Details
-
Bug
-
Resolution: Fixed
-
Major
-
2.14.15
-
3
-
3
Description
Nexus Repo 2.x returns the "Content-Range" header in an invalid format. This can cause requesting clients to drop the connection. To reproduce:
curl -vH "Range: bytes=10-20" http://localhost:8081/nexus/content/repositories/central/commons-lang/commons-lang/2.6/commons-lang-2.6.jar -o /dev/null
Observe that this returns:
Content-Range: 10-20/284220
Note that it is missing the range unit, as in:
Content-Range: bytes 10-20/284220
The range unit is not optional:
https://tools.ietf.org/html/rfc7233#section-4.2
The problematic code is here:
This can be trivially fixed with:
--- a/plugins/basic/nexus-content-plugin/src/main/java/org/sonatype/nexus/content/internal/ContentServlet.java +++ b/plugins/basic/nexus-content-plugin/src/main/java/org/sonatype/nexus/content/internal/ContentServlet.java @@ -538,7 +538,7 @@ public class ContentServlet response.setStatus(SC_PARTIAL_CONTENT); response.setHeader("Content-Length", String.valueOf(bodySize)); response.setHeader("Content-Range", - range.lowerEndpoint() + "-" + range.upperEndpoint() + "/" + file.getLength()); + "bytes " + range.lowerEndpoint() + "-" + range.upperEndpoint() + "/" + file.getLength()); if (contentNeeded) { try (final InputStream in = file.getInputStream()) { in.skip(range.lowerEndpoint());
Attachments
Issue Links
- is related to
-
-
- Closed
-
