https://kotlinlang.org logo
#squarelibraries
Title
# squarelibraries
c

Colton Idle

08/20/2022, 7:55 AM
I'm crashing due to a header that comes back in a response
Copy code
java.lang.IllegalArgumentException: Unexpected char 0x41c at 74 in Content-Disposition value:  inline; filename="7326f70a-1b88-4ff8-afc8-5f52190c7052b7179b07fcb968827a_Мала.jpg"
I wrote this interceptor and I set it as a network interceptor, but I still get the same crash (as if the interceptor doesn't even get applied). Can anyone point me in the right direction?
Copy code
private val REMOVE_HEADER_INTERCEPTOR = Interceptor { chain ->
  val originalResponse = chain.proceed(chain.request())
  originalResponse.newBuilder()
    .removeHeader("Content-Disposition")
    .build()
}
anything other than printable ASCII in headers is not supported
c

Colton Idle

08/20/2022, 8:38 AM
oof. i figured they weren't supported, but itd still allow me to remove those headers. hopefully i can find some docs to show my server team that non ascii chars shouldn't be used in headers.
e

ephemient

08/20/2022, 9:10 AM
okhttp is throwing before your intercepter gets run
https://datatracker.ietf.org/doc/rfc6266/
Copy code
Appendix D.  Advice on Generating Content-Disposition Header Fields
basically modern standards recommend that content-disposition filename is only ascii with no escapes because anything else is handled inconsistently
also https://datatracker.ietf.org/doc/rfc9112/ basically says only USASCII needs to be supported and full Unicode support leads to vulnerabilities
c

Colton Idle

08/20/2022, 8:00 PM
Thanks for the resources. This is definitely a TIL. Thank you @ephemient!
j

jessewilson

08/21/2022, 2:00 PM
This isn’t a request or a response header, but a multipart header?
I think the solution is to change OkHttp’s multipart code to decode the headers with lenient code
c

Colton Idle

08/21/2022, 6:02 PM
I'm trying to just load an image with coil and @Colin White helped me debug to figure out that this was the issue. So I'm not really sure if this is a multipart header (not sure what that is). It would be really nice if it was lenient so I can intercept and rewrite a broken server like I do with my servers broken caching impl.
e

ephemient

08/21/2022, 9:28 PM
is that part of a multipart header? I expected it's just a normal response header from the question
14 Views