0 bytes download when authentication redirection happens
Sometimes downloads might finish incorrectly even if server replies with 200.
On site requiring authentication requests without proper headers/sessions are redirected to the login page. Then login page is served with Transfer-Encoding: chunked header which implies there is no content-length header.
Response code is still 200. This results in LAVA saving 0 bytes file and not noticing the authentication error. Example redirect response below:
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): app.foundries.io:443
send: b'GET /factories/milosz-rpi3/targets/219/artifacts/stm32mp1-disco/lmp-factory-image-stm32mp1-disco.wic.gz HTTP/1.1\r\nHost: app.foundries.io\r\nUser-Agent: python-requests/2.25.1\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nConnection: keep-alive\r\nOSF-TOKEN: blah\r\n\r\n'
reply: 'HTTP/1.1 302 Found\r\n'
header: Date: Mon, 28 Feb 2022 12:42:41 GMT
header: Content-Type: text/plain; charset=utf-8
header: Content-Length: 147
header: Connection: keep-alive
header: Keep-Alive: timeout=90
header: Referrer-Policy: no-referrer
header: Permissions-Policy: accelerometer=(), autoplay=(), camera=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), sync-xhr=(), usb=()
header: Content-Security-Policy: base-uri 'none'; default-src 'self' https://cdn.foundries.io https://js.stripe.com; object-src 'none'; connect-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.gravatar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://rum-http-intake.logs.datadoghq.com ; frame-src 'self' https://js.stripe.com https://www.google.com https://*.google.com https://www.googletagmanager.com; form-action 'self'; img-src 'self' data: https://www.gravatar.com https://cdn.foundries.io https://www.google-analytics.com https://www.google.com/ https://www.linkedin.com https://*.ads.linkedin.com https://p.adsymptotic.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.foundries.io; style-src 'self' 'nonce-Y2wwNm95Z3Q1OHc3MDAxYmlmaTgxaDFqZw==' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-aEiIwOuxfzdCmLZe4oB1JsBmCUxwG8x+u+HBCV9JT8E=' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.foundries.io https://www.gravatar.com; script-src 'self' 'nonce-Y2wwNm95Z3Q1OHc3MDAxYmlmaTgxaDFqZw==' 'unsafe-inline' https://cdn.foundries.io https://instant.page https://js.stripe.com https://www.google.com https://www.googletagmanager.com https://snap.licdn.com https://www.gstatic.com https://www.datadoghq-browser-agent.com;
header: X-Content-Security-Policy: base-uri 'none'; default-src 'self' https://cdn.foundries.io https://js.stripe.com; object-src 'none'; connect-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.gravatar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://rum-http-intake.logs.datadoghq.com ; frame-src 'self' https://js.stripe.com https://www.google.com https://*.google.com https://www.googletagmanager.com; form-action 'self'; img-src 'self' data: https://www.gravatar.com https://cdn.foundries.io https://www.google-analytics.com https://www.google.com/ https://www.linkedin.com https://*.ads.linkedin.com https://p.adsymptotic.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.foundries.io; style-src 'self' 'nonce-Y2wwNm95Z3Q1OHc3MDAxYmlmaTgxaDFqZw==' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-aEiIwOuxfzdCmLZe4oB1JsBmCUxwG8x+u+HBCV9JT8E=' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.foundries.io https://www.gravatar.com; script-src 'self' 'nonce-Y2wwNm95Z3Q1OHc3MDAxYmlmaTgxaDFqZw==' 'unsafe-inline' https://cdn.foundries.io https://instant.page https://js.stripe.com https://www.google.com https://www.googletagmanager.com https://snap.licdn.com https://www.gstatic.com https://www.datadoghq-browser-agent.com;
header: Location: /login?next=%2Ffactories%2Fmilosz-rpi3%2Ftargets%2F219%2Fartifacts%2Fstm32mp1-disco%2Flmp-factory-image-stm32mp1-disco.wic.gz
header: Vary: Accept
header: Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
header: X-Clacks-Overhead: GNU Terry Pratchett
header: X-Frame-Options: DENY
header: X-Content-Type-Options: nosniff
header: X-XSS-Protection: 1; mode=block
header: X-Download-Options: noopen
