Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

replace LWS with a single SP in header values #224

Merged
merged 1 commit into from
Jun 10, 2011
Merged

replace LWS with a single SP in header values #224

merged 1 commit into from
Jun 10, 2011

Conversation

punytan
Copy link
Contributor

@punytan punytan commented Jun 10, 2011

:)

miyagawa added a commit that referenced this pull request Jun 10, 2011
@miyagawa
Merge pull request #224 from punytan/rfc-field-value
c0c8067 
replace LWS with a single SP in header values
@miyagawa miyagawa merged commit c0c8067 into plack:master Jun 10, 2011
@miyagawa
Copy link
Member

OK, merged. Did we need the URI->new stuff for Location when replacing LWS with SP is sufficient?

@punytan
Copy link
Contributor Author

punytan commented Jun 10, 2011

Query parameters in URI should be percent encoded before finalize is called because it can contain %0D, %0A or something else.
Without URI->new->as_string, the passed URI will be broken by replacement of LWS, \r and \n.

And, we can't recognize whether we should pass percent encoded parameters or not from the documentation of redirect and location.
A problem will occur again: We need to re-implement redirect and location method in some framework that inherits Plack::Response.

If we omit this process, I expect framework developers should implement the same code.

@miyagawa
Copy link
Member

Without URI->new->as_string, the passed URI will be broken by replacement of LWS, \r and \n

That's fine, because you've given an invalid URI in the first place. What is more important here is to not generate invalid PSGI headers (because newlines in header values is invalid in PSGI), rather than not generate invalid URI.

If we omit this process, I expect framework developers should implement the same code.

Yeah, but then we could better just kill the redirect() and location() method instead altogether.

I really, really hate to put framework-like code inside Plack, and this is why I separated the Plack::Request and Response from the core dist, and then writing middleware becomes kind of painful, so i merged it back, but i guess it's time to do it again. sigh

@miyagawa
Copy link
Member

And, we can't recognize whether we should pass percent encoded parameters or not from the documentation of redirect and location.

Fair point, but is it then also not obvious (or at least, undocumented either) where: $r->location($url) would normalize the URL but $r->header(Location => $url) wouldn't? At least, the document of the location method is clear - it sets/gets Location header. Doesn't say anything about normalize the given URI.

@miyagawa
Copy link
Member

We need to re-implement redirect and location method in some framework that inherits Plack::Response.

I honestly don't believe it. Let's say we have a $foo variable that contains some binary variables, such as UTF-8 bytes for "テスト". Of course it might contain newlines, too.

$res->header("X-Foo" => $foo);
$res->header("Location" => "http://example.com/?foo=$foo");
$res->location("http://example.com/?foo=$foo");

To me it does sound a little weird, or at least inconsistent, that only the location method normalizes the given string.

You're right that most frameworks need to implement the method to abstract this, but I'm sure it would be different from redirect or location - it would actually be more like uri_for - that takes parameters in hash/list and encodes them appropriately, and then pass to the location method etc.

$res->redirect( $self->uri_for("/action", { foo => $foo }) )

I confirmed this with Catalyst - Catalyst::Response doesn't really special-case redirect method.

miyagawa added a commit that referenced this pull request Jun 10, 2011
@miyagawa
Undo special-casing location() setter. #224
877e10d 
See https://github.com/miyagawa/Plack/pull/224 for details.
@punytan
Copy link
Contributor Author

punytan commented Jun 10, 2011

That's fine, because you've given an invalid URI in the first place. What is more important here is to not generate invalid PSGI headers (because newlines in header values is invalid in PSGI), rather than not generate invalid URI.

I agree. You convinced me that you are right.
That was my misunderstanding.

Yeah, but then we could better just kill the redirect() and location() method instead altogether.

I think that deleting redirect() and location() methods is not so bad substitution if you hate to put framework-like code.

miyagawa added a commit that referenced this pull request Jun 10, 2011
@miyagawa
Added a note about NOT normalizing URIs #224
d7b446d
@miyagawa
Copy link
Member

Great that we found an agreement :) I added a note to make the documentation less confusing just in case.

Just for the note: the current code still makes a room for developers to give invalid URI to the Location field, but it's totally fine - you can also give non-integer value to Content-Length, or invalid MIME type to Content-Type, and so on - it is not Plack::Response's responsibility to validate them.

@punytan
Copy link
Contributor Author

punytan commented Jun 10, 2011

Just for the note: the current code still makes a room for developers to give invalid URI to the Location field, but it's totally fine

Yep, that's fine :)

miyagawa added a commit that referenced this pull request Jul 19, 2011
@miyagawa
Checking in changes prior to tagging of version 0.9981.
69b063b 
Changelog diff is:

diff --git a/Changes b/Changes
index 6ed82dd..f57496c 100644
--- a/Changes
+++ b/Changes
@@ -2,6 +2,29 @@ Revision history for Perl extension Plack

 Take a look at http://github.com/miyagawa/Plack/issues for the planned changes before 1.0 release.

+0.9981  Mon Jul 18 17:24:11 PDT 2011
+    [BUG FIXES]
+        - Plack::Request: Added a sanity check to remove newlines from headers to follow
+          the PSGI specification #224
+        - HTTPParser::PP: Fixed warnings #225
+        - plackup now prints errors to psgi.errors rather than STDERR
+        - Fixes issues with undef returned from streaming handler in middleware #231
+        - ContentLength: Do not auto-add Content-Length from block devices, pipes and
+          character files
+
+    [NEW FEATURES]
+        - HTTPExceptions: Support ->as_psgi method on exceptions (doy)
+        - FastCGI: Support psgix.harakiri
+
+    [IMPROVEMENTS]
+        - Lint: Added more checks to validate header values
+        - StackTrace: Strip caller information since it is not useful anyway
+        - HTTPExceptions: Added rethrow option (doy)
+        - Misc. doc fixes on plackup (chromatic)
+        - binmode STDIN for CGI handler for Win32 #218
+        - Remove the test that tests Server specific handling of Transfer-Encoding
+        - Fixed POD link (audreyt)
+
 0.9980  Mon Jun  6 20:24:25 PDT 2011
     [BUG FIXES]
         - Fixed a bug where restarting loader doesn't terminate children (#209)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@punytan @miyagawa