Defect #24646
closedX-Sendfile is missing in response headers
0%
Description
Despite uncommenting X-Sendfile option in config/additional_environment.rb, X-Sendfile header is not added into the response. Therefore the download is not handed over to the webserver and it is processed by the application. It prevents from downloading of large files.
config/additional_environment.rb
# Specifies the header that your server uses for sending files config.action_dispatch.x_sendfile_header = "X-Sendfile"
Response header when downloading a file from the Files module:
Cache-Control private
Connection Keep-Alive
Content-Disposition attachment; filename="file.zip"
Content-Length 25362
Content-Type application/x-zip-compressed
Date Mon, 19 Dec 2016 08:33:42 GMT
Etag "c4c34e17fd91b5e7f97ea03a1e4366f6"
Server WEBrick/1.3.1 (Ruby/2.3.1/2016-04-26)
Set-Cookie _redmine_session=SzJycUd0VUYybGNkU2NVWGVHN1VQOVhJVUY1dTJCRjNOS05HU2xaSzY1aWYwOHp3am1SUURiWEdjNCtZOE44T2I0UkV3eHNWSWwwZDJ0MHBUMmhjck5Vd3ZNVHZla1RNTXBTTWQ3bnQva2p4OXk1KzUxcFgzWmVmU0dlYWg2dXFtei9JRXpXYWpyQXJ1ckY2TlQ0WEtkb1dPclprSlJ5Ni9pejN0a0FXMkUrVFdTUVFUeDBlMW9DNGJuN0k5Y3dPM1FIekcxUDByZlQ4emg1TmJyVUdkdC84REwyU1pVNGtIZnkzTVJ4T1dDdnVIYTFPMWJBWFNZeU5DRlRSUkE3QytUc3dFbWRaMXdhUjZmK0FvcGlENklCV3YzTDhSbWt4YWs5UEJLdW9wczlFMy9yc3BlY3krakV1ZjlSeUdNN29Gd2tENnk3Vk5VOFlSMERkdVdxNVpjdG1xQ3RTQlNTYWRnb1QvVmVzZy9NPS0tVGFOZGhaWUZVdEdRMUJrSjMwU05pQT09--150df285ffe701a4ef1e1bad01398101dcb4989c; path=/; HttpOnly
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Request-Id 8743fb81-42d3-4924-b93f-199b95e68ed1
X-Runtime 0.030291
X-XSS-Protection 1; mode=block
content-transfer-encoding binary
My environment:
Environment: Redmine version 3.3.1.stable Ruby version 2.3.1-p112 (2016-04-26) [x86_64-linux-gnu] Rails version 4.2.7.1 Environment production Database adapter Mysql2
Related issues
Updated by Karel Pičman about 8 years ago
During a next investigation I've found that the problem is that the body doesn't respond to to_path method:
Rack::Sendfile class Sendfile F = ::File ... def call(env) status, headers, body = @app.call(env) if body.respond_to?(:to_path) # Here is the problem case type = variation(env) when 'X-Accel-Redirect' ...
While in a working application the body is an instance of ActionDispatch::Response::RackBody which have as a member ActionDispatch::Response response, in Redmine I see there an array which doesn't respond to to_path method.
Unfortunately I've no clue what could be the reason.
Updated by Jean-Philippe Lang about 8 years ago
- Status changed from New to Confirmed
Updated by Jean-Philippe Lang almost 8 years ago
- Status changed from Confirmed to Resolved
- Assignee set to Jean-Philippe Lang
- Target version set to 3.3.2
- Resolution set to Fixed
The problem was caused by Rack::ContentLength. This should be fixed by r16114.
Thanks for pointing this out.
Updated by Jean-Philippe Lang almost 8 years ago
- Target version changed from 3.3.2 to 3.2.5
Updated by Karel Pičman almost 8 years ago
I confirm that after applying your patch, everything works as expected. Thank you very much.
Updated by Go MAEDA almost 8 years ago
- Category changed from Files to Attachments
Updated by Jean-Philippe Lang almost 8 years ago
- Status changed from Resolved to Closed
Thanks for the feedback.
Updated by Go MAEDA almost 5 years ago
- Related to Defect #32785: X-Sendfile header field is not set if rack 2.1.0 is installed added