IE 8 Beta tester trying to validate IE HTTP 1.1 compliance bug involving the "Vary" header

Dear Dan Connelly,

As you're aware, Internet Explorer 7 got rid of many of the problems previous versions of Internet Explorer had in the past using the "Vary" header on Apache servers where it would save anything (such as an image) as "untitled.bmp" unless it specifically had the header "Vary: Accept Encoding, User Agent" under the Response Header section.

Eric Lawrence describes on his website how this has been pretty much taken care of in IE 7 at http://www.fiddler2.com/fiddler/Perf/AboutVary.asp, and this pretty much turns out to be to be the case in my experience with servers that previously had this problem.  However, I'm a beta tester for Internet Explorer 8, and as you are well aware, Microsoft is making a total commitment to making both its rendering engine and the HTTP 1.1 engine fully stanadards compliant, and there seems to be one issue I cannot figure out, and as you are a key member of both the HTTP 1.1 RFC2616 specification architecture and the documentation, I would greatly appreciate your help so I can relay your feedback back to Microsoft about this issue.

I've reproduced this issue on a number of image related sites, but I'm going to focus on a specific and very popular site to reproduce this issue.  The website is known as Deviantart.com, and the issue I've run into involves a problem when a user goes to a page with an image and clicks on a "Download" link to get a larger size version of the image. In this scenario, when a user clicks on the download link, the URL is has a .jpg extension, but it's actually a text/html file that uses a  "Vary: Accept Encoding" response header along with a Transport  "Location" response header that will redirect you to a new location of an actual image file that is completely different from the original URL.


So to demonstrate this problem I'm going to use an example URL from http://www.deviantart.com that produces this problem in IE 7 and 8.  I'm also gong to use Eric Lawrence's excellent HTTP debugging tool known as  Fiddler2 at http://www.fiddlertool.com/fiddler/ to dissect and demonstrate this problem, and you can also use it, or you can of course use your own tools. I'm using the latest beta version 2.1.8.3.  I intentionally removed direct links inside this message to the URLs related to this issue because they should be entered directly into IE 7 or 8 to reproduce this issue.

For the first demonstration of this problem, if you type http://www.deviantart.com/download/96103625/Iceland_49_by_lonelywolf2.jpg in Internet Explorer, it will automatically take you to http://fc05.deviantart.com/fs34/f/2008/239/b/9/Iceland_49_by_lonelywolf2.jpg, which is the URL for the actual image file.  However, if you right click on the image and select "Save Picture As...", it will prompt you to save it as "untitled.bmp" and not in it's original format or original name.  Also, if you right click on the image and select "Properties", the dialog box shows IE still thinks the image is at the original http://www.deviantart.com/download/96103625/Iceland_49_by_lonelywolf2.jpg URL and not the actual image URL at http://fc05.deviantart.com/fs34/f/2008/239/b/9/Iceland_49_by_lonelywolf2.jpg .  Another interesting aspect is if you click refresh in IE, the image now saves correctly in its original format and name.

So let's take a look at what I found in Fiddler2 when it was running in the background as I typed in http://www.deviantart.com/download/96103625/Iceland_49_by_lonelywolf2.jpg in IE 8.  As soon as typed in the first URL and IE took me to the real image URL, Fiddler2 came up immediately with info for both URLs.  Here's the Header info for  http://www.deviantart.com/download/96103625/Iceland_49_by_lonelywolf2.jpg :

GET /download/96103625/Iceland_49_by_lonelywolf2.jpg HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-silverlight, application/x-shockwave-flash, application/x-silverlight-2-b2, */*
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; Zune 2.5; .NET CLR 3.5.21022; .NET CLR 3.0.30618; .NET CLR 3.5.30729; WWTClient2)
Host: www.deviantart.com
Connection: Keep-Alive
Cookie: userinfo=a%3A6%3A%7Bs%3A8%3A%22uniqueid%22%3Bs%3A32%3A%223412dde0c532cc4adf606af88e56ba0c%22%3Bs%3A10%3A%22visitcount%22%3Bi%3A3%3Bs%3A9%3A%22visittime%22%3Bi%3A1219790842%3Bs%3A8%3A%22hitcount%22%3Bi%3A153%3Bs%3A10%3A%22firstvisit%22%3Bi%3A1219700725%3Bs%3A4%3A%22attr%22%3Bi%3A136%3B%7D; __gads=ID=32630145cff86d4c:T=1219700705:S=ALNI_MYDvVyT5wVpXG--eP6pbtF0AOx-gQ; __qca=1219669323-49293768-87685460; __utma=83006339.2113059119066370000.1219700707.1219792090.1219795120.9; __utmz=83006339.1219795121.9.3.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=deviantart; __utmb=83006339.7.10.1219795120

