Defect #24646

X-Sendfile is missing in response headers

Added by Karel Pičman 6 months ago. Updated 6 months ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:Attachments
Target version:3.2.5
Resolution:Fixed Affected version:3.3.1

Description

Despite uncommenting X-Sendfile option in config/additional_environment.rb, X-Sendfile header is not added into the response. Therefore the download is not handed over to the webserver and it is processed by the application. It prevents from downloading of large files.

config/additional_environment.rb

# Specifies the header that your server uses for sending files
config.action_dispatch.x_sendfile_header = "X-Sendfile" 

Response header when downloading a file from the Files module:

Cache-Control private
Connection Keep-Alive
Content-Disposition attachment; filename="file.zip"
Content-Length 25362
Content-Type application/x-zip-compressed
Date Mon, 19 Dec 2016 08:33:42 GMT
Etag "c4c34e17fd91b5e7f97ea03a1e4366f6"
Server WEBrick/1.3.1 (Ruby/2.3.1/2016-04-26)
Set-Cookie _redmine_session=SzJycUd0VUYybGNkU2NVWGVHN1VQOVhJVUY1dTJCRjNOS05HU2xaSzY1aWYwOHp3am1SUURiWEdjNCtZOE44T2I0UkV3eHNWSWwwZDJ0MHBUMmhjck5Vd3ZNVHZla1RNTXBTTWQ3bnQva2p4OXk1KzUxcFgzWmVmU0dlYWg2dXFtei9JRXpXYWpyQXJ1ckY2TlQ0WEtkb1dPclprSlJ5Ni9pejN0a0FXMkUrVFdTUVFUeDBlMW9DNGJuN0k5Y3dPM1FIekcxUDByZlQ4emg1TmJyVUdkdC84REwyU1pVNGtIZnkzTVJ4T1dDdnVIYTFPMWJBWFNZeU5DRlRSUkE3QytUc3dFbWRaMXdhUjZmK0FvcGlENklCV3YzTDhSbWt4YWs5UEJLdW9wczlFMy9yc3BlY3krakV1ZjlSeUdNN29Gd2tENnk3Vk5VOFlSMERkdVdxNVpjdG1xQ3RTQlNTYWRnb1QvVmVzZy9NPS0tVGFOZGhaWUZVdEdRMUJrSjMwU05pQT09--150df285ffe701a4ef1e1bad01398101dcb4989c; path=/; HttpOnly
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Request-Id 8743fb81-42d3-4924-b93f-199b95e68ed1
X-Runtime 0.030291
X-XSS-Protection 1; mode=block
content-transfer-encoding binary

My environment:

Environment:
  Redmine version                3.3.1.stable
  Ruby version                   2.3.1-p112 (2016-04-26) [x86_64-linux-gnu]
  Rails version                  4.2.7.1
  Environment                    production
  Database adapter               Mysql2

Associated revisions

Revision 16114
Added by Jean-Philippe Lang 6 months ago

Fixed that X-Sendfile header is never set (#24646).

History

#1 Updated by Karel Pičman 6 months ago

During a next investigation I've found that the problem is that the body doesn't respond to to_path method:

Rack::Sendfile

class Sendfile
    F = ::File
    ...

    def call(env)
      status, headers, body = @app.call(env)
      if body.respond_to?(:to_path) # Here is the problem
        case type = variation(env)
        when 'X-Accel-Redirect'
        ...

While in a working application the body is an instance of ActionDispatch::Response::RackBody which have as a member ActionDispatch::Response response, in Redmine I see there an array which doesn't respond to to_path method.

Unfortunately I've no clue what could be the reason.

#2 Updated by Jean-Philippe Lang 6 months ago

  • Status changed from New to Confirmed

#3 Updated by Jean-Philippe Lang 6 months ago

  • Status changed from Confirmed to Resolved
  • Assignee set to Jean-Philippe Lang
  • Target version set to 3.3.2
  • Resolution set to Fixed

The problem was caused by Rack::ContentLength. This should be fixed by r16114.
Thanks for pointing this out.

#4 Updated by Jean-Philippe Lang 6 months ago

  • Target version changed from 3.3.2 to 3.2.5

#5 Updated by Karel Pičman 6 months ago

I confirm that after applying your patch, everything works as expected. Thank you very much.

#6 Updated by Go MAEDA 6 months ago

  • Category changed from Files to Attachments

#7 Updated by Jean-Philippe Lang 6 months ago

  • Status changed from Resolved to Closed

Thanks for the feedback.

Also available in: Atom PDF