From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Daniele Nicolodi <daniele@grinta.net>
Newsgroups: gmane.emacs.bugs
Subject: bug#42382: 26.3;
 url-http handling of Location redirection headers containing
 whitespace
Date: Thu, 16 Jul 2020 10:30:49 -0600
Message-ID: <4225b17a-c74f-64ed-4270-3689979de066@grinta.net>
References: <875e714c-28f3-7a4e-7a9e-0f4ce640e336@grinta.net>
 <m2pn8vsare.fsf@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="26811"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0)
 Gecko/20100101 Thunderbird/68.10.0
Cc: 42382@debbugs.gnu.org
To: Robert Pluim <rpluim@gmail.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Thu Jul 16 18:52:13 2020
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1jw77F-0006tR-4R
	for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 16 Jul 2020 18:52:13 +0200
Original-Received: from localhost ([::1]:60432 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1jw77E-0001Jp-3G
	for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 16 Jul 2020 12:52:12 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:57218)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1jw774-0001JX-8k
 for bug-gnu-emacs@gnu.org; Thu, 16 Jul 2020 12:52:04 -0400
Original-Received: from debbugs.gnu.org ([209.51.188.43]:44304)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1jw773-0003GX-UI
 for bug-gnu-emacs@gnu.org; Thu, 16 Jul 2020 12:52:01 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1jw773-00024J-Rn
 for bug-gnu-emacs@gnu.org; Thu, 16 Jul 2020 12:52:01 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Daniele Nicolodi <daniele@grinta.net>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Thu, 16 Jul 2020 16:52:01 +0000
Resent-Message-ID: <handler.42382.B42382.15949183217945@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 42382
X-GNU-PR-Package: emacs
Original-Received: via spool by 42382-submit@debbugs.gnu.org id=B42382.15949183217945
 (code B ref 42382); Thu, 16 Jul 2020 16:52:01 +0000
Original-Received: (at 42382) by debbugs.gnu.org; 16 Jul 2020 16:52:01 +0000
Original-Received: from localhost ([127.0.0.1]:55850 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1jw772-000244-Fy
 for submit@debbugs.gnu.org; Thu, 16 Jul 2020 12:52:01 -0400
Original-Received: from grinta.net ([109.74.203.128]:43606)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <daniele@grinta.net>) id 1jw6mc-0001a4-F1
 for 42382@debbugs.gnu.org; Thu, 16 Jul 2020 12:30:55 -0400
Original-Received: from 688dnmac.campus.nist.gov (c-73-229-170-236.hsd1.co.comcast.net
 [73.229.170.236]) (Authenticated sender: daniele)
 by grinta.net (Postfix) with ESMTPSA id ADC5FE0970;
 Thu, 16 Jul 2020 16:30:52 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=grinta.net; s=2020;
 t=1594917053; bh=MoNUknGqY2HWJdzvxgci35eNz/bJfEp+jQMZ5a8Qc2Y=;
 h=Subject:To:Cc:References:From:Date:In-Reply-To:From;
 b=DAQb1OGeatJNciSkXpokgtTCLOjVeHafQKK+AUo6rd7GLyA71q3nn9dM2JT261Mwa
 W4x46VD9fCgZs+T7Mi+6FzUuyM+6ssZ8PWNfByy3lJahW5Oaw6doB3leh0QaUoeUnl
 upeVrTTEuaYo/jHKYXgyDfgrscjOUAtnIyfdxg2FWvyKYxVteMoq8r7oxycNgdtQRP
 806Bbrs03k7WHDsmxZLyDkgTX0KouvCEtd1GN8byMrs4om0jSSXRCMWWWC8Nxeag4z
 yIYMWRHudexqwuWO7M7JTAzTJKOR1wJmkXmDeWcTsUYefMGESYVnKOnJA/TkcAxzrt
 qBVZRe00K5NOQ==
In-Reply-To: <m2pn8vsare.fsf@gmail.com>
Content-Language: en-US
X-Mailman-Approved-At: Thu, 16 Jul 2020 12:51:59 -0400
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: "bug-gnu-emacs"
 <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.bugs:183084
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/183084>

On 16-07-2020 10:08, Robert Pluim wrote:
>>>>>> On Wed, 15 Jul 2020 14:40:36 -0600, Daniele Nicolodi <daniele@grinta.net> said:
> 
>     Daniele> In RFC 7231 the Location header is defined to carry a URI-reference.
>     Daniele> According to RFC 3986 it should be percent-encoded and thus should not
>     Daniele> contain spaces. However, there are HTTP server implementation (notably
>     Daniele> nginx) that do not do that. While this is a bug in those HTTP server
>     Daniele> implementations, I think Emacs should follow what most other HTTP client
>     Daniele> implementatios (all the ones I tested) and use the content of the
>     Daniele> Location header unmodified. Stripping of angle bracket quotes is
>     Daniele> unnecessary as they are not valid according to the RFCs.
> 
> Nor is embedded whitespace in the URI :-)

I don't understand this remark. Truncating at the first whitespace
character (current behavior) is a valid arbitrary decision for an
RFC-invalid URI-reference value. However, it is different from what all
other HTTP clients implement and it results in practical problems.

> Are you sure this won't break anything? ie are you sure there are 0
> server implementations out there that send angle brackets?

I don't see any reason why there should be angle brackets around the
value of a Location header and the current code or changelog or commit
messages does not provide a justification or a case where these have
been encountered. No other HTTP client I looked at does something like
this. I think there are many HTTP client implementations out there that
are more widely used and tested for interoperability than url-http.

> Iʼd be conservative, and just replace the truncation on whitespace
> with percent-encoding of said whitespace.

Why is percent-encoding better? The URI-reference value should not be
interpreted in any way, simply passed along. Again, all other HTTP
clients I looked at do not do this, or other manipulation of the header.

>     Daniele> Also, accordingly to the RFCs, the location header may contain a
>     Daniele> relative location. Thus the comment that suggest that such a response is
>     Daniele> a bug in the server should be reworded.
> 
>     Daniele> The attached patches implement the proposed changes.
> 
> The second patch is small enough that I think you can combine the two.

They are divided to provide justification for the changes in the commit
messages.

Thank you.

Daniele