does anyone know how to serve a web bundle so that it loads, rather than just downloading as a file?
Some disambiguation: There is a format called WebPackage (not to be confused with webpack), also called a Web Bundle. Files typically have the .wbn suffix. It contains html and js files and can be used to view websites offline. Useful for e.g. archiving websites or making websites that work well with intermittent network access. Download the file once, and you have all the assets you need for at last basic operation of the site.
The standard on how to serve a .wbn file is here:
https://wicg.github.io/webpackage/draft-yasskin-wpack-bundled-exchanges.html
However when I add the required headers in the web server, the .wbn file is just downloaded. If I drag the downloaded file onto my browser (google-chrome), the file is displayed as the website it contains, so unless there is some very subtle bug in there I believe that the format of the bundle is OK.
Here is a sample request:
Request URL: http://localhost/bundle/www-signed.wbn
Request Method: GET
Status Code: 200 OK
Remote Address: [::1]:80
Referrer Policy: strict-origin-when-cross-origin
and the server response:
Accept-Ranges: bytes
Connection: keep-alive
Content-Length: 4300
Content-Type: application/webbundle <-- Required by the standard
Date: Thu, 02 Sep 2021 12:00:24 GMT
ETag: "612ef7cb-10cc"
Last-Modified: Wed, 01 Sep 2021 03:47:23 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Content-Type-Options: nosniff <-- required by the standard
If anyone has this working on a website or knows how to do it, I would love to have a look.
I had the same problem that the wbn file was just downloaded instead of executed.
I had to enable the web bundles feature even though my chrome version is 96+
I have an Apache server running a website with a symfony 2 login form, two weeks ago some of the users got their computers updated to windows 10, since then, sometimes when they click the login button Chrome downloads this file called "login" i attached instead showing it:
0
HTTP/1.1 200 OK
Date: Thu, 24 Nov 2016 14:41:00 GMT
Server: Apache
X-Powered-By: PHP/5.4.22
Cache-Control: no-cache
X-Debug-Token: 7216b3
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
794
‹ ´Y{oÛ8ÿÛù\]‹Ú#$YNÓ¼ä²n»W`swhZÜE!ÐÒØbB‘*I9I/ýP‡ûûÅnHJ~dSl³ˆƒÆó›g8ÃiúS!ss[)MÅOwRûE8óq : ºÎóò«q`TÁé!i ´8Ýé¥Jò’*
f4f$¶+†§ï&oÈ+#Ñ4öS• Œƒt®Xm˜É¥0 (¸·‹6¦”jsÁ¿§4¦áKÃãàßádzp"«š6å°FòîÍ8žü:rŸ ?…á'6#Üà$9úŒS½ÔËD´ÊÇE?Žck–}]²*šK9çË¢\V±^ˆ
#®ü–èR§iìþ'›}Cy~ä\NrQCÎf,'稆&nǺÚ×µTfM‹kV˜r\À‚åºÁ.a‚Fy¨sÊaœì’ŠÞ°ª©º «(q¼[½ìqãi‰/é‚úYkóÞ‚*2UòZƒêõzc”cÁæÔH58u6GN6·½‡9Üàθ&
%Yq÷3§ùÕÏ ÔíÝ»7^Ó»¿Ë+FïØ?û´¸+¥€;YîþQ£[ó>n¹Cƒ¸ÃfÚÓYf”k°lÖoyF5yÙ_—`0 ÿÁ=½%’Zµ”=Zo(û¯L£Aõ.iì’Y#rë{}$'èÃX²1ý]öãû_§Tí’áà„|Ûõr\GEVÛúǾwÍD!¯#4©äüƒìwOómÇÿº]^K.íù1±v‚“Χí]µ·kTHq[É·l¬ËDEë/
hCkv·¸ùmuiŠçÞ4ÓQ1œ
þ|49˜?ß{-÷ãfDËk„éuèV36oÙ´?© Ø
>¢çTÐ9(9®†ç´^
^;\ùAJ®ñÏ3f]¼å (Ì:6ëÔ8Á‚Ïk²ÎÅE††õbÚÅgNôìUÀµ!6¹¸ðå pSÊ™¸"¥‚Ù8ˆi]gDQ]Öq®u\L‹W‡Ù”jÈ’§‚õ(qc|hs‹ìKTÂ_?
