rpc: Change Content-Type to plain text for the webroot #16204

pull emilengler wants to merge 1 commits into bitcoin:master from emilengler:patch-emilengler changing 1 files +1 −0
  1. emilengler commented at 1:31 PM on June 13, 2019: contributor

    Hello, I added a header when you call the webserver directly. Currently it returns invalid html, which could be rendered invalid by a browser. The PR adds a text/plain header. This is also common for error messages. Here are some screenshots where the content-type is being showed (You can see the respone header in the bottom right corner)

    Without my change With my change

  2. Change Content-Type to plain text for the webroot 97c2bb8479
  3. fanquake added the label RPC/REST/ZMQ on Jun 13, 2019
  4. MarcoFalke renamed this:
    Change Content-Type to plain text for the webroot
    rpc: Change Content-Type to plain text for the webroot
    on Jun 13, 2019
  5. laanwj commented at 3:15 PM on June 13, 2019: member

    I'm not against this but… why would you visit the RPC server in a browser, that doesn't seem to be a use-case supports by any means?

    As for your screenshots, apart from the font I don't see any difference, the error is well readable with the default of text/html?

  6. emilengler commented at 3:20 PM on June 13, 2019: contributor

    Happened to me as an accident. Of course it is readable in the current format but is is invalid html and could cause errors in some browsers or could be interpreted wrong.

  7. laanwj commented at 3:22 PM on June 13, 2019: member

    Of course it is readable in the current format but is is invalid html and could cause errors in some browsers or could be interpreted wrong.

    I don't think it's even invalid HTML, just HTML without any tags. Any browser handles this.

    You do have a point that if the message contained user-supplied input that might contain rogue tags, this would be a protection against CSS attacks.

  8. promag commented at 3:56 PM on June 13, 2019: member 
    curl -v localhost:18443

> GET / HTTP/1.1
> Host: localhost:18443
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 405 Method Not Allowed
< Date: Thu, 13 Jun 2019 15:49:15 GMT
< Content-Length: 41
< Content-Type: text/html; charset=ISO-8859-1

    Looks like libevent does this by default if content type isn't set. I wouldn't mind also returning JSON, like { "error": "JSONRPC server handles only POST request" }.

    I don't think there's a correct content type.

  9. kristapsk commented at 3:59 PM on June 13, 2019: contributor

    I don't think it's even invalid HTML, just HTML without any tags. Any browser handles this.

    Browsers handle, but AFAIK, at least <!DOCTYPE> and <title> tags are required for it to be a valid HTML.

    I also don't consider this a big deal, but returning text/plain here seems correct thing to do. If return data is converted to JSON, then it should be application/json as in other responses, of course.

  10. emilengler commented at 6:05 PM on June 13, 2019: contributor

    @kristapsk The header is being changed to application/json when return is JSON.

  11. emilengler commented at 1:21 PM on June 15, 2019: contributor

    So finally it needs to be said that this PR makes the error message output to a valid output

  12. laanwj commented at 2:03 PM on June 17, 2019: member

    I think this is getting too controversial for a one-line change of not entirely clear merit. Closing, sorry.

  13. laanwj closed this on Jun 17, 2019
  14. DrahtBot locked this on Dec 16, 2021
Contributors
emilenglerlaanwjpromagkristapsk
Labels
RPC/REST/ZMQ
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-13 15:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me