Last modified: 2011-03-13 18:04:39 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T24778, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 22778 - HTTP 400 when requesting a long URL
HTTP 400 when requesting a long URL
Status: RESOLVED WONTFIX
Product: Wikimedia
Classification: Unclassified
General/Unknown (Other open bugs)
unspecified
All All
: Lowest enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
: upstream
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-03-09 10:41 UTC by Liangent
Modified: 2011-03-13 18:04 UTC (History)
5 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Liangent 2010-03-09 10:41:42 UTC
http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html :
The HTTP protocol does not place any a priori limit on the length  of a URI.

http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html :
The request could not be understood by the server due to malformed syntax.

Long URL is not a malformed syntax so we shouldn't respond with HTTP 400.

URL (produced by a user script):

http://zh.wikipedia.org/w/api.php?action=query&format=json&callback=CatNav.callback&titles=Category%3A%E4%B8%AD%E5%8D%8E%E4%BA%BA%E6%B0%91%E5%85%B1%E5%92%8C%E5%9B%BD%E8%A1%8C%E6%94%BF%E5%8C%BA%E5%88%92%7CCategory%3A%E4%B8%AD%E5%9B%BD%E7%89%B9%E5%88%AB%E8%A1%8C%E6%94%BF%E5%8C%BA%7CCategory%3A%E4%BA%9A%E6%B4%B2%E5%9B%BD%E5%AE%B6%7CCategory%3A%E5%90%84%E7%A8%AE%E4%B8%BB%E9%A1%8C%E7%9A%84%E9%A0%81%E9%9D%A2%E5%88%86%E9%A1%9E%7CCategory%3A%E4%B8%AD%E5%9B%BD%E4%BC%81%E4%B8%9A%7CCategory%3A%E5%90%84%E5%9C%8B%E5%85%AC%E5%8F%B8%7CCategory%3A%E4%B8%AD%E5%9B%BD%E5%9C%B0%E7%90%86%E5%A4%A7%E5%8C%BA%7CCategory%3A%E4%B8%AD%E5%9B%BD%E7%BB%8F%E6%B5%8E%7CCategory%3A%E5%90%84%E5%9C%8B%E5%9C%B0%E7%90%86%7CCategory%3A%E4%B8%AD%E5%9B%BD%E8%A1%8C%E6%94%BF%E5%8C%BA%E5%88%92%7CCategory%3A%E5%9F%8E%E9%95%87%7CCategory%3A%E6%9D%B1%E4%BA%9E%E5%82%B3%E7%B5%B1%E6%96%87%E5%8C%96%7CCategory%3A%E6%9D%B1%E4%BA%9E%E6%96%87%E5%8C%96%E5%9C%88%7CCategory%3A%E5%90%84%E5%9C%8B%E9%9B%BB%E8%A6%96%7CCategory%3A%E4%B8%AD%E5%8D%8E%E4%BA%BA%E6%B0%91%E5%85%B1%E5%92%8C%E5%9B%BD%7CCategory%3A%E5%90%84%E5%9C%8B%E7%B5%84%E7%B9%94%7CCategory%3A%E4%BA%9E%E6%B4%B2%E8%AA%9E%E8%A8%80%7CCategory%3A%E5%90%84%E5%9C%8B%E8%AA%9E%E8%A8%80%7CCategory%3A%E9%87%91%E8%9E%8D%7CCategory%3A%E4%B8%AD%E5%8D%8E%E4%BA%BA%E6%B0%91%E5%85%B1%E5%92%8C%E5%9B%BD%E5%90%84%E7%BA%A7%E8%A1%8C%E6%94%BF%E5%8C%BA%7CCategory%3A%E4%B8%AD%E5%9B%BD%E4%B8%80%E7%BA%A7%E8%A1%8C%E6%94%BF%E5%8C%BA%7CCategory%3A%E6%AD%A3%E7%9C%81%E9%83%A8%E7%BA%A7%7CCategory%3A%E5%85%AC%E5%8F%B8%7CCategory%3A%E8%B4%B8%E6%98%93%7CCategory%3A%E4%BE%9D%E5%9C%B0%E7%90%86%E4%BD%8D%E7%BD%AE%E6%9D%A5%E4%BD%9C%E7%9A%84%E5%88%86%E7%B1%BB%7CCategory%3A%E5%9B%BD%E5%AE%B6%7CCategory%3A%E8%AF%AD%E8%A8%80%7CCategory%3A%E5%9F%8E%E5%B8%82%7CCategory%3A%E7%94%B5%E8%A7%86%E5%8F%B0%7CCategory%3A%E4%BC%A0%E6%92%AD%E5%AD%A6%7CCategory%3A%E7%A4%BE%E4%BC%9A%7CCategory%3A%E4%BA%9A%E6%B4%B2%E5%9C%B0%E7%90%86%7CCategory%3A%E4%B8%AD%E5%8D%8E%E6%B0%91%E6%97%8F%7CCategory%3A%E6%BC%A2%E8%97%8F%E8%AA%9E%E7%B3%BB%7CCategory%3A%E5%8C%BA%E5%9F%9F%E5%9C%B0%E7%90%86%7CCategory%3A%E6%94%BF%E5%BA%9C%7CCategory%3A%E9%87%91%E8%9E%8D%E5%AD%A6%7CCategory%3A%E5%B8%82%E5%A0%B