Don't know where to begin debugging this.
I have a local Apache server running a PHP backend that spits out a list of links from an API to the front.
...
<li>
Image
</li>
<li>
Image
</li>
...
Links are mixed both HTTP and HTTPS. I'm having a problem with Safari in particular. It appears to download the linked HTTPS image (HTTP opens fine in new tab) instead of viewing them in a new tab.
Expected behaviour: all links that have target="_blank" attribute should open the image in a new tab in all browsers.
Actual behaviour: all links open image in new tab in all browsers except for Safari (downloads jpg file instead)
cURL on HTTP links shows a 301 redirect (works fine in all browsers)
> GET /path/to/image1.jpg HTTP/1.1
> Host: hostpath
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Mon, 20 Feb 2023 07:10:41 GMT
< Content-Type: text/html
< Content-Length: 178
< Connection: keep-alive
< Server: nginx
< Location: https://newpath.com/overHTTPS/image1.jpg
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload;
cURL on HTTPS links (these open in new tab fine in all browsers EXCEPT for Safari)
> GET /path/to/image2.jpg HTTP/2
> Host: hostpath
> User-Agent: curl/7.64.1
> Accept: */*
< HTTP/2 200
< content-type: image/jpg
< content-length: 150672
< last-modified: Thu, 24 Jun 2021 10:45:06 GMT
< x-amz-version-id: null
< accept-ranges: bytes
< server: AmazonS3
< strict-transport-security: max-age=31536000; includeSubdomains; preload
< date: Mon, 20 Feb 2023 07:16:15 GMT
< etag: "62a2466dbe39f0cd92908fa096ba9011"
< x-cache: RefreshHit from cloudfront
< via: 1.1 uid.cloudfront.net (CloudFront)
< x-amz-cf-pop: -cf-pop
< x-amz-cf-id: amz-cf-id==
cURL from totally different HTTPS as an experiment. (works! Safari opens this jpg to view in new tab just fine)
> GET /path/to/differentHTTPS/image2.jpg HTTP/2
> Host: m.media-amazon.com
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/2 200
< content-type: image/jpeg
< content-length: 13470
< server: Server
< date: Mon, 20 Feb 2023 07:29:44 GMT
< x-amz-ir-id: 6e4a2087-7e28-47ca-bef1-f332c0575d92
< expires: Sun, 15 Feb 2043 04:07:45 GMT
< cache-control: max-age=630720000,public
< surrogate-key: x-cache-214 /images/I/51U-ZNaX5sL
< timing-allow-origin: https://www.amazon.in, https://www.amazon.com
< edge-cache-tag: x-cache-214,/images/I/51U-ZNaX5sL
< access-control-allow-origin: *
< last-modified: Sat, 24 Jul 2021 09:53:23 GMT
< x-nginx-cache-status: HIT
< accept-ranges: bytes
< via: 1.1 uid.cloudfront.net (CloudFront)
< server-timing: provider;desc="cf"
< x-cache: Miss from cloudfront
< x-amz-cf-pop: -cf-pop
< x-amz-cf-id: cf-id==
<
For the most part, my original HTTPS origin and the test HTTPS origin have near identical response headers.
Might be how Safari treats requests to HTTPS resources from insecure HTTP origins (security?). So I deployed to my server which hosts everything over HTTPS; still exact same problem. Safari just will not open a .jpg from this external HTTPS origin in a new tab, it always downloads it.
I swapped in a totally different HTTPS link to an image, and it WORKS. Opens the image to view in a new tab, DOESN'T DOWNLOAD. Just not from the other HTTPS source.
Requests headers from all browsers and accepting image/*.
Any ideas on how I can dig through this? Not sure what else I can try!