L+ú•5U6Ú6§·è³ÙÞ WtÙË-À_¢÷ªÛ°aÙþÐφ»Ì^mMð¨j¸a€ÙÀdÛ´OhðbªY~*ÄËLŠìp§í4eGÛ³ØÃê,nAM•É’$&!ÞˆŒKýÈ#Þù#NÃdïÕèððOsXÞMo1«âÕë3¾«c[O……ŽÉC쎙Ux5Æ7¡ŸkÅ›y”?ÚRf…‚¢slòÒ…µÂŠ¥ª¥†"XÓocST‹yð;‚£›ƒÑwQC·ì°'e‹ž$/oð÷ûø톇ÖÊ$þ«‰Omuå~6Ê»S¾Ôñè°íÑ.ô’è(â1_¶§L¨›Ö’Ï#Ñ1°-ƒ¦…1`É¡ÀÜ°5üßÝL/·Ãkã²Ýß\b¡
sÆvðÝõwðÔà•¬°6Ãç€)CûrÓ˜¶ÃÂöW¬ß1E<1ƒ‚x+Vö6=<1x—Ø’-rÔ–`É–âQ¬L·Çè÷\ª©¼É’'^Ÿ—÷mÖÔ•”¦ôo£§¿S—ŒF¡{Y±¯Ô>ÒB¯"Ö˜O~8KŽ{¡{rcÂ
Ñ’M%ôÓ߸Kf/C+6Ãî!ªŸþÒ]²Ûu3ÅàoôŸºuî5´¼ÛGg<“úR+Œ &æVû'>óïµR~óž>-ê_Ñ!ø”æWcä½÷øø2}M
Ý`âʱÇÈ>Ň˜S¸±e‹ÁGªæÎï,ón(UT1±©+8„SÛ€J°ˆ½Š’(ÙÛÐÑæ÷¸±DÔ1l°øQ›¡¨øº/¤ŠWy½æÍœ Ôa™ßãõ°Š¬ #ß;´®cñH1|º‰»tsõGšY;«6MŽX &îŠ×lÑ÷Ý¢gýáµÄ›ïÅÀ–ò}×ÅÁ“d–ðøjŒg/ví<‡™9&ýg}ßåD®‡`!¹åüë_~uµ‘õq l^šïRÿ]FrÛ:²]¤o¨Ô³~!óÆZg) Åm½‡å”ê(°%tÿwÚ#î{À(–…ýX94uûvo:•Åíi/-Ø‚°bt$çTc©ž·`®•˜Î0›êD»–Ž0sMå€T`J‰hht߃ì¥õ&`;˪yë'î9¤-ŒôU?åfØ^s÷–KãzYí[q[<tVmðòA)©s©„\9G'´6ËXŒèc2Œ : ºû¬¦b
Ç>=Hû21“Kú—ÝÄ:Ë ©¨B]CeÏò˜´€h_ëp’b~:A»ÈµÝ-ï·ÿ wúe¯ª²T«îz[)§SàÍ‚iP¶wœ~Ô
UL§±[>M§*^R0Q7둸ó\·íçl5ÑêíÎQdAyc{ó÷mþ°d5\K…¾1‘ïE
¿ý—þ±tK2'ájÔJ¸šxHÂ
¹º6àCÎåØNcðL—žù‰î
n³ 3N|¬%©Jc¿¾¤÷lÒØú½}çúÓÂèqac£ÈýËÿ ÿÿ
a
°•Tüq
0
Only computers using google Chrome that have been updated to windows 10 have this issue. Other computers using Chrome or using Internet Explorer from the same computer works fine.
I have tried to change the response headers of the Content-Type to text/html using the ModHeader extension but the Chrome shows the same content of the file without interpreting it.
