Assigned
Status Update
No update yet.
Comments
di...@googlemail.com
Hello,
Thank you for reaching out to us!
This issue seems to be outside of the scope of Issue Tracker. This Issue Tracker is a forum for end users to report bugs and request features on Google Cloud products. Please go through
I recommend you to
For now, I'm going to close this thread which will no longer be monitored. In case you want to report a new issue, please do not hesitate to create a new Issue Tracker describing your issue.
Thank you!
di...@googlemail.com
I just got a mail that the following update was done to my request:
Updates:
Labels: Language-Java
Why this change? I am running my appengine on python! Content-Encoding has nothing to
do with the appengine language.
Please explain.
Cheers,
Dieter
Updates:
Labels: Language-Java
Why this change? I am running my appengine on python! Content-Encoding has nothing to
do with the appengine language.
Please explain.
Cheers,
Dieter
js...@gmail.com
Request is to allow the Content-Encoding header to be set, specifically to pack200-gzip
[Deleted User] <[Deleted User]>
We currently assume that Content-Encoding will only be used to request gzip compression. It appears that we
should have consulted the IANA list of registered content codings (http://www.iana.org/assignments/http-
parameters) before making this assumption, as pack200-gzip is a valid coding and does imply different
semantics to the client.
I'll do some more investigation into the feasibility of this.
should have consulted the IANA list of registered content codings (
parameters) before making this assumption, as pack200-gzip is a valid coding and does imply different
semantics to the client.
I'll do some more investigation into the feasibility of this.
di...@googlemail.com
Thank you very much!
Yes - I believe it was a JSR long ago which introduced it into the IANA list. That's
why we never even thought that appengine would not support pack200-gzip until late
into the development process when we tried to use it.
Cheers,
Dieter
Yes - I believe it was a JSR long ago which introduced it into the IANA list. That's
why we never even thought that appengine would not support pack200-gzip until late
into the development process when we tried to use it.
Cheers,
Dieter
je...@gmail.com
could someone explain why being able to set content-encoding is a security risk?
di...@googlemail.com
As far as I understand it there isn't. However this case is anyway special since
pack200-gzip is IANA standard.
From a user point of view all Google would have to do is allow specifying
pack200-gzip in app.yaml for a range of files or folders and then add the
Content-Encoding = pack200-gzip to the HTTP response header.
Unlike a few people I talked to believe, there is not more to do then changing the
HTTP response header. It doesn't mean that the server as to encode the served files
or something.
Still, there may be technical limitations on Google's end keeping them from doing it.
Perhaps somebody from Google could explain it in great detail. Maybe we find a
solution together.
pack200-gzip is IANA standard.
From a user point of view all Google would have to do is allow specifying
pack200-gzip in app.yaml for a range of files or folders and then add the
Content-Encoding = pack200-gzip to the HTTP response header.
Unlike a few people I talked to believe, there is not more to do then changing the
HTTP response header. It doesn't mean that the server as to encode the served files
or something.
Still, there may be technical limitations on Google's end keeping them from doing it.
Perhaps somebody from Google could explain it in great detail. Maybe we find a
solution together.
je...@gmail.com
Could we get some official commentary on implementing/fixing this? Either dynamic
Content-Encoding is not a security risk and someone could trivially enable it, or it
is and someone could post a short comment explaining why.
Content-Encoding is not a security risk and someone could trivially enable it, or it
is and someone could post a short comment explaining why.
di...@googlemail.com
Hi Jeremy,
What do you need Content Encoding for? Are you also opting for pack200-gzip CE?
What do you need Content Encoding for? Are you also opting for pack200-gzip CE?
je...@gmail.com
Dieter.Krachtus: yes, pack200 compresses my applet 6 fold. regardless, this platform
shouldn't have arbitrary limitations.
shouldn't have arbitrary limitations.
ts...@gmail.com
Also waiting for pack200-gzip encoding support by the Google appengine. I have even
tried bypassing this limitation by writing a simple servlet which will be responsible
for reading *.jar.pack.gz files back to the client, but even though it works on my
development environment, it does not when deployed on appengine.
tried bypassing this limitation by writing a simple servlet which will be responsible
for reading *.jar.pack.gz files back to the client, but even though it works on my
development environment, it does not when deployed on appengine.
di...@googlemail.com
Well a lot of stuff works on the dev server. Once deployed appengine will 'filter'
out all the 'wrong' headers.