HTTP/1.1 302 Found
Date: Wed, 27 Aug 2008 00:07:45 GMT
Server: Apache
Location: http://fc05.deviantart.com/fs34/f/2008/239/b/9/Iceland_49_by_lonelywolf2.jpg
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 26
Content-Type: text/html
Set-Cookie: userinfo=a%3A6%3A%7Bs%3A8%3A%22uniqueid%22%3Bs%3A32%3A%223412dde0c532cc4adf606af88e56ba0c%22%3Bs%3A10%3A%22visitcount%22%3Bi%3A3%3Bs%3A9%3A%22visittime%22%3Bi%3A1219790842%3Bs%3A8%3A%22hitcount%22%3Bi%3A154%3Bs%3A10%3A%22firstvisit%22%3Bi%3A1219700725%3Bs%3A4%3A%22attr%22%3Bi%3A136%3B%7D; expires=Tue, 25-Nov-2008 00:07:45 GMT; path=/; domain=.deviantart.com
Set-Cookie: userinfo=a%3A6%3A%7Bs%3A8%3A%22uniqueid%22%3Bs%3A32%3A%223412dde0c532cc4adf606af88e56ba0c%22%3Bs%3A10%3A%22visitcount%22%3Bi%3A3%3Bs%3A9%3A%22visittime%22%3Bi%3A1219790842%3Bs%3A8%3A%22hitcount%22%3Bi%3A155%3Bs%3A10%3A%22firstvisit%22%3Bi%3A1219700725%3Bs%3A4%3A%22attr%22%3Bi%3A136%3B%7D; expires=Tue, 25-Nov-2008 00:07:45 GMT; path=/; domain=.deviantart.com
Connection: close


As you can see, even though the URL has .jpg extension, the Content Type header shows it's really a text/html file with a Transport header that takes you to Location: http://fc05.deviantart.com/fs34/f/2008/239/b/9/Iceland_49_by_lonelywolf2.jpg .  You can see that it uses the Vary method with the header Vary: Accept Encoding, and both use Request and Response headers use Gzip compression, and all these seem to meet both the HTTP 1.1 standard requirements for Vary as well as IE's specific Vary requirements listed at http://www.fiddler2.com/fiddler/Perf/AboutVary.asp, so I can't see any problems with this first URL with a Location header that uses the Vary technique.  You can see what this looks like in the Fiddler2 window at http://jasonw15.741.com/url1.jpg.

Now lets look at the Header info for the second URL in Fiddler2 that follows the first URL:

GET /fs34/f/2008/239/b/9/Iceland_49_by_lonelywolf2.jpg HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-silverlight, application/x-shockwave-flash, application/x-silverlight-2-b2, */*
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; Zune 2.5; .NET CLR 3.5.21022; .NET CLR 3.0.30618; .NET CLR 3.5.30729; WWTClient2)
Host: fc05.deviantart.com
Connection: Keep-Alive
Cookie: userinfo=a%3A6%3A%7Bs%3A8%3A%22uniqueid%22%3Bs%3A32%3A%223412dde0c532cc4adf606af88e56ba0c%22%3Bs%3A10%3A%22visitcount%22%3Bi%3A3%3Bs%3A9%3A%22visittime%22%3Bi%3A1219790842%3Bs%3A8%3A%22hitcount%22%3Bi%3A155%3Bs%3A10%3A%22firstvisit%22%3Bi%3A1219700725%3Bs%3A4%3A%22attr%22%3Bi%3A136%3B%7D; __gads=ID=32630145cff86d4c:T=1219700705:S=ALNI_MYDvVyT5wVpXG--eP6pbtF0AOx-gQ; __qca=1219669323-49293768-87685460; __utma=83006339.2113059119066370000.1219700707.1219792090.1219795120.9; __utmz=83006339.1219795121.9.3.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=deviantart; __utmb=83006339.7.10.1219795120

