有效负载，可以（并且应该）将此视为错误。但有些人不会，包括非常受欢迎的客户端库。

1. Close the connection before the end of response, as indicated by your framing. If your response is framed with Content-Length: 100, close before you’ve sent the 100th byte of payload. If your response is framed with Transfer-Encoding: chunked, close before you’ve sent the final empty chunk. If the client expects to receive the entire payload, it may (and should) treat this as an error. But some won’t, including very popular client libraries.

如果有效负载采用结构化格式，如JSON或XML，则执行与1相同，但在关闭之前，发送会破坏该格式的内容。例如，没有有效的JSON文本可以以 {结尾。即使客户端没有将不完整的有效负载识别为错误，它也可能在尝试解析它时失败。

If the payload is in a structured format, like JSON or XML, then do the same as 1, but before closing, send something that would disrupt that format. For example, no valid JSON text can end with {. Even if the client doesn’t recognize the incomplete payload as an error, it might then fail on trying to parse it.

与1相同，但不是关闭连接，只是停止发送数据。客户端将挂起，直到其接收操作超时，这可能会被视为错误。如果客户是由没有为这种奢侈超时做好准备的人操作，那么这可能是一个坏主意。

Same as 1, but instead of closing the connection, just stop sending data. The client will "hang" until its receive operation times out, which it may treat as an error. This may be a bad idea if the client is operated by someone who is not prepared for such extravagant timeouts.

仅限于 Transfer-Encoding：chunked ：与3相同，但不是挂起，而是发送伪造非常长的块和/或不断发送块，直到客户端放弃或崩溃。可能是非常糟糕的主意，接近恶意。

Only with Transfer-Encoding: chunked: Same as 3, but instead of hanging, send bogus very long chunks and/or keep sending chunks indefinitely, until the client gives up or crashes. Probably a very bad idea, bordering on malicious.

这篇关于如何将格式错误的HTTP响应写入“保证”类似于HTTP 500的东西的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！