标题:[附译文]“服务器提交了协议冲突” Section=ResponseHeader Detail=CR
只看楼主
live41
Rank: 10Rank: 10Rank: 10
等 级:贵宾
威 望:67
帖 子:12442
专家分:0
注 册:2004-7-22
结帖率:66.67%
 问题点数:0 回复次数:2 
[附译文]“服务器提交了协议冲突” Section=ResponseHeader Detail=CR

The server committed a protocol violation

One of the issues involving XML-RPC.NET that turns up fairly frequently is when the library throws an instance of System.Net.WebException with the message ""The server committed a protocol violation". This usually occurs because from .NET 1.1 SP1 onwards the parsing of HTTP responses became much more strict, as a security measure to prevent attacks which exploit malformed HTTP status lines and headers. The strict behaviour can be switched off via the application config file:

<?xml version ="1.0"?>
<configuration>
<system.net>
<settings>
<httpWebRequest useUnsafeHeaderParsing="true" />
</settings>
</system.net>
</configuration>

From .NET 2.0 this behaviour can be configured programmatically using the HttpWebRequestElement useUnsafeHeaderParsing property. At first when I read about this I assumed it was a property that can be set dynamically at runtime, for example in the same way as the HttpWebRequest KeepAlive property. But in fact its used in the new 2.0 configuration infrastructure to set the value in the config file (although once you do this the new value applies to the current running application as well as any apps launched afterwards. The new configuration infrastructure is pretty complex but this code seems to work ok:

Configuration config = ConfigurationManager.OpenExeConfiguration(
ConfigurationUserLevel.None);
SettingsSection section = (SettingsSection)config.GetSection(
"system.net/settings");
section.HttpWebRequest.UseUnsafeHeaderParsing = false;
config.Save();

ConfigurationUserLevel.None specifies that the configuration file in the same directory as the executable should be modified so this file has to be writable. The other options PerUserRoaming and PerUserRoamingAndLocal can be used in different scenarios.

Finally, I found the code below in a post on the .NET Framework Networking and Communication forum. This uses reflection to set the private field useUnsafeHeaderParsing to true and as a result may not be suitable in all scenarios where the relevant code access security permission is not available. (Note: add System.Configuration.dll as a reference to your project.)

public static bool SetAllowUnsafeHeaderParsing()
{
//Get the assembly that contains the internal class
Assembly aNetAssembly = Assembly.GetAssembly(
typeof(System.Net.Configuration.SettingsSection));
if (aNetAssembly != null)
{
//Use the assembly in order to get the internal type for
// the internal class
Type aSettingsType = aNetAssembly.GetType(
"System.Net.Configuration.SettingsSectionInternal");
if (aSettingsType != null)
{
//Use the internal static property to get an instance
// of the internal settings class. If the static instance
// isn't created allready the property will create it for us.
object anInstance = aSettingsType.InvokeMember("Section",
BindingFlags.Static | BindingFlags.GetProperty
| BindingFlags.NonPublic, null, null, new object[] { });
if (anInstance != null)
{
//Locate the private bool field that tells the
// framework is unsafe header parsing should be
// allowed or not
FieldInfo aUseUnsafeHeaderParsing = aSettingsType.GetField(
"useUnsafeHeaderParsing",
BindingFlags.NonPublic | BindingFlags.Instance);
if (aUseUnsafeHeaderParsing != null)
{
aUseUnsafeHeaderParsing.SetValue(anInstance, true);
return true;
}
}
}
}
return false;
}
http://www.cookcomputing.com/blog/archives/2006_07.html



[此贴子已经被作者于2007-8-8 21:04:14编辑过]

搜索更多相关主题的帖子: Section Detail 服务器 译文 协议 
2007-08-08 18:38
live41
Rank: 10Rank: 10Rank: 10
等 级:贵宾
威 望:67
帖 子:12442
专家分:0
注 册:2004-7-22
得分:0 

以下是我的译文,此文是关于HttpWebRequest出错 Section=ResponseHeader Detail=CR,,错误提示原文:
“System.Net.WebException: 服务器提交了协议冲突. Section=ResponseHeader Detail=CR 后面必须是 LF
在 System.Net.HttpWebRequest.GetResponse()”

一般在遇到论坛的POST提交的情况下,
如果论坛所返回的response带有CR LF之类的行结尾,
.net 1.1和.net 2.0便会抛出异常,解决方法最简单当然是下面第一条,
但如果想动态装载该设置的话,必须用第三条的代码。