I have tried with older versions of Chrome with the same result.
Also I disabled the Apache compression but still sometimes Chrome downloads the page.
The user have disabled the antivirus but the issue keeps the same.
Browsing a similar version of the application hosted in another server works fine.
I don't know if the issue is related to the clients or the server.
Edit:
It looks like the computers have FortiNet installed and it could be breaking the network packages.
When I Mod_Rewrite a page, Chromium will load the page twice. Other browsers like Firefox only load it once. I have seen a tun of posts saying Chromium has trouble with empty GET requests, but that doesn't seem to apply to me as the only thing I'm returning is a basic static HTML page with only the count of requests in it.
<!DOCTYPE html><html><head><title>TITLE</title></head><body>3</body></html>
The 3 indicates the count of total page loads (and is pretty much the only dynamic value in this)
When I load pages in Firefox or using wget in the terminal it returns 1, 2, 3, 4, 5... as it should, while Chromium returns 1, 3, 5, 7, 9....
I don't really get how Chromium is supposed to know when a page is Mod_Rewritten. (There should be no difference in output should there? )
Also in case it matters, these are the HTTP response headers.
HTTP/1.1 200 OK
Date: Sun, 13 Oct 2013 17:53:50 GMT
Server: Apache/2.2.22 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 76
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
After searching through the access log I saw Chromium was also trying to load favicon.ico which obviously got rewritten too and thus caused a second page load.
When using the HTTP API I am trying to make a call to the aliveness-test for monitoring purposes. At the moment I am testing using curl and the following command:
curl -i http://guest:guest#localhost:55672/api/aliveness-test/
And I get the following response:
HTTP/1.1 404 Object Not Found
Server: MochiWeb/1.1 WebMachine/1.9.0 (someone had painted it blue)
Date: Mon, 05 Nov 2012 17:18:58 GMT
Content-Type: text/html
Content-Length: 193
<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested document was not found on this server.<P><HR><ADDRESS>mochiweb+webmachine web server</ADDRESS></BODY></HTML>
When making a request just to list the users or vhosts, the requests returns successfully:
$ curl -I http://guest:guest#localhost:55672/api/users
HTTP/1.1 200 OK
Server: MochiWeb/1.1 WebMachine/1.9.0 (someone had painted it blue)
Date: Mon, 05 Nov 2012 17:51:44 GMT
Content-Type: application/json
Content-Length: 11210
Cache-Control: no-cache
I'm using the latest stable version (2.8.7) of RabbitMQ and obviously have the management plugin installed for the API to work with the users call (the response is left out due to it containing company data but is just regular JSON as expected).
There isn't much on the internet about this call failing so I am wondering if anyone has seen this before?
Thanks,
Kristian
Turns out that the '/' at the beginning of the vhosts names is not implicit, even when as part of a URL. To get this to work I simply changed my request from:
curl -i http://guest:guest#localhost:55672/api/aliveness-test/
To
curl -i http://guest:guest#localhost:55672/api/aliveness-test/%2F
As %2F is '/' HTTP encoded, my request now queries the vhost named '/' and returns a 200 response which looks like:
{"status":"ok"}
I need to either find a file in which the version is encoded or a way of polling it across the web so it reveals its version. The server is running at a host who will not provide me command line access, although I can browse the install location via FTP.
I have tried HEAD and do not get a version number reported.
If I try a missing page to get a 404 it is intercepted, and a stock page is returned which has no server information on it. I guess that points to the server being hardened.
Still no closer...
I put a PHP file up as suggested, but I can't browse to it and can't quite figure out the URL path that would load it. In any case I am getting plenty of access denied messages and the same stock 404 page. I am taking some comfort from knowing that the server is quite robustly protected.
