Titanium JIRA Archive
Appcelerator Community (AC)

[AC-3075] HttpClient on Titanium Desktop 1.2RC for OS X randomly sends corrupt headers

GitHub Issuen/a
TypeBug
Priorityn/a
StatusClosed
ResolutionNeeds more info
Resolution Date2011-07-08T09:27:41.000+0000
Affected Version/sn/a
Fix Version/sn/a
ComponentsTitanium SDK & CLI
Labelsdesktop, headers, http, httpclient, mac, osx, xhr
ReporterMiloš Rašić
AssigneeTony Guntharp
Created2011-07-08T07:37:17.000+0000
Updated2016-03-08T07:48:07.000+0000

Description

First noticed this with User-Agent header because my sever-side code compares this between requests to prevent session hijacking. My client application worked fine on Windows and Linux, but on OS X it would start sending junk as User-Agent header after a random number of requests and thus cause the server to consider the session invalid. I fixed this by explicitly setting the header to a certain value which seems to have prevented Titanium Desktop from corrupting it. Now, I started using basic http authentication to protect access to the server-side code that provides access to the database. Again, it works fine on Windows and Linux, but on OS X it randomly sends junk as authorization header around 50% of the times. I'm using HttpClient.setCredentials() method to set the header. I've also reported the problem and my workarounds on Q&A: [http://developer.appcelerator.com/question/17101/cookies-are-not-set-on-titanium-desktop-os-x] [http://developer.appcelerator.com/question/122273/titanium-desktop-httpclient-corrupting-headers-on-os-x] My XHR functions that show problematic behaviour:
function getRemote(url, type, callback, credentials) {
		if (typeof credentials == 'undefined')
			credentials = {
				username: httpUsername,
				password: httpPassword
			};

		if (typeof Titanium == 'object') {
			var httpClient = Titanium.Network.createHTTPClient();
			if (credentials.username && credentials.password)
					httpClient.setCredentials(credentials.username, credentials.password);
			httpClient.onreadystatechange = function(status, response) {
				if (httpClient.readyState == httpClient.DONE) {
					if (typeof callback == 'function') {
						if (type == 'json')
							try {
								callback(Titanium.JSON.parse(httpClient.responseText));
							}
							catch(e) {
								alert(url+' says: '+httpClient.responseText);
							}
						else
							callback(httpClient.responseText);
					}
				}
			};
			httpClient.open('GET', url);
			httpClient.send();
		}
};


function postRemote(url, data, type, callback, credentials) {
		if (typeof credentials == 'undefined')
			credentials = {
				username: httpUsername,
				password: httpPassword
			};

		if (typeof Titanium == 'object') {
			var httpClient = Titanium.Network.createHTTPClient();
			if (credentials.username && credentials.password)
				httpClient.setCredentials(credentials.username, credentials.password);
			httpClient.onreadystatechange = function(status, response) {
				if (httpClient.readyState == httpClient.DONE) {
					if (typeof callback == 'function') {
						if (type == 'json')
							try {
								callback(Titanium.JSON.parse(httpClient.responseText));
							}
							catch(e) {
								alert(url+' says: '+httpClient.responseText);
							}
						else
							callback(httpClient.responseText);
					}
				}
			};
			httpClient.open('POST', url);
			httpClient.send(data);
		}
};
There are no useful Titanium logs to include, but I will provide a log file from my server side application that shows the headers it has received from an OSX client. log-2011-07-11.txt is a log from my PHP application that enforces User Agent checks. It shows how Titanium Desktop for OSX corrupts User-Agent headers. POv0.log is a log from my NodeJS application that asks for basic http authentication. It shows how Titanium Desktop for OSX corrutps Authorization headers.

Attachments

FileDateSize
log-2011-07-11.txt2011-07-11T06:58:41.000+00001828
POv0.log2011-07-11T06:58:41.000+00001112

Comments

  1. Miloš Rašić 2011-07-08

    Did some more tests. On one occasion, the corrupt authorization header contained a piece of the request url when decoded from base64. In all other cases the decoded header is a junk string, but I noticed that some strings are repeating quite often, like for example: ��ż˝ďż˝ż˝~ďż˝Q:
  2. Paul Dowsett 2011-07-08

    At the very least, we need some code in order to reproduce this issue. However, please also check the [Jira Ticket Checklist](http://wiki.appcelerator.org/display/guides/Contributing+to+Titanium#ContributingtoTitanium-Summary%3AJiraTicketChecklist) for any other information that may be missing. Once the ticket is complete, I will reopen. Thanks
  3. Miloš Rašić 2011-07-11

    I've updated the ticket. Please take a look and feel free to request more information if it is needed.
  4. Miloš Rašić 2011-08-17

    I've provided all the information I had according to the Jira Ticket Checklist and more. Why is the ticket closed as incomplete?

JSON Source