一个频繁(但合法的)发生的涉及XML-RPC.NET的问题是,运行库抛出System.Net.WebException异常,提示信息是“服务器提交了协议冲突”。
发生这个异常是因为.NET v1.1 sp1向前解析HTTP响应(response)变得更加严格,作为防止那些使用非格式化的HTTP状态行和头部信息来攻击的安全标准。
这个严格的规定可以通过应用程序配置文件(app.config)来关闭:

<?xml version ="1.0"?><configuration>
<system.net>
<settings>
<httpWebRequest useUnsafeHeaderParsing="true" />
</settings>
</system.net>
</configuration>


从.NET 2.0开始,这个规定可以用代码来配置,利用HttpWebRequestElement类的useUnsafeHeaderParsing属性。
一开始我读这个的时,我断定这个属性可以在运行时动态设置,例如像HttpWebRequest类的KeepAlive属性一样。
但实际上她被用在新2.0的配置基础结构中,需要在配置文件中设置这个属性的值(虽然一旦你这样做这个值会应该到当然前运行程序,也会应用到之后运行的程序)。
这个新的配置基础结构是比较复杂的但以下代码貌似可行:

Configuration config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None);
SettingsSection section = (SettingsSection)config.GetSection("system.net/settings");
section.HttpWebRequest.UseUnsafeHeaderParsing = false;config.Save();


ConfigurationUserLevel.None规定该配置文件必须在运行文件(exe)的同一目录下,且运行文件需可修改的,所以配置也必须是可写的。
另外两个选项PerUserRoaming和PerUserRoamingAndLocal可以被用于不用的特定情况下。

最后,我在一个.NET框架的网络传输和通讯论坛的一张帖子中发现以下这段代码。
代码用了反射来设置私有(private)选项useUnsafeHeaderParsing为true,结果可能不一定能适应所有特定情况,
例如那些相关代码不能进入安全许可的特定情况(注意:要添加System.Configuration.dll到你的工程项目的引用)

public static bool SetAllowUnsafeHeaderParsing()
{
//Get the assembly that contains the internal class
Assembly aNetAssembly = Assembly.GetAssembly(typeof(System.Net.Configuration.SettingsSection));
if (aNetAssembly != null)
{
//Use the assembly in order to get the internal type for
// the internal class
Type aSettingsType = aNetAssembly.GetType("System.Net.Configuration.SettingsSectionInternal");
if (aSettingsType != null)
{
//Use the internal static property to get an instance
// of the internal settings class. If the static instance
// isn't created allready the property will create it for us.
object anInstance = aSettingsType.InvokeMember("Section",
BindingFlags.Static | BindingFlags.GetProperty
| BindingFlags.NonPublic, null, null, new object[] { });
if (anInstance != null)
{
//Locate the private bool field that tells the
// framework is unsafe header parsing should be
// allowed or not
FieldInfo aUseUnsafeHeaderParsing = aSettingsType.GetField(
"useUnsafeHeaderParsing",
BindingFlags.NonPublic | BindingFlags.Instance);
if (aUseUnsafeHeaderParsing != null)
{
aUseUnsafeHeaderParsing.SetValue(anInstance, true);
return true;
}
}
}
}
return false;
}

[此贴子已经被作者于2007-8-8 21:12:06编辑过]

2007-08-08 19:58
live41
Rank: 10Rank: 10Rank: 10
等 级:贵宾
威 望:67
帖 子:12442
专家分:0
注 册:2004-7-22
得分:0 

服务器提交了协议冲突. Section=ResponseHeader Detail=CR 后面必须是 LF
The server committed a protocol violation. Section=ResponseHeader Detail=CR must be followed by LF
主体意思是微软没有容忍不符合RFC 822中的httpHeader必须以CRLF结束的规定的服务器响应。
一个解决方案是在application.config或web.config文件里加入
<system.net>
<settings>
<httpWebRequest useUnsafeHeaderParsing="true" />
</settings>
</system.net>
允许系统容忍(tolerant)只以CR或LF结尾的hearder信息

该文章转载自脚本之家:http://www.jb51.net/html/200703/85/8042.htm

2007-08-08 20:00



参与讨论请移步原网站贴子:https://bbs.bccn.net/thread-161299-1-1.html




关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 2.143338 second(s), 7 queries.
Copyright©2004-2025, BCCN.NET, All Rights Reserved