4%7CCategory%3A%E6%9C%8D%E5%8A%A1%7CCategory%3A%E7%BB%84%E7%BB%87%7CCategory%3A%E4%B8%AD%E5%9B%BD%E9%87%91%E8%9E%8D%E5%85%AC%E5%8F%B8%7CCategory%3A%E9%A6%99%E6%B8%AF%E6%8A%95%E8%B3%87%E5%8F%8A%E8%9E%8D%E8%B3%87&prop=categories&clshow=!hidden&cllimit=5000&requestid=Category%3A%E4%B8%AD%E5%8D%8E%E4%BA%BA%E6%B0%91%E5%85%B1%E5%92%8C%E5%9B%BD%E8%A1%8C%E6%94%BF%E5%8C%BA%E5%88%92%7CCategory%3A%E4%B8%AD%E5%9B%BD%E7%89%B9%E5%88%AB%E8%A1%8C%E6%94%BF%E5%8C%BA%7CCategory%3A%E4%BA%9A%E6%B4%B2%E5%9B%BD%E5%AE%B6%7CCategory%3A%E5%90%84%E7%A8%AE%E4%B8%BB%E9%A1%8C%E7%9A%84%E9%A0%81%E9%9D%A2%E5%88%86%E9%A1%9E%7CCategory%3A%E4%B8%AD%E5%9B%BD%E4%BC%81%E4%B8%9A%7CCategory%3A%E5%90%84%E5%9C%8B%E5%85%AC%E5%8F%B8%7CCategory%3A%E4%B8%AD%E5%9B%BD%E5%9C%B0%E7%90%86%E5%A4%A7%E5%8C%BA%7CCategory%3A%E4%B8%AD%E5%9B%BD%E7%BB%8F%E6%B5%8E%7CCategory%3A%E5%90%84%E5%9C%8B%E5%9C%B0%E7%90%86%7CCategory%3A%E4%B8%AD%E5%9B%BD%E8%A1%8C%E6%94%BF%E5%8C%BA%E5%88%92%7CCategory%3A%E5%9F%8E%E9%95%87%7CCategory%3A%E6%9D%B1%E4%BA%9E%E5%82%B3%E7%B5%B1%E6%96%87%E5%8C%96%7CCategory%3A%E6%9D%B1%E4%BA%9E%E6%96%87%E5%8C%96%E5%9C%88%7CCategory%3A%E5%90%84%E5%9C%8B%E9%9B%BB%E8%A6%96%7CCategory%3A%E4%B8%AD%E5%8D%8E%E4%BA%BA%E6%B0%91%E5%85%B1%E5%92%8C%E5%9B%BD%7CCategory%3A%E5%90%84%E5%9C%8B%E7%B5%84%E7%B9%94%7CCategory%3A%E4%BA%9E%E6%B4%B2%E8%AA%9E%E8%A8%80%7CCategory%3A%E5%90%84%E5%9C%8B%E8%AA%9E%E8%A8%80%7CCategory%3A%E9%87%91%E8%9E%8D%7CCategory%3A%E4%B8%AD%E5%8D%8E%E4%BA%BA%E6%B0%91%E5%85%B1%E5%92%8C%E5%9B%BD%E5%90%84%E7%BA%A7%E8%A1%8C%E6%94%BF%E5%8C%BA%7CCategory%3A%E4%B8%AD%E5%9B%BD%E4%B8%80%E7%BA%A7%E8%A1%8C%E6%94%BF%E5%8C%BA%7CCategory%3A%E6%AD%A3%E7%9C%81%E9%83%A8%E7%BA%A7%7CCategory%3A%E5%85%AC%E5%8F%B8%7CCategory%3A%E8%B4%B8%E6%98%93%7CCategory%3A%E4%BE%9D%E5%9C%B0%E7%90%86%E4%BD%8D%E7%BD%AE%E6%9D%A5%E4%BD%9C%E7%9A%84%E5%88%86%E7%B1%BB%7CCategory%3A%E5%9B%BD%E5%AE%B6%7CCategory%3A%E8%AF%AD%E8%A8%80%7CCategory%3A%E5%9F%8E%E5%B8%82%7CCategory%3A%E7%94%B5%E8%A7%86%E5%8F%B0%7CCategory%3A%E4%BC%A0%E6%92%AD%E5%AD%A6%7CCategory%3A%E7%A4%BE%E4%BC%9A%7CCategory%3A%E4%BA%9A%E6%B4%B2%E5%9C%B0%E7%90%86%7CCategory%3A%E4%B8%AD%E5%8D%8E%E6%B0%91%E6%97%8F%7CCategory%3A%E6%BC%A2%E8%97%8F%E8%AA%9E%E7%B3%BB%7CCategory%3A%E5%8C%BA%E5%9F%9F%E5%9C%B0%E7%90%86%7CCategory%3A%E6%94%BF%E5%BA%9C%7CCategory%3A%E9%87%91%E8%9E%8D%E5%AD%A6%7CCategory%3A%E5%B8%82%E5%A0%B4%7CCategory%3A%E6%9C%8D%E5%8A%A1%7CCategory%3A%E7%BB%84%E7%BB%87%7CCategory%3A%E4%B8%AD%E5%9B%BD%E9%87%91%E8%9E%8D%E5%85%AC%E5%8F%B8%7CCategory%3A%E9%A6%99%E6%B8%AF%E6%8A%95%E8%B3%87%E5%8F%8A%E8%9E%8D%E8%B3%87&_=1268131053221
Comment 1 Roan Kattouw 2010-03-09 10:44:47 UTC
(In reply to comment #0)
> http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html :
> The HTTP protocol does not place any a priori limit on the length  of a URI.
> 
> http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html :
> The request could not be understood by the server due to malformed syntax.
> 
> Long URL is not a malformed syntax so we shouldn't respond with HTTP 400.
> 
It is very common for overlong GET URLs to be greeted with a 400 AFAIK. Different web servers have different limits, though. Such long URLs should really be replaced with POST requests.

