On Wed, 28 Dec 2011, Alex Vinnik wrote:

> Unearthed one more interesting redirect case at least for me :) ... curl
> gets into infinite redirect loop with a website and exists after hitting
> redirect limit.
>
> Here is how to reproduce it. Verbose libcurl output is below
>
> curl -ivL http://www.kqzyfj.com/click-0-10721226
>
> In a nutshell... It is clear that one of the early re-directors provides
> mixed case Location url http://www.UltraFragrances.com/ which is not
> correct.

It might be clear that this is the reason for what is going on. It is not
clear to me that it is "not correct". (And it might not even be the reason for
this failure.)

The host name in a URL (URI) is specificly specified to be case insensitive.
ABC.com is the same as abc.com and AbC.com. Therfore, UltraFragrances.com is
the same host as ultrafragrances.com and using either version in the Host:
header should be equivalent.

I would claim that separating them only on the basis of different case in the
host name would be violating specs.

I'll admit that there's a problem when browsers act differently on a site when
that different behahavior is what makes things work - and such behaviors many
times end up pushing us towards doing weirdo stuff even though we shouldn't
have to.

> As usual Chrome just handles it fine by converting first incorrect mixed
> case Location url to all lower case. Any workaround for this case?

Are you saying Chrome always lowercases host names in the Host: header? Did
you check how other browsers act in this situation?

Perhaps even more importantly, if you would hack your curl verson to lower
case the host name in the header, does it truly make this operation work
against this site? There's actually a risk that the site uses some other
heuristic to do this weirdness that we just haven't spotted.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html