PHP-server without router (working)
$ php -S 127.0.0.1:8000
PHP 5.6.15 Development Server started at Sat Nov 21 13:12:04 2015
Listening on http://127.0.0.1:8000
Header of style.css:
$ curl -I http://127.0.0.1:8000/style.css
HTTP/1.1 200 OK
Host: 127.0.0.1:8000
Connection: close
Content-Type: text/css; charset=UTF-8
Content-Length: 23
Content of style.css (via Chrome Inspector, Preview):
body{background:#fff;}
PHP-server with router (not working)
$ php -S 127.0.0.1:8001 router.php
PHP 5.6.15 Development Server started at Sat Nov 21 13:15:02 2015
Listening on http://127.0.0.1:8001
Header of style.css:
$ curl -I http://127.0.0.1:8001/style.css
HTTP/1.1 200 OK
Host: 127.0.0.1:8001
Connection: close
Content-Type: text/css; charset=UTF-8
Content-Length: 23
Content of style.css (via Chrome Inspector, Preview) - problem:
�HTTP/1.1 200 OK
Host: 127.0.0.1:8000
Connection: close
Content-Type: text/css; charset=UTF-8
Content-Length: 23
body{background:#fff;}
Content of router.php
<?php return false; ?>
Why is the HTTP-header written to the top of style.css?
Update: Solution
Set the following value in php.ini:
zlib.output_compression = off
wordpress on openshift custom domain "too many redirects" error, works on openshift default domain
curl request on custom domain does not work
curl -vvv http://www.hobbyhap.com/h
Hostname was NOT found in DNS cache
* Trying 54.204.79.83...
* Connected to www.hobbyhap.com (54.204.79.83) port 80 (#0)
> GET /h HTTP/1.1
> User-Agent: curl/7.35.0
> Host: www.hobbyhap.com
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Tue, 27 Jan 2015 18:05:15 GMT
* Server Apache/2.2.15 (Red Hat) is not blacklisted
< Server: Apache/2.2.15 (Red Hat)
< Location: http://www.hobbyhap.com/h/
< Content-Length: 317
< Content-Type: text/html; charset=iso-8859-1
< Cache-control: private
< Set-Cookie: GEAR=local-54c70ac64382ec8161000031; path=/
< Accept-Ranges: none
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved here.</p>
<hr>
<address>Apache/2.2.15 (Red Hat) Server at www.hobbyhap.com Port 80</address>
</body></html>
* Connection #0 to host www.hobbyhap.com left intact
curl request on openshift domain works
curl -vvv http://hhapp-hobbyhap.rhcloud.com/h/
I update blogs,options,site and sitemeta tables with the custom domain,and it started working
I wrote my own long-pollig Tornado/AJAX chat with rooms , whisper messages and other cool stuff . Till now as user authentication for just test purposes i've been using cookies . So u had to just enter your name ,after what cokie 'user' was created and chat would react accordingly to that cookie . But the problem is that i wrote this chat for a friend which has a php site. So basically i need to authenticate users based on his sessions. Thats where i got confused. And i am very ashamed , because i caught myself on a thought that i don't know how exactly session work , which is kind of absurd, because i don't consider myself such a bad programmer ^^ Well shit happens. Well ofcourse i know that sessions only store id on the client and other information is stored on the server , but that doesn't really help because i need know excatly what happens in details . Sure i googled a bit , but still am confused how to solve this problem. So the basic questions are :
1) Would appreciate if someone could in details explain one more time exactly how sessions work , and what i need know or have access to on php site , to use sessions in another application ...
*2)*So for example when i authenticate on my django site ,session is created with some value like 's5ds6dssd6' , and to tell the truth i don't know what to further do with it.Ashamed again. For example in PHP to extract username (if it was set) and check/do something i would do something like PHP_SESSION['username'] === ... .In django even less work just to use decorator or user.is_authenticated method. Yet how works inside and what i need i don't know.
There is a big chance what i wrote is stupid , and it's very easy , and i am a moron , which wrote before trying ...Yet even if i somehow would be able to get data from sessions/php site how could i be sure that some guy didn't create session with random id by himself , without authencating on php site ....
Well hope someone could point me in right direction . It felt necessary to write so much so you could udnerstand =) what bothers me and respond accordingly.... Sorry if i wrote something stupid.
1) Would appreciate if someone could
in details explain one more time
exactly how sessions work , and what i
need know or have access to on php
site , to use sessions in another
application ...
P.S: I am using Linux(I use the freely available Ubuntu which is the most popular/user-friendly Linux distro) as OS below and I would advice you to use a *nx distro(MacOSX is also pretty good but expensive in my opinion) as well with all your webdevelopment although all these commands are also available in Cygwin(windows).
