Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Internet Explorer bodyless POST optimization with SPNEGO header and accept-incomplete not handled
See original GitHub issueFor file upload, Internet Explorer may send a bodyless POST request under circumstances described in the following posts :
- https://blogs.msdn.microsoft.com/ieinternals/2010/11/21/challenge-response-authentication-and-zero-length-posts/
- http://stackoverflow.com/questions/20912663/ie10-ie11-upload-fail-not-sending-post-data
In such case, the behavior of the server as expected by IE is to send a 401 request to “re-establish” the authentication. However, in my observations, when this IE “optimization” occurs, the subsequent request
- contains and HTTP header
Authorization: Negotiate, with an SPNegoTokenTarg message with anaccept-incompletenegResult - does not yet contains the file (even though the Content-Length / Content-Type indicates otherwise) (I suppose sent in a third request)
Looking at the RFC : https://www.ietf.org/rfc/rfc4178.txt
The accept-incomplete indicates the following : “At least one additional negotiation message from the peer is needed to establish the security context.”
Indeed, the MSDN, documentation for AcceptSecurityContext indicates the possible SEC_I_COMPLETE_AND_CONTINUE or SEC_I_COMPLETE_NEEDED return value which requires additionnal processing :
https://msdn.microsoft.com/en-us/library/windows/desktop/aa374705(v=vs.85).aspx
waffle-jna implementation in WindowsAuthProviderImpl.acceptSecurityToken does not seem to be handling such case :
https://github.com/dblock/waffle/blob/60451c353916863d93073a32e88006af28c94412/Source/JNA/waffle-jna/src/main/java/waffle/windows/auth/impl/WindowsAuthProviderImpl.java#L134:L170
(The result for the end user is an upload failure)
Issue Analytics
- State:
- Created 7 years ago
- Comments:12 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I think we can stop digging around as the error is not only within waffle but also occurs with Microsoft IIS 7.5. Must be a bug inside IE…
I’ve found the following links from microsoft, but the don’t fix it for me:
Edit 04.05.2016 11:03: I’ve had the possibility to test that feature on a windows 10 machine using IE11 and the new edge browser. It’s working on both browsers. I can’t tell you if it has something to do with the browser itself or if it is a windows internal thing (bug in the NTLM implementation or something like that). The same round-trips are done if IE expects a 401. It first sends a zero-length POST request followed by an request containing the POST data. This was tested using waffle 1.6.1224.
There’s quite a bit in https://github.com/dblock/waffle/blob/master/Docs/SettingUpDevelopmentEnvironment.md, and maybe as you work through it you can contribute for the next person to get started.