New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
multipart/form-data does not comply with the RFC 1867 standard #24932
Comments
What part of the above is incorrect? Are you referring to places where the double-quotes around tokens is different, i.e.
vs.
I believe the quotes are optional as long as the token doesn't have any white-space within. Is there a server or application that is broken due to this perceived difference? Also, RFC 1867 is from 1995 and I think this RFC has been replaced by a newer one (I'm don't remember the new number though). |
@davidsh no quote boundary + quote form-data name,node js work normally
quote boundary + no quote form-data name,node js get null value of fieldName
|
I have experienced problem with no quotes on form-data names when trying to use [this service].(http://developers.strava.com/docs/reference/#api-Uploads-createUpload) |
Can you post minimal repro we could run locally? |
Here is a repro. MultipartRepro.zip |
@Caesar1995 can you please take a look? |
According to RFC7578:
If the original field name from the form is "Account" (includes the quote), for example, then The only place where .NET layer should explicitly add quotes is around cc: @davidsh |
@caesar-chen, As a cautionary note, the situation may be different for HTTP headers and email headers, that last document is titled "Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types", and neither of the linked RFCs mention HTTP headers. Checking MDN's page on Content-Type links to 2 RFC specs for HTTP headers (first link here), that doesn't say that quoting the boundary in the spec is OK, and uses unquoted boundary specifications in its valid example, and further acknowledges that "Although [RFC2046] permits the boundary string to be quoted, some existing implementations handle a quoted boundary string incorrectly." We actually ran into this issue using .NET Core to send a multi-part post with a file to an embedded http server. The POST worked with curl, an html form, a JavaScript Ajax post with FormData, but failed with .NET Core. In summary, .NET Core's posting method is breaking more implementations than the browser's and curl's way of posting files. |
this is the package of MultipartFormDataContent/MultipartContent
but RFC 1867 like this
The text was updated successfully, but these errors were encountered: