[openstack-dev] [glance] HTTP Header encoding policy

Zane Bitter zbitter at redhat.com
Tue Jan 29 15:53:38 UTC 2013


On 29/01/13 06:59, Jay Pipes wrote:
> Agree with Joshua, please do file bugs and they should get fixed up.
>
> Best,
> -jay

OK, done:
https://bugs.launchpad.net/python-glanceclient/+bug/1108969
https://bugs.launchpad.net/glance/+bug/1108979
https://bugs.launchpad.net/glance/+bug/1108994

FWIW a lot of web frameworks (including the ones we're using) don't 
appear to automatically handle this encoding/decoding, even when they do 
handle the encoding/decoding of the body of the request. So 
standardising on UTF-8 would not be the worst thing as far as 
compatibility with real-world clients goes, even though it is 
technically non-compliant, but it does need to be thoroughly documented. 
At the moment encoding is not mentioned in the API docs.

Of course the best solution is not to include user-supplied data in the 
HTTP headers at all, which seems to be what y'all have gone with in the 
v2 API :)

cheers,
Zane.

>
> On 01/26/2013 11:22 PM, Joshua Harlow wrote:
>> I say fix it/file bugs, if we aren't rfc compliant then I would assume all such cases need to be fixed so that openstack can support as many clients as possible.
>>
>> Lets not turn into ie5 :P
>>
>> Sent from my really tiny device...
>>
>> On Jan 25, 2013, at 12:48 PM, "Zane Bitter" <zbitter at redhat.com> wrote:
>>
>>> I've been looking into the way the Glance v1 API handles HTTP headers,
>>> in particular the x-image-meta-name header, which contains user-supplied
>>> data. There seems to be a lot of inconsistency. As near as I can tell:
>>>
>>> * In python-glanceclient
>>>   - The name is encoded as ASCII (by calling str())[1]
>>>   - non-ASCII characters in the name cause a crash
>>>   - characters that are illegal in a header token are not quoted
>>>
>>> * Received headers in Glance
>>>   - Are not decoded in any way, just treated as valid ASCII text[2]
>>>
>>> * Sent (echoed) headers in Glance
>>>   - Are encoded as UTF-8 [3]
>>>   - characters that are illegal in a header token are not quoted
>>>
>>> For reference the format of this header field contents is defined in
>>> section 4.2 of RFC 2616 [4]:
>>>
>>>         field-content  = <the OCTETs making up the field-value
>>>                          and consisting of either *TEXT or combinations
>>>                          of token, separators, and quoted-string>
>>>
>>> ...which must be further interpreted using section 2.2 [5]:
>>>
>>>    The TEXT rule is only used for descriptive field contents and values
>>>    that are not intended to be interpreted by the message parser. Words
>>>    of *TEXT MAY contain characters from character sets other than
>>>    ISO-8859-1 only when encoded according to the rules of RFC 2047.
>>>
>>>         TEXT           = <any OCTET except CTLs,
>>>                          but including LWS>
>>>
>>> ... all of which appears to mean that the correct encoding is iso-8859-1
>>> (which covers many western European languages, but obviously not
>>> Cyrillic scripts, CJKV &c.), with anything beyond that encoded using the
>>> (hideous) MIME header encoding rules[6].
>>>
>>>
>>> Before I start raising bugs, do we have any policy on what values should
>>> be allowed and how they should be encoded? The API docs[7] are silent on
>>> the matter. Is changing the API in this respect even an option at this
>>> point in time?
>>>
>>> thanks,
>>> Zane.
>>>
>>> [1]
>>> https://github.com/openstack/python-glanceclient/blob/0.7.0/glanceclient/v1/images.py#L81
>>> [2]
>>> https://github.com/openstack/glance/blob/grizzly-2/glance/common/utils.py#L233
>>> [3]
>>> https://github.com/openstack/glance/blob/grizzly-2/glance/api/v1/images.py#L950
>>> [4] http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2
>>> [5] http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
>>> [6] http://www.ietf.org/rfc/rfc2047.txt
>>> [7] http://docs.openstack.org/developer/glance/glanceapi.html
>>>
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>




More information about the OpenStack-dev mailing list