Sessions are:
Session support in PHP consists of a
way to preserve certain data across
subsequent accesses. This enables you
to build more customized applications
and increase the appeal of your web
site.
Below I try to explain what sessions are and how they are using cookies
I created a simple no.php which does not use sessions and simply outputs Hello World:
Hello World
When we curl this script with the headers using -v we get the following output:
alfred#alfred-laptop:~/www/6500588$ curl http://localhost/6500588/no.php -v
* About to connect() to localhost port 80 (#0)
* Trying ::1... Connection refused
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /6500588/no.php HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: localhost
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Tue, 28 Jun 2011 02:10:53 GMT
< Server: Apache/2.2.16 (Ubuntu)
< X-Powered-By: PHP/5.3.3-1ubuntu9.3
< Vary: Accept-Encoding
< Content-Length: 12
< Content-Type: text/html
<
Hello World
* Connection #0 to host localhost left intact
* Closing connection #0
As you can see from the output no cookie has been set. If you do this repeatedly you will get the same output.
Next I create a simple yes.php file which does make use of sessions.
<?php
session_start();
if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 0;
}
echo $_SESSION['count']++;
Let's show the output from curl without storing the cookie:
alfred#alfred-laptop:~/www/6500588$ curl http://localhost/6500588/yes.php -v
* About to connect() to localhost port 80 (#0)
* Trying ::1... Connection refused
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /6500588/yes.php HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: localhost
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Tue, 28 Jun 2011 02:12:47 GMT
< Server: Apache/2.2.16 (Ubuntu)
< X-Powered-By: PHP/5.3.3-1ubuntu9.3
< Set-Cookie: PHPSESSID=hrduhht116e9mikhkkj0gu7126; path=/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Vary: Accept-Encoding
< Content-Length: 1
< Content-Type: text/html
<
* Connection #0 to host localhost left intact
* Closing connection #0
0
As you can see the count is 0, but also a cookie has been set: Set-Cookie: PHPSESSID=hrduhht116e9mikhkkj0gu7126; path=/. with session_id hrduhht116e9mikhkkj0gu7126
If we do not store this cookie when we issue the same curl command again we wil still receive 0 as answer(forget to count) and also receive another cookie.
alfred#alfred-laptop:~/www/6500588$ curl http://localhost/6500588/yes.php -v
* About to connect() to localhost port 80 (#0)
* Trying ::1... Connection refused
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /6500588/yes.php HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: localhost
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Tue, 28 Jun 2011 02:16:42 GMT
< Server: Apache/2.2.16 (Ubuntu)
< X-Powered-By: PHP/5.3.3-1ubuntu9.3
< Set-Cookie: PHPSESSID=ihlj9c9fifl8f0lklu0umesas2; path=/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Vary: Accept-Encoding
< Content-Length: 1
< Content-Type: text/html
<
* Connection #0 to host localhost left intact
* Closing connection #0
0
As you can see hrduhht116e9mikhkkj0gu7126 is not equal to ihlj9c9fifl8f0lklu0umesas2 which means a new cookie has been set and the information in that session is lost.
Next we store the cookie to cookie file issuing -c flag
alfred#alfred-laptop:~/www/6500588$ curl http://localhost/6500588/yes.php -v -c cookie
* About to connect() to localhost port 80 (#0)
* Trying ::1... Connection refused
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /6500588/yes.php HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: localhost
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Tue, 28 Jun 2011 02:27:11 GMT
< Server: Apache/2.2.16 (Ubuntu)
< X-Powered-By: PHP/5.3.3-1ubuntu9.3
* Added cookie PHPSESSID="1h6710hhk84e0k9bj2kg7p03u5" for domain localhost, path /, expire 0
< Set-Cookie: PHPSESSID=1h6710hhk84e0k9bj2kg7p03u5; path=/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Vary: Accept-Encoding
< Content-Length: 1
< Content-Type: text/html
<
* Connection #0 to host localhost left intact
* Closing connection #0
0
As you can see from ls(directory listing) we stored cookie to file named cookie.
alfred#alfred-laptop:~/www/6500588$ ls -al
total 20
drwxr-xr-x 2 alfred alfred 4096 2011-06-28 04:27 .
drwxr-xr-x 19 alfred alfred 4096 2011-06-28 03:59 ..
-rw-r--r-- 1 alfred alfred 196 2011-06-28 04:27 cookie
-rw-r--r-- 1 alfred alfred 12 2011-06-28 04:00 no.php
-rw-r--r-- 1 alfred alfred 114 2011-06-28 04:12 yes.php
That cookie to keep track of the count contains the following information according to cat(shows output of file)
alfred#alfred-laptop:~/www/6500588$ cat cookie
# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.
localhost FALSE / FALSE 0 PHPSESSID 1h6710hhk84e0k9bj2kg7p03u5
We next use that cookie to keep track of the count.
alfred#alfred-laptop:~/www/6500588$ curl http://localhost/6500588/yes.php -v -b cookie
* About to connect() to localhost port 80 (#0)
* Trying ::1... Connection refused
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET /6500588/yes.php HTTP/1.1
> User-Agent: curl/7.21.0 (i686-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.18
> Host: localhost
> Accept: */*
> Cookie: PHPSESSID=1h6710hhk84e0k9bj2kg7p03u5
>
< HTTP/1.1 200 OK
< Date: Tue, 28 Jun 2011 02:40:18 GMT
< Server: Apache/2.2.16 (Ubuntu)
< X-Powered-By: PHP/5.3.3-1ubuntu9.3
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< Vary: Accept-Encoding
< Content-Length: 1
< Content-Type: text/html
<
* Connection #0 to host localhost left intact
* Closing connection #0
1
As you can see we used that cookie with the same ID 1h6710hhk84e0k9bj2kg7p03u5 and the count is 1 instead of 0 when we don't use any cookie(or not store cookie and get new cookie).
So basically i need to authenticate
users based on his sessions.
sessions are just simple using cookies(sessionid) under the cover. You could for example override the standard implementation for sessions to use the database instead of the filesystem(interesting read!). But I would just use the session_id you receive from PHP(session_id) within your tornado application to authenticate your session because that should be unique(hard to guess).
session_id() returns the session id
for the current session or the empty
string ("") if there is no current
session (no current session id
exists).
P.S: I hope this answers your question a little bit. If not you could ask in the comments for a little bit more information?
Recently and without any website code changes, a few of our dynamic PHP pages are either only partially rendering or not rendering at all.
When the page won't render at all, and when I run curl, this is what I see:
$ curl -lv http://example.com/create_ad.php
* About to connect() to example.com port 80
* Trying 66.777.888.999... * connected
* Connected to example.com (66.777.888.999) port 80
> GET /mypage.php HTTP/1.1
User-Agent: curl/7.13.2 (i386-pc-linux-gnu) libcurl/7.13.2 OpenSSL/0.9.7e zlib/1 .2.2 libidn/0.5.13
Host: example.com
Pragma: no-cache
Accept: */*
* Empty reply from server
* Connection #0 to host example.com left intact
curl: (52) Empty reply from server
* Closing connection #0
And on partially rendered pages, when I run curl, I see this:
$ curl -lv http://example.com/anotherpage.php
* About to connect() to example.com port 80
* Trying 66.777.888.999... * connected
* Connected to example.com (66.777.888.999) port 80
> GET /anotherpage.php HTTP/1.1
User-Agent: curl/7.13.2 (i386-pc-linux-gnu) libcurl/7.13.2 OpenSSL/0.9.7e zlib/1.2.2 libidn/0.5.13
Host: example.com
Pragma: no-cache
Accept: */*
< HTTP/1.1 200 OK
< Date: Thu, 15 Apr 2010 20:03:49 GMT
< Server: Apache/1.3.39 (Unix) mod_ssl/2.8.30 OpenSSL/0.9.8d
< Connection: close
< Transfer-Encoding: chunked
< Content-Type: text/html
[PARTIALLY RENDERED & MANGLED HTML HERE]
* transfer closed with outstanding read data remaining
* Closing connection #0
curl: (18) transfer closed with outstanding read data remaining
No errors in PHP error logs. Any ideas?
The problem was caused by apache log files growing to over 2 GB because the log files were not being rolled and archived.