Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

xhr-polling protocol responses should have "no-transform" or a MIME type other than "application/javascript" #190

Open
tombergan opened this issue Nov 11, 2015 · 3 comments

Comments

@tombergan
Copy link

Responses to the "/xhr" and "/xhr_send" URLs have "Content-Type: application/javascript". Middlebox compression proxies may attempt to minimize these responses since they look like Javascript code. One typical optimization is newline removal, but this optimization breaks sockjs since xhr-polling uses "\n" as a frame delimiter. For example, see this bug report:
https://code.google.com/p/chromium/issues/detail?id=553828

It is strange to use "Content-Type: application/javascript" since the xhr-polling responses are data, not executable javascript. This confuses compression proxies since the response is not being used as the Content-Type would suggest. The responses aren't even JSON (although I realize JSON can be embedded in the response). I believe sockjs should do one of the following:

  1. Set "Cache-Control: no-transform" on the /xhr and /xhr_send responses. Looks like greggman just submitted a change to do exactly this, so you can probably just close this bug "already fixed" :-) See commit 7845866

  2. Use a different Content-Type, such as "application/x-sockjs-xhr-polling" or event "text/plain".

@greggman
Copy link
Contributor

Just for context Google's Data Saver does content aware data compression which is why this issue came up.

Basically like @tombergan said if it's not actually JSON it shouldn't be marked as JSON. Or, if it is JSON it should be treated as JSON and not have the whitespace be significant.

@brycekahle
Copy link
Contributor

I know there was a very specific reason for application/javascript being used. Let me see if I can find references.

@greggman
Copy link
Contributor

There's two seemingly obvious fixes (I haven't looked at the code). Either (a) stop marking it as JSON if it's not JSON or (b) stop looking for insignificant whitespace if it is JSON.

While my patch #189 sets the no-transform header which also solves the issue for the Google Data Saver there's no guarantee this issue won't come up with other content aware proxies who may or many not respect no-transform. So, it seems like either stop marking as JSON or stop checking for insignificant whitespace is a better solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants