[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#42382: 26.3; url-http handling of Location redirection headers conta
From: |
Robert Pluim |
Subject: |
bug#42382: 26.3; url-http handling of Location redirection headers containing whitespace |
Date: |
Thu, 16 Jul 2020 19:10:02 +0200 |
>>>>> On Thu, 16 Jul 2020 10:30:49 -0600, Daniele Nicolodi <daniele@grinta.net>
>>>>> said:
Daniele> On 16-07-2020 10:08, Robert Pluim wrote:
>>>>>>> On Wed, 15 Jul 2020 14:40:36 -0600, Daniele Nicolodi
<daniele@grinta.net> said:
>>
Daniele> In RFC 7231 the Location header is defined to carry a
URI-reference.
Daniele> According to RFC 3986 it should be percent-encoded and thus should
not
Daniele> contain spaces. However, there are HTTP server implementation
(notably
Daniele> nginx) that do not do that. While this is a bug in those HTTP
server
Daniele> implementations, I think Emacs should follow what most other HTTP
client
Daniele> implementatios (all the ones I tested) and use the content of the
Daniele> Location header unmodified. Stripping of angle bracket quotes is
Daniele> unnecessary as they are not valid according to the RFCs.
>>
>> Nor is embedded whitespace in the URI :-)
Daniele> I don't understand this remark. Truncating at the first whitespace
Daniele> character (current behavior) is a valid arbitrary decision for an
Daniele> RFC-invalid URI-reference value. However, it is different from
what all
Daniele> other HTTP clients implement and it results in practical problems.
You stated that angle quotes were invalid, and proposed to remove the
support for their presence. I was merely pointing out that spaces are
equally invalid, and you propose to accomodate them. If one, why not
the other?
>> Are you sure this won't break anything? ie are you sure there are 0
>> server implementations out there that send angle brackets?
Daniele> I don't see any reason why there should be angle brackets around
the
Daniele> value of a Location header and the current code or changelog or
commit
Daniele> messages does not provide a justification or a case where these
have
Daniele> been encountered. No other HTTP client I looked at does something
like
Daniele> this. I think there are many HTTP client implementations out there
that
Daniele> are more widely used and tested for interoperability than url-http.
>> Iʼd be conservative, and just replace the truncation on whitespace
>> with percent-encoding of said whitespace.
Daniele> Why is percent-encoding better? The URI-reference value should not
be
Daniele> interpreted in any way, simply passed along. Again, all other HTTP
Daniele> clients I looked at do not do this, or other manipulation of the
header.
Because then it become a valid URI, and other parts of emacs that
donʼt know how to treat literal spaces in a URI wonʼt break. But Iʼll
agree that itʼs conjecture on my part.
Robert