CODEWITHSUNDEEP
ruby-on-railsgoogle-chromenginxunicorn
patrickdet
patrickdet

Reputation: 91

nginx rails send_file - Duplicate headers received from server

I have set up our Rails app to serve files via send_file and since we dont want to keep our app busy serving the file we hand that off to Nginx with the X-Accel-Redirect header. For that i set config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' in my production.rb file as well as setup my nginx.conf like this:

# In order to get the site running
# symlink this file to /etc/nginx/sites-enabled/production

upstream unicorn-production {
  server unix:/tmp/unicorn.sock fail_timeout=0;
}

server {
  listen 3000;
  server_name production.localhost;
  root /home/deployer/apps/production/current/public;
  access_log /var/log/nginx/production_access.log;
  rewrite_log on;

  try_files $uri/index.html $uri @unicorn;

  location ~ ^/downloads/(.*)$ {
    internal;
    alias /home/deployer/downloads/$1;
  }

  location @unicorn {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_redirect off;
    proxy_pass http://unicorn-production;

    proxy_set_header  X-Sendfile-Type   X-Accel-Redirect;
    proxy_set_header  X-Accel-Mapping   /downloads/=/home/deployer/downloads/;

    proxy_connect_timeout 90;
    proxy_send_timeout 90;
    proxy_read_timeout 90;
  }

  error_page 500 502 503 504 /500.html;
  client_max_body_size 4G;
  keepalive_timeout 10;
}

and in my controller action i do something like: send_file "/home/deployer/downloads/testfile.foo"

.

This should all work in theory but when i visit mysite.com/mycontroller/download Chrome tells me Duplicate headers received from server: Error 349 (net::ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION): Multiple Content-Disposition headers received. This is disallowed to protect against HTTP response splitting attacks.

Any help very appreciated.

Upvotes: 2

Views: 2453

Answers (1)

sachinr
sachinr

Reputation: 189

This error can be fixed by wrapping the content disposition filename in quotes when using send_data:

From:

send_data data, :type => type,
          :disposition=>"attachment; filename=#{filename}"

To:

send_data data, :type => type,
          :disposition=>"attachment; filename='#{filename}'"

I assume the same applies when using the send_file method

See: https://github.com/prior/prawnto/pull/16

Upvotes: 3

Related Questions