Re: #306: does etag value really use quoted-string from Julian Reschke on 2011-10-24 (ietf-http-wg@w3.org from October to December 2011)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Mon, 24 Oct 2011 20:13:16 +0200
To: Mark Nottingham <mnot@mnot.net>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <4EA5AABC.8080704@gmx.de>

On 2011-08-30 13:35, Mark Nottingham wrote:
> <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/306>
>
> IIRC we checked various implementations and found that many don't handle ETags as a quoted-string; therefore, the safe/sensible thing to do is to re-define ETag as a something else; i.e., something with the same syntax, but without any special semantic for backslashes.
>
> We might also caution against including backslashes in them in prose, since it isn't interoperable.
>
> Thoughts / objections?
> ...

Wrote a short test server...:

import java.io.IOException;
import java.io.OutputStream;
import java.net.InetSocketAddress;
import java.util.List;

import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpHandler;
import com.sun.net.httpserver.HttpServer;

public class EtagSyntax extends StylesheetAcceptHeaders {

	public static void main(String[] args) throws IOException {

		HttpServer server = HttpServer.create(new InetSocketAddress(8080), 0);

		server.createContext("/start", new ServeHtml());
		server.createContext("/simple", new ETag("\"simple\""));
		server.createContext("/escaped", new ETag("\"\\e\\s\\c\\a\\p\\e\\d\""));

		server.setExecutor(null);
		server.start();
	}

	private static class ServeHtml implements HttpHandler {

		@Override
		public void handle(HttpExchange h) throws IOException {
			String response = "<html><head><title>ETag test</title></head><body>" +
			"<h1>Simple Etag</h1>" +
			"<object data='/simple'></object>" +
			"<p><a href='/simple'>link</a></p>" +
			"<h1>Escaped Etag</h1>" +
			"<object data='/escaped'></object>" +
			"<p><a href='/escaped'>link</a></p>" +
			"</body></html>";

			h.getResponseHeaders().set("Content-Type",
					"text/html; charset=UTF-8");
			h.sendResponseHeaders(200, response.getBytes().length);
			OutputStream os = h.getResponseBody();
			os.write(response.getBytes());
			os.close();
		}
	}

	private static class ETag implements HttpHandler {
		
		private final String what;
		
		public ETag(String what) {
			this.what = what;
		}

		@Override
		public void handle(HttpExchange h) throws IOException {
			List<String> inm = h.getRequestHeaders().get("If-None-Match");
			String response = "If-None-Match: " + inm;

			System.err.println(response);
			
			h.getResponseHeaders().set("Content-Type",
					"text/plain; charset=UTF-8");
			h.getResponseHeaders().set("ETag", what);
			h.sendResponseHeaders(200, response.getBytes().length);
			OutputStream os = h.getResponseBody();
			os.write(response.getBytes());
			os.close();
		}
	}
}


...and observed what UAs do: none of the ones I tested removed the 
\-escapes, which seems to indicate they are really treating them as 
opaque strings.

Best regards, Julian

Received on Monday, 24 October 2011 18:13:50 UTC