DEBUG:urllib3.connectionpool:https://app.foundries.io:443 "GET /factories/milosz-rpi3/targets/219/artifacts/stm32mp1-disco/lmp-factory-image-stm32mp1-disco.wic.gz HTTP/1.1" 302 147
send: b'GET /login?next=%2Ffactories%2Fmilosz-rpi3%2Ftargets%2F219%2Fartifacts%2Fstm32mp1-disco%2Flmp-factory-image-stm32mp1-disco.wic.gz HTTP/1.1\r\nHost: app.foundries.io\r\nUser-Agent: python-requests/2.25.1\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nConnection: keep-alive\r\nOSF-TOKEN: blah\r\n\r\n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Date: Mon, 28 Feb 2022 12:42:42 GMT
header: Content-Type: text/html; charset=utf-8
header: Transfer-Encoding: chunked
header: Connection: keep-alive
header: Keep-Alive: timeout=90
header: Vary: Accept-Encoding
header: Referrer-Policy: no-referrer
header: Permissions-Policy: accelerometer=(), autoplay=(), camera=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), sync-xhr=(), usb=()
header: Content-Security-Policy: base-uri 'none'; default-src 'self' https://cdn.foundries.io https://js.stripe.com; object-src 'none'; connect-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.gravatar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://rum-http-intake.logs.datadoghq.com ; frame-src 'self' https://js.stripe.com https://www.google.com https://*.google.com https://www.googletagmanager.com; form-action 'self'; img-src 'self' data: https://www.gravatar.com https://cdn.foundries.io https://www.google-analytics.com https://www.google.com/ https://www.linkedin.com https://*.ads.linkedin.com https://p.adsymptotic.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.foundries.io; style-src 'self' 'nonce-Y2wwNm95Z3dzOHc3MjAxYmlicXdwM2UyYw==' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-aEiIwOuxfzdCmLZe4oB1JsBmCUxwG8x+u+HBCV9JT8E=' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.foundries.io https://www.gravatar.com; script-src 'self' 'nonce-Y2wwNm95Z3dzOHc3MjAxYmlicXdwM2UyYw==' 'unsafe-inline' https://cdn.foundries.io https://instant.page https://js.stripe.com https://www.google.com https://www.googletagmanager.com https://snap.licdn.com https://www.gstatic.com https://www.datadoghq-browser-agent.com;
header: X-Content-Security-Policy: base-uri 'none'; default-src 'self' https://cdn.foundries.io https://js.stripe.com; object-src 'none'; connect-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.gravatar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://rum-http-intake.logs.datadoghq.com ; frame-src 'self' https://js.stripe.com https://www.google.com https://*.google.com https://www.googletagmanager.com; form-action 'self'; img-src 'self' data: https://www.gravatar.com https://cdn.foundries.io https://www.google-analytics.com https://www.google.com/ https://www.linkedin.com https://*.ads.linkedin.com https://p.adsymptotic.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.foundries.io; style-src 'self' 'nonce-Y2wwNm95Z3dzOHc3MjAxYmlicXdwM2UyYw==' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-aEiIwOuxfzdCmLZe4oB1JsBmCUxwG8x+u+HBCV9JT8E=' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.foundries.io https://www.gravatar.com; script-src 'self' 'nonce-Y2wwNm95Z3dzOHc3MjAxYmlicXdwM2UyYw==' 'unsafe-inline' https://cdn.foundries.io https://instant.page https://js.stripe.com https://www.google.com https://www.googletagmanager.com https://snap.licdn.com https://www.gstatic.com https://www.datadoghq-browser-agent.com;
header: Cache-Control: no-store, max-age=0
header: Set-Cookie: osfogsid:=s%3AjhLjy1mx6_BUCUhVMsyt1dH4YR82zcl9.ZC26ijVD61cmr8H8i6DV2cvCXa2aik%2FUjx5B4zXcZL4; Domain=foundries.io; Path=/; Expires=Sat, 05 Mar 2022 12:42:42 GMT; HttpOnly; Secure
header: Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
header: X-Clacks-Overhead: GNU Terry Pratchett
header: X-Frame-Options: DENY
header: X-Content-Type-Options: nosniff
header: X-XSS-Protection: 1; mode=block
header: X-Download-Options: noopen
header: Content-Encoding: gzip
DEBUG:urllib3.connectionpool:https://app.foundries.io:443 "GET /login?next=%2Ffactories%2Fmilosz-rpi3%2Ftargets%2F219%2Fartifacts%2Fstm32mp1-disco%2Flmp-factory-image-stm32mp1-disco.wic.gz HTTP/1.1" 200 None
200
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information