The appengine team has acknowledged that they want to fix it. I guess we just have to
wait.
out all the 'wrong' headers.
The appengine team has acknowledged that they want to fix it. I guess we just have to
wait.
fi...@gmail.com
I've digged and tested many things before writing , Thinking a simple scenario,
client requests a url like xxtopic, we could get the releated topic ( after url
dispatching to a handler ) from datastrore, " gzip " the content, and also put
created content as gzipped to datastre ( may be memcache also ), and sent to client
wtih putting content-encoding : gzip, ( also we may need to check request headers
about accept content bu it's disabled ( even dev server ), what's the point, ok app
server could detect and gzip ( or deflate or wahtever ) if server script does not
interact the headers, but in my scenario, it's waste of cpu cycles, also unnecassary
.. Finally I would have both request and response headers about accept encoding, and
have permition to unset request header to prevent app server to try gzip again ..
I've spent about 4-5 nights to find why I can not get the accept encoding headers,
finally found the code that unsets the accept headers in dev server and I assume same
thing applied on app server.. Please help , thanks
S.Firat SARLAR
client requests a url like xxtopic, we could get the releated topic ( after url
dispatching to a handler ) from datastrore, " gzip " the content, and also put
created content as gzipped to datastre ( may be memcache also ), and sent to client
wtih putting content-encoding : gzip, ( also we may need to check request headers
about accept content bu it's disabled ( even dev server ), what's the point, ok app
server could detect and gzip ( or deflate or wahtever ) if server script does not
interact the headers, but in my scenario, it's waste of cpu cycles, also unnecassary
.. Finally I would have both request and response headers about accept encoding, and
have permition to unset request header to prevent app server to try gzip again ..
I've spent about 4-5 nights to find why I can not get the accept encoding headers,
finally found the code that unsets the accept headers in dev server and I assume same
thing applied on app server.. Please help , thanks
S.Firat SARLAR
di...@googlemail.com
Almost 2 years and no fix? Is this bug this on the radar? Estimates?
re...@gmail.com
I, too, just ran into this. Still no fix?
di...@googlemail.com
I think the main problem is that this issue is flagged as missing feature and not as a bug which in my opinion it is. After such a long time this issue may well be forgotten. Perhaps somebody should resubmit a new issue report flagging this as a bug.
ej...@evanjones.ca
This problem also appears when attempting to serve .svgz files (gzip compressed SVG files). This images need to have the following headers to get browsers to display them:
Content-Type: image/svg+xml
Content-Encoding: gzip
https://jwatt.org/svg/authoring/#server-configuration
Content-Type: image/svg+xml
Content-Encoding: gzip
e7...@gmail.com
Is there any workaround to serve static svgz files ?
td...@gmail.com
Also annoying for serving large javascript files. Apparently anything above 1 MB is not compressed automatically and there is no way to do it manually since the content-encoding header is stripped.
Disappointing that this is nearly four years old and still not fixed.
Disappointing that this is nearly four years old and still not fixed.
kh...@google.com
I have forwarded this request to the engineering team. We will update this issue with any progress updates and a resolution.
hi...@gmail.com
- Was this issue solved?
- It seems Content-Encoding header is still being stripped
- It seems Content-Encoding header is still being stripped
Description
use pack200-gzip to reduce this size by a factor 5 to 20. This results in
an acceptable loading and startup time. If uncompressed, especially with
slow internet connection, startup times are unacceptable long.
More info:
So far all my hosting scenarios always allowed me to set the
Content-Encoding. So it was a non-issue when switching to Google appengine.
Sadly I discovered these restrictions:
I would suggest that since it seems to be an security issue that you keep
Content-Encoding deactivated by default:
1. you could only allow it after a request has been issued and
2. you could restrict it to Google Apps users, so the identity of the user
is verified.
It would be also fine to allow only certain Content-Encodings (as long as
pack200-gzip is possible) or restrict setting them to a certain static
folder or file type.