Description

If IE6 / IE7 sends an HTTP POST request containing non-rfc compliant extra data to the builtin "standalone" server of moin, the server will reset the connection, making Internet Explorer unhappy and behaving weirdly.

Steps to reproduce

Run a MoinMoin standalone server (aka. wikiserver.py) on localhost:8080.
On Windows XP, visit a large wiki page through Internet Explorer 6 (and 7).
Click the Edit link, and then press Preview button on the editing page.
IE will refresh when the preview page displays in the middle, and finally jump to the original page itself.
If it looks normal after you press Preview, try to do it several times. You will see the weird behavior sooner or later.

Example

URL: http://localhost:8080/WikiSandBox

Component selection

MS Internet Explorer (has bug)
standalone server (behaves very strict)

Details

MoinMoin Version	1.9.4
OS and Version	Windows XP SP3, IE 7.0.5730
Python Version	2.7.3
Server Setup	Standalone
Server Details	`moin.py` script
Language you are using the wiki in (set in the browser/UserPreferences)	English

Workarounds and Fix

Server:
- use Apache + mod_wsgi instead
- try any other wsgi server
- work on some workaround for werkzeug / python, see http://trac.edgewall.org/ticket/8020 for a similar workaround
Client:
- use a sane browser (about anything else than IE)
- Fix: apply the IE hotfix / change the registry key mentioned there:
  - http://blog.insightvr.com/uncategorized/ie7-bug-post-request-causes-ack-rst/
  - http://support.microsoft.com/kb/823099?ln=e

Discussion

I captured the network traffic during editing a huge page (80k) last week. The traffic shows 4 parts:

initial HTTP GET request
first HTTP POST request
RESET package sent by the server
second HTTP POST request
RESET package sent by the server
final HTTP GET Request

$/!\$ Analysis / Solution:

This would fit to my bug. I checked the details with wireshark and a good text editor. The POST request starts with action=edit and ends with CRLF. The content length of 114046 fits to the "action" line without CRLF. This bug has elements of a race condition to, because the reset packages are too late for small pages.

May you could extend MoinMoin to read (and drop) the garbage after the content. Possibly werkzeug.contrib.fixers is an good way for such an implementation.

The code resetting the connection is not in moin, but in either werkzeug or even python stdlib, so I don't see how we could do anything about that. Of course you could either use a sane browser or apply that registry change to make IE behave sanely.
I'm unhappy after reading this statement. Unfortunatelly both suggested workarounds are not applicable in our company environment. Our default browser is IE and you can't change the default browser itself or its behaviour without a big amount of work and this work won't spend just for a small wiki instance. -- CarstenGrohmann 2012-05-03 10:30:36
- Well, if you use software that is obviously broken from a company that has a fix, but prefers to sit on it instead of distributing it, having it broken by default and requiring changing a registry setting to make it behave sane, it doesn't exactly sound like a moin/werkzeug/python problem. Also (see link to trac issue above), that IE behaviour seems to break other software, too, so fixing the root cause is not just "for the small wiki instance". Alternatively, have a look at what trac did for it, maybe that fix can be implemented for moin, too. If someone creates a workaround within moin or werkzeug, attach a patch here or to werkzeug issue tracker to make other IE users happy.
Isn't werkzeug bundled with Moin? Unless you're installing Moin from a system package with all the dependencies broken out into separate system packages, you could probably just patch it yourself. -- PaulBoddie 2012-05-03 11:34:49
I'm a realist and totally aware of the software compliance of the mentioned above. I'm not familiar with writing MoinMoin code nor werkzeug code. Thereby may you could review the attached fix contrib_fixers_IE_CRLF.diff and provide a good method for activating this fix in MoinMoin standalone server. -- CarstenGrohmann 2012-05-14 07:25:57

The patch has some indenting failures from a first quick look just a general note, it is much easier to review on http://codereview.appspot.com/

The indention failures ware caused by tabs. I've fixed the attached patch.

Plan

Priority:
Assigned to:
Status: IE6/IE7 misbehaviour, the strict code rejecting it is in werkzeug/stdlib, not in moin

CategoryMoinMoinNoBug

MoinMoin: MoinMoinBugs/IE7BugWithPostMakesStandaloneServerResetConnection (last edited 2012-05-15 05:43:01 by CarstenGrohmann)