[openstack-dev] [glance] HTTP Header encoding policy

Joshua Harlow harlowja at yahoo-inc.com
Sun Jan 27 04:22:36 UTC 2013 

I say fix it/file bugs, if we aren't rfc compliant then I would assume all such cases need to be fixed so that openstack can support as many clients as possible.

Lets not turn into ie5 :P

Sent from my really tiny device...

On Jan 25, 2013, at 12:48 PM, "Zane Bitter" <zbitter at redhat.com> wrote:

> I've been looking into the way the Glance v1 API handles HTTP headers, 
> in particular the x-image-meta-name header, which contains user-supplied 
> data. There seems to be a lot of inconsistency. As near as I can tell:
> 
> * In python-glanceclient
>  - The name is encoded as ASCII (by calling str())[1]
>  - non-ASCII characters in the name cause a crash
>  - characters that are illegal in a header token are not quoted
> 
> * Received headers in Glance
>  - Are not decoded in any way, just treated as valid ASCII text[2]
> 
> * Sent (echoed) headers in Glance
>  - Are encoded as UTF-8 [3]
>  - characters that are illegal in a header token are not quoted
> 
> For reference the format of this header field contents is defined in 
> section 4.2 of RFC 2616 [4]:
> 
>        field-content  = <the OCTETs making up the field-value
>                         and consisting of either *TEXT or combinations
>                         of token, separators, and quoted-string>
> 
> ...which must be further interpreted using section 2.2 [5]:
> 
>   The TEXT rule is only used for descriptive field contents and values
>   that are not intended to be interpreted by the message parser. Words
>   of *TEXT MAY contain characters from character sets other than
>   ISO-8859-1 only when encoded according to the rules of RFC 2047.
> 
>        TEXT           = <any OCTET except CTLs,
>                         but including LWS>
> 
> ... all of which appears to mean that the correct encoding is iso-8859-1 
> (which covers many western European languages, but obviously not 
> Cyrillic scripts, CJKV &c.), with anything beyond that encoded using the 
> (hideous) MIME header encoding rules[6].
> 
> 
> Before I start raising bugs, do we have any policy on what values should 
> be allowed and how they should be encoded? The API docs[7] are silent on 
> the matter. Is changing the API in this respect even an option at this 
> point in time?
> 
> thanks,
> Zane.
> 
> [1] 
> https://github.com/openstack/python-glanceclient/blob/0.7.0/glanceclient/v1/images.py#L81
> [2] 
> https://github.com/openstack/glance/blob/grizzly-2/glance/common/utils.py#L233
> [3] 
> https://github.com/openstack/glance/blob/grizzly-2/glance/api/v1/images.py#L950
> [4] http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2
> [5] http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
> [6] http://www.ietf.org/rfc/rfc2047.txt
> [7] http://docs.openstack.org/developer/glance/glanceapi.html
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

More information about the OpenStack-dev mailing list