How to add HTML data to image?
9 hours ago, Souffle said:
By default, a GET request to "/images/9e3a0083a37d03274c0f733fbcf389ba/tenor.gif" returns an HTML page, which sends another GET request with different request headers to the same URL, which returns the image itself.
First request and response:
:authority: media1.tenor.com
:method: GET
:path: /images/9e3a0083a37d03274c0f733fbcf389ba/tenor.gif
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
................
content-length: 2180
content-type: text/html; charset=utf-8
Second GET request and response:
:authority: media1.tenor.com
:method: GET
:path: /images/9e3a0083a37d03274c0f733fbcf389ba/tenor.gif
accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8
................
content-length: 3119003
content-type: image/gif
There is definitely something server side going on. Removing text/html from the Accept request header will return the gif immediately when loading the image URL directly. curl (which uses Accept: */* by default) will also return the gif.
It seems that the server is exploiting the fact that all modern browsers have "text/html" in the headers by default, and simply uses this as a check. If the Accept header contains this string, it means that the request was initialized via the address bar of the browser or via an HTML <a> element, so the server returns an HTML page to the user. The second request was initialized through an <img> element, which has different default Accept types, and the server returns the actual image.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now