Closed Bug 775208 Opened 12 years ago Closed 12 years ago

Clarify handling of reserved comma character in URIs

Categories

(Cloud Services Graveyard :: Server: Sync, defect)

Product:
Cloud Services Graveyard
Component:
Server: Sync
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: gps, Unassigned)

Details

(Whiteboard: [qa?])

Attachments

(1 file)

patch adding a test with percent-encoded commas
1.56 KB, patch
telliott
: review+
gps
: feedback+
Details | Diff | Splinter Review 
We need to clarify how commas are handled in URIs to storage service 2.0.

Per https://tools.ietf.org/html/rfc3986#section-2.2, "," is a reserved character. This means some clients will percent encode it to "%2C" when it is seen in the query string to collection GET and DELETE URIs.

I can't remember exactly what RFCs take precedence here, but I /think/ there may be some flexibility in choosing to percent encode "," because it isn't being used as a delimiter in the query string. Still, a client might be conservative and percent encode *all* reserved characters, regardless of whether its not being used as a delimiter. JavaScript's encodeURIComponent (https://developer.mozilla.org/en/JavaScript/Reference/Global_Objects/encodeURIComponent) does this, for example.

Anyway, there are no examples in the 2.0 spec, so it isn't clear what clients should do. The spec should clarify this with examples. I would vote for accepting both. If the server applies percent decoding on the value in the query string, it should be a noop. Not sure if it does this today.

My JS server implementation explicitly splits on comma without percent decoding and it chokes when it sees percent encoding. It passes the Python functional tests. So, I think we need additional functional tests ensuring the server handles percent encoding properly.

I will follow a separate bug to tackle the JS server changes to support percent encoding.
I think this is a wider bug, which is essentially "make sure servers do percent decoding always". That's basically free on modern frameworks, though - they do it before we even get to code we handle.
Adding python functional test case.  :gps, any other interesting corners this needs to cover?
Attachment #643650 - Flags: review?(telliott)
Attachment #643650 - Flags: feedback?(gps)
Comment on attachment 643650 [details] [diff] [review]
patch adding a test with percent-encoded commas

I was first confused because the test was named "delete_ids" but it also contained a test for GET. Looks good though.
Attachment #643650 - Flags: feedback?(gps) → feedback+
(In reply to Gregory Szorc [:gps] from comment #3)
> I was first confused because the test was named "delete_ids" but it also
> contained a test for GET. Looks good though.

Right, good point, I will change this to "test_specifying_ids_with_percent_encoded_query_string"
Whiteboard: [qa?]
Attachment #643650 - Flags: review?(telliott) → review+
Product: Cloud Services → Cloud Services Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: