Uploaded image for project: 'Titanium SDK/CLI'
  1. Titanium SDK/CLI
  2. TIMOB-10350

Android: Uppercase HTTP in url causes failure

    Details

      Description

      If the URL of an HTTP request contains uppercase "HTTP" or "HTTPS" as the scheme then the request will fail badly.

      The error is reproducible with the following simple example code:

          var xhr = Ti.Network.createHTTPClient({
              onload: function () {
                  Ti.API.info("SUCCESS" + this.responseText);
               },
              onerror: function (evt) {
                  Ti.API.error("ERROR:" + this.responseText);
              }
          });
          xhr.open('GET', "HTTP://www.appcelerator.com:80");
          xhr.send({});
      }
      

      The attached log file shows the output of the send operation. Note that I have enabled DBG in the code as well as added code to output the response.

      Line 20 in the log: You can see the 'GET' request with an uppercase "HTTP" in the url
      Line 23 in the log: You can see the 1st side-effect of the bad parse result – it can't locate the port string
      Line 37 in the log: You can see what it thinks it needs to invoke
      Line 66 in the log: The start of the responseText that is actually received – it contains bogus javascript code

      I believe that this is all caused by the code in TiHTTPClient.java not properly handling the uppercase HTTP scheme. Around line 768 in TiHTTPCLient.java is the following code:

      		// if the url is not prepended with either http or 
      		// https, then default to http and prepend the protocol
      		// to the url
      		if (!url.startsWith("http://") && !url.startsWith("https://")) {
      			url = "http://" + url;
      		}
      

      The result is that if the scheme is uppercase then the resulting URL that gets processed is "http://HTTP://..." and this throws the whole process off.

      According to the IETF (http://www.ietf.org/rfc/rfc1738.txt):

      For resiliency, programs
      interpreting URLs should treat upper case letters as equivalent to
      lower case in scheme names (e.g., allow "HTTP" as well as "http").

      Note that this works fine on iOS.

      Workaround for anyone running into this problem. Prior to calling 'open' on the http client object, replace the uppercase scheme using something like the following code:

      url = url.replace(/^HTTP:/,"http:");
      url = url.replace(/^HTTPS:/,"https:");

        Attachments

          Activity

            People

            • Assignee:
              hpham Hieu Pham
              Reporter:
              jenglish Jeff English
            • Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Backbone Issue Sync

                • Titanium SDK/CLI <> Titanium Mobile
                  Synced with:
                  TIMOB-5656
                  Sync status:
                  ERROR
                  Last received:
                  Last sent:

                  Git Source Code