Suggest INVALID.
Comment 2 Domas Mituzas 2010-03-09 10:48:50 UTC
we could probably return 414 , ehehehe:

10.4.15 414 Request-URI Too Long

The server is refusing to service the request because the Request-URI is longer than the server is willing to interpret. This rare condition is only likely to occur when a client has improperly converted a POST request to a GET request with long query information, when the client has descended into a URI "black hole" of redirection (e.g., a redirected URI prefix that points to a suffix of itself), or when the server is under attack by a client attempting to exploit security holes present in some servers using fixed-length buffers for reading or manipulating the Request-URI.
Comment 3 Liangent 2010-03-10 04:45:11 UTC
(In reply to comment #1)
> (In reply to comment #0)
> > http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html :
> > The HTTP protocol does not place any a priori limit on the length  of a URI.
> > 
> > http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html :
> > The request could not be understood by the server due to malformed syntax.
> > 
> > Long URL is not a malformed syntax so we shouldn't respond with HTTP 400.
> > 
> It is very common for overlong GET URLs to be greeted with a 400 AFAIK.
> Different web servers have different limits, though. Such long URLs should
> really be replaced with POST requests.
> 
> Suggest INVALID.

If I change it to POST, I cannot make use of callback.
Comment 4 Domas Mituzas 2010-03-10 08:48:34 UTC
That is very very, very, very very sad.
Comment 5 Tim Starling 2010-03-10 23:27:24 UTC
If Liangent means that we should allow arbitrarily long URLs, then this is a WONTFIX. I think he does so that's how I'm marking it. If he means that the response code should be 414 instead of 400, then that can be submitted upstream, to http://bugs.squid-cache.org/

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links