The method
Connect to port 80 on the host and send it
HEAD / HTTP/1.0
This needs to be followed by carriage-return + line-feed twice
You'll get back something like this
HTTP/1.1 200 OK
Date: Fri, 03 Oct 2008 12:39:43 GMT
Server: Apache/2.2.9 (Ubuntu) DAV/2 SVN/1.5.0 PHP/5.2.6-1ubuntu4 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0
Last-Modified: Thu, 02 Aug 2007 20:50:09 GMT
ETag: "438118-197-436bd96872240"
Accept-Ranges: bytes
Content-Length: 407
Connection: close
Content-Type: text/html; charset=UTF-8
You can then extract the apache version from the Server: header
Typical tools you can use
You could use the HEAD utility which comes with a full install of Perl's LWP library, e.g.
HEAD http://your.webserver.com/
Or, use the curl utility, e.g.
curl --head http://your.webserver.com/
You could also use a browser extension which lets you view server headers, such as Live HTTP Headers or Firebug for Firefox, or Fiddler for IE
Stuck with Windows?
Finally. if you're on Windows, and have nothing else at your disposal, open a command prompt (Start Menu->Run, type "cmd" and press return), and then type this
telnet your.webserver.com 80
Then type (carefully, your characters won't be echoed back)
HEAD / HTTP/1.0
Press return twice and you'll see the server headers.
Other methods
As mentioned by cfeduke and Veynom, the server may be set to return limited information in the Server: header. Try and upload a PHP script to your host with this in it
<?php phpinfo() ?>
Request the page with a web browser and you should see the Apache version reported there.
You could also try and use PHPShell to have a poke around, try a command like
/usr/sbin/apache2 -V
httpd -v will give you the version of Apache running on your server (if you have SSH/shell access).
The output should be something like this:
Server version: Apache/2.2.3
Server built: Oct 20 2011 17:00:12
As has been suggested you can also do apachectl -v which will give you the same output, but will be supported by more flavours of Linux.
Warning, some Apache servers do not always send their version number when using HEAD, like in this case:
HTTP/1.1 200 OK
Date: Fri, 03 Oct 2008 13:09:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.6RC4-pl0-gentoo
Set-Cookie: PHPSESSID=a97a60f86539b5502ad1109f6759585c; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Connection to host lost.
If PHP is installed then indeed, just use the php info command:
<?php phpinfo(); ?>
Rarely, a hardened HTTP server is configured to give no server information or misleading server information. In those scenarios if the server has PHP enabled you can add:
<?php phpinfo(); ?>
in a file and browse to it and look for the
_SERVER["SERVER_SOFTWARE"]
entry. This is susceptible to the same hardening lack of information/misleading though I would imagine that it's not altered often, because this method first requires access to the machine to create the PHP file.
The level of version information given out by an Apache server can be configured by the ServerTokens setting in its configuration.
I believe there is also a setting that controls whether the version appears in server error pages, although I can't remember what it is off the top of my head. If you don't have direct access to the server, and the server administrator is competent and doesn't want you to know the version they're running... I think you may be SOL.
Telnet to the host at port 80.
Type:
get / http1.1
::enter::
::enter::
It is kind of an HTTP request, but it's not valid so the 500 error it gives you will probably give you the information you want. The blank lines at the end are important otherwise it will just seem to hang.
If they have error pages enabled, you can go to a non-existent page and look at the bottom of the 404 page.
Your best option is through PHP:
All version requests from the client side cannot be trusted since your Apache could be configured with ServerTokens Prod and ServerSignature Off. See: http://www.petefreitag.com/item/419.cfm
In the default installation, call a page that doesn't exist and you get an error with the version at the end:
Object not found!
The requested URL was not found on this server. If you entered the URL manually please
check your spelling and try again.
If you think this is a server error, please contact the webmaster.
Error 404
localhost
10/03/08 14:41:45
Apache/2.2.8 (Win32) DAV/2 mod_ssl/2.2.8 OpenSSL/0.9.8g mod_autoindex_color PHP/5.2.5
Simply use something like the following - the string should be there already:
<?php
if(isset($_SERVER['SERVER_SOFTWARE'])){
echo $_SERVER['SERVER_SOFTWARE'];
}
?>
Use this PHP script:
$version = apache_get_version();
echo "$version\n";
Se apache_get_version.