HTTP/1.1 200 OK
Date: Wed, 27 Aug 2008 00:07:20 GMT
Server: PWS/1.3.22
X-Px: ms iad-agg-n28 (iad-agg-n24), ht iad-agg-n24
ETag: "c00232fd-303c7-686c6c00"
Accept-Ranges: bytes
Content-Length: 197575
Content-Type: image/jpeg
Last-Modified: Tue, 26 Aug 2008 17:41:04 GMT
Cache-Control: max-age=2569225
Expires: Thu, 25 Sep 2008 17:47:45 GMT
Connection: keep-alive


Now you can see that this link is the actual image, and the Content-Type is image/jpeg, and the Accept header matches the same data as the original http://www.deviantart.com/download/96103625/Iceland_49_by_lonelywolf2.jpg transport URL's Accept header.  And for the nail in the coffin, the final response header of the second URL comes back as HTTP/1.1 200 OK, which signals what should be a successful transaction in IE.  You can see what this looks like in the Fiddler2 window at http://jasonw15.741.com/url2.jpg.  Again, these headers, as well as the first URL's headers seem to be correctly coded on the server to perform correctly based on the requirements listed at  http://www.fiddler2.com/fiddler/Perf/AboutVary.asp for Vary on IE as well as the W3C RFC2616 Vary HTTP 1.1 requirements/specifications documented at http://www.ietf.org/rfc/rfc2616.txt.  As far as I can see, this transaction between the first URL using the Vary header with a Transport Location header taking you to the second, real image URL seems to be fully HTTP 1.1 compliant, and this appears to be a bug in IE 7/8, and I was just wondering if you could also verify this as fully standard compliant server code with your credentials as a KEY HTTP 1.1 architect at the head of the W3C standards committee.  If you can validate this as fully standards compliant server code on http://www.deviantart.com and this is a bug in IE 7/8, I'll be able to forward your response to Eric Lawrence and other members of the IE 8 Beta team, and your influence will greatly increase the chance that this gets fixed by the final version of IE 8.

I know you're very busy, but if you could respond personally, I'd greatly appreciate it, as the next release of IE will affect a HUGE amount of users, and your influence could greatly increase the chance that this issue gets fixed if I'm able to forward any info you have on this issue to MSFT as an IE 8 technical beta tester.  I thank you for taking time to read this, and hopefully we can get this fixed so users can have the best web browsing experience possible as Microsoft goes toward full W3C standards compliance.  With your knowledge, you should be able to figure this out very quickly, and it could be a big help, because as I mentioned earlier, there are a bunch of image sites that showcase this problem in IE 7/8 (and all other browsers do not have this problem)... I just chose to focus on Deviantart.com due to its popularity.  Again, thanks for your time, and keep up the good work!

Jason Webb

PS- Here's just a few extra notes while investigating this issue for yourself.  First, I reproduced this problem in IE 8 and I'm trying to get it fixed by IE 8 final, but this issue can be just as easily reproduced in IE 7... you don't need IE 8 to investigate this problem.  Also, another thing to consider when investigating if this is an IE 7/8 bug is that if you clear the Cache/Temporary Internet Files and enter the real image URL (not the the first URL I mentioned above in the example that has the Transport Location header), Fiddler2 or your own HTTP debugging tool will get the exact same Reqest and Response header information, but IE 7/8 won't have this problem and it now WILL save it in its original format and name with no problem, so this definitely is a problem with the first URL using the Vary and Location header listed in the problem example above.  For example, you can try another link in IE, such as http://fc03.deviantart.com/fs35/f/2008/239/9/2/Second_cherry_by_metallicadevill.jpg, and when you right click and select "Save Picture As", IE saves it perfectly as "Second_cherry_by_metallicadevill.jpg".