bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#42382: 26.3; url-http handling of Location redirection headers conta


From: Robert Pluim
Subject: bug#42382: 26.3; url-http handling of Location redirection headers containing whitespace
Date: Thu, 16 Jul 2020 19:10:02 +0200

>>>>> On Thu, 16 Jul 2020 10:30:49 -0600, Daniele Nicolodi <daniele@grinta.net> 
>>>>> said:

    Daniele> On 16-07-2020 10:08, Robert Pluim wrote:
    >>>>>>> On Wed, 15 Jul 2020 14:40:36 -0600, Daniele Nicolodi 
<daniele@grinta.net> said:
    >> 
    Daniele> In RFC 7231 the Location header is defined to carry a 
URI-reference.
    Daniele> According to RFC 3986 it should be percent-encoded and thus should 
not
    Daniele> contain spaces. However, there are HTTP server implementation 
(notably
    Daniele> nginx) that do not do that. While this is a bug in those HTTP 
server
    Daniele> implementations, I think Emacs should follow what most other HTTP 
client
    Daniele> implementatios (all the ones I tested) and use the content of the
    Daniele> Location header unmodified. Stripping of angle bracket quotes is
    Daniele> unnecessary as they are not valid according to the RFCs.
    >> 
    >> Nor is embedded whitespace in the URI :-)

    Daniele> I don't understand this remark. Truncating at the first whitespace
    Daniele> character (current behavior) is a valid arbitrary decision for an
    Daniele> RFC-invalid URI-reference value. However, it is different from 
what all
    Daniele> other HTTP clients implement and it results in practical problems.

You stated that angle quotes were invalid, and proposed to remove the
support for their presence. I was merely pointing out that spaces are
equally invalid, and you propose to accomodate them. If one, why not
the other?

    >> Are you sure this won't break anything? ie are you sure there are 0
    >> server implementations out there that send angle brackets?

    Daniele> I don't see any reason why there should be angle brackets around 
the
    Daniele> value of a Location header and the current code or changelog or 
commit
    Daniele> messages does not provide a justification or a case where these 
have
    Daniele> been encountered. No other HTTP client I looked at does something 
like
    Daniele> this. I think there are many HTTP client implementations out there 
that
    Daniele> are more widely used and tested for interoperability than url-http.

    >> Iʼd be conservative, and just replace the truncation on whitespace
    >> with percent-encoding of said whitespace.

    Daniele> Why is percent-encoding better? The URI-reference value should not 
be
    Daniele> interpreted in any way, simply passed along. Again, all other HTTP
    Daniele> clients I looked at do not do this, or other manipulation of the 
header.

Because then it become a valid URI, and other parts of emacs that
donʼt know how to treat literal spaces in a URI wonʼt break. But Iʼll
agree that itʼs conjecture on my part.

Robert





reply via email to

[Prev in Thread] Current Thread [Next in Thread]