Incorrect "Content-Type" returned by https://registry.npmjs.org/

registry
priority:low
triaged

(Manuel Vila) #1

What I Wanted to Do

Sending an HTTP request to the npm registry (https://registry.npmjs.org), I was expecting to receive a 'Content-Type: application/json' header and a JSON body.

What Happened Instead

Instead, I got a 'Content-Type: application/octet-stream' header. Regarding the body, no problem, it’s a JSON.

I think this incorrect header could cause problems for some npm clients, and it did so while I using an internal tool.

Reproduction Steps

Invoking:

curl -v https://registry.npmjs.org/lodash

Returned:

*   Trying 104.16.16.35...
* TCP_NODELAY set
* Connected to registry.npmjs.org (104.16.16.35) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
*  subject: OU=Domain Control Validated; OU=PositiveSSL Multi-Domain; CN=ssl891738.cloudflaressl.com
*  start date: May  3 00:00:00 2018 GMT
*  expire date: May  1 23:59:59 2019 GMT
*  subjectAltName: host "registry.npmjs.org" matched cert's "*.npmjs.org"
*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO ECC Domain Validation Secure Server CA 2
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7ff16f804400)
> GET /lodash HTTP/2
> Host: registry.npmjs.org
> User-Agent: curl/7.54.0
> Accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200 
< date: Thu, 30 Aug 2018 23:01:35 GMT
< content-type: application/octet-stream
< content-length: 182771
< set-cookie: __cfduid=ded84cae26a85f6c3945db8b5bede71211535670095; expires=Fri, 30-Aug-19 23:01:35 GMT; path=/; domain=.registry.npmjs.org; HttpOnly
< cf-cache-status: HIT
< cache-control: max-age=300
< accept-ranges: bytes
< cf-ray: 452ae14e0d9ba5fc-NRT
< etag: "7c4877f905cdb118ba2a6fd3d125ba56"
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< last-modified: Wed, 29 Aug 2018 02:25:35 GMT
< vary: accept-encoding, accept
< x-amz-meta-rev: 2451-6219c0306a595198967d663dab6e816c
< server: cloudflare
< 
{"_id":"lodash","_rev":"2450-eaa0c2ed2d543d6f49518900a6f9ff3a","name":"lodash","description":"Lodash modular utilities.","dist-tags":{"latest":"4.17.10"},"versions":{"0.1.0":  ...

Platform Info

$ npm --versions
{ npm: '6.4.0',
  ares: '1.14.0',
  cldr: '33.0',
  http_parser: '2.8.0',
  icu: '61.1',
  modules: '64',
  napi: '3',
  nghttp2: '1.29.0',
  node: '10.1.0',
  openssl: '1.1.0h',
  tz: '2018c',
  unicode: '10.0',
  uv: '1.20.2',
  v8: '6.6.346.27-node.6',
  zlib: '1.2.11' }
$ node -p process.platform
darwin

(system) #2

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.