-
Notifications
You must be signed in to change notification settings - Fork 593
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multipart-Form-Data in akka-http, missing quotes in Content-Disposition field #386
Comments
Comment by ktoso Please open the issue on github.com/akka/akka-http instead, sinve the project has moved. AFAIR there is no need to quote these according to the https://tools.ietf.org/html/rfc6266 spec
notice the Let's please continue in the right repo. |
Issue by KrzyMucha Information about requirement I found here: https://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html, paragraph 19.5.1 Content-Disposition
|
Seems you're right, according to https://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1 @KrzyMucha. |
I can do fix |
I'm pretty sure there should be a related ticket lurking somewhere. |
This seems to be a duplicate of akka/akka#18788. There we concluded that RFC 2616 is not the most recent one and RFC 6266 also allows filename parameter values without quotes. Still, if this was only recently changed (2011) it might make sense to add extra quotes even if they are not strictly required by the latest spec. |
Appendix A of RFC 6266 says:
|
Also looking at this stackoverflow answer which seems to imply that browsers also seem to be very confused about what they generate. (Though I guess it would need to be re-checked with recent browsers.) |
What I found is that other clients (I checked curl and dispatch.io) put values of parameters name and filename in quoted marks, like this:
Should the fix enforce similar behaviour for akka-http? |
Seems that would be perhaps safer than now. |
…on header according to rfc2616 akka#386
@ktoso I created pull request for this, however I made some mess before (first time on github doing this). Anyway doing my best :) |
Cool, thanks a lot Krzysztof :-) |
) Original RFC 2616 and newer RFC 6266 give different grammars / recommendations whether to quote parameter values. It seems that current software is still confused about what to accept and what not. Appendix A of RFC 6266 says: RFC 2616 only allows "quoted-string" for the filename parameter. This would be an exceptional parameter syntax, and also doesn't reflect actual use. This doesn't mean that quotes are strictly required, so, given the reports of breakage without quotes, let's force quotes for now for Content-Disposition parameters.
Fixed by #471. |
akka#471) Original RFC 2616 and newer RFC 6266 give different grammars / recommendations whether to quote parameter values. It seems that current software is still confused about what to accept and what not. Appendix A of RFC 6266 says: RFC 2616 only allows "quoted-string" for the filename parameter. This would be an exceptional parameter syntax, and also doesn't reflect actual use. This doesn't mean that quotes are strictly required, so, given the reports of breakage without quotes, let's force quotes for now for Content-Disposition parameters.
Issue by KrzyMucