Re: WGLC: draft-ietf-appsawg-http-forwarded-02.txt - section 5.1 from John Sullivan on 2012-05-14 (ietf-http-wg@w3.org from April to June 2012)

From: John Sullivan <jsullivan@velocix.com>
Date: Mon, 14 May 2012 14:20:22 +0100
To: Willy Tarreau <w@1wt.eu>
CC: Andreas Petersson <andreas@sbin.se>, Amos Jeffries <squid3@treenet.co.nz>, <ietf-http-wg@w3.org>
Message-ID: <4FB10696.5040508@velocix.com>

Willy Tarreau wrote:
> That's a good point. I must say I've never seen a Location or Referer
> header being quoted despite their wide use of "[/:]" which are marked
> as special chars. I'll raise a new issue on this subject.

That is because those headers are defined as:

   Referer = absolute-URI / partial-URI
   Location = URI-reference
   Content-Location = absolute-URI / partial-URI

The allowed character set and escaping rules are those that apply
to those productions from RFC 3986. Those particular characters may
have special meaning within a URI, depending on their position and
URI construction, and must be % HEX HEX encoded to avoid said special
meaning, but the header values do not need to be otherwise quoted or
escaped beyond the [URI] rules.

The Forwarded header uses:

   Forwarded-v = 1#( token "=" ( token / quoted-string ) *( ";" ... ) )

Compare this with Cache-Control (which is the same but without ";"
parameters) and Content-Type/Accept (which is the same except with an
initial value that is a ( type "/" subtype ) media type, including a
literal "/" character.

So if the desired value doesn't "fit into" token, it must be a
quoted-string, where "\" is used as an escape character. Also as
httpbis puts it:

   A parameter value that matches the token production can be
   transmitted as either a token or within a quoted-string.  The quoted
   and unquoted values are equivalent.

Quite a different grammar!

Variations on that theme have sufficient use within RFC 2616/httpbis
that I think it's good to use something broadly similar. People
operating in that area ought to have the component parsers readily
available and understand their use well enough to compose them into
a total parser for the grammar defined here.

It could be argued that by limiting values to quoted-string alone any
required value can be represented and one cuts off one avenue for
confusion/incompatibility, but I think defining a new base character
set should be done only as a last resort.

John
--

Received on Monday, 14 May 2012 13:20:53 UTC