Monday, November 17, 2014

Got PNG? You may get problems.

UPDATE:

Dr. Marky Roden figured out that the import is the problem which is confirmed by his testing, my testing and also illustrated by Howard's URL in the comments below.

So...I guess the moral of the story is beware importing PNG files into your NSF as image resources because they are not being imported correctly and that might be a problem.  Maybe.

=====================================================

Last Spring I was configuring the Web Application Firewall in front of our Domino XPages application and discovered a rather annoying little Domino "feature."

It seems that Domino likes to send PNG files down the wire while indicating that those files are JPEG files.

To illustrate the issue I've included a screen shot from a quick Burp scan that shows there is a mismatch.



The issue is that the image might not display at all depending on your network and security setup.

This came up again as we are preparing the newer version of the WAF for deployment and I was reminded of having to apply our fix.

Since our Domino server is reverse proxied by a device and everything is then filtered through the WAF, and there does not appear to be a way to change this for Domino anyway, I added a rule to the device to simply change the Content-Type to be correct of the file being served was a PNG file.

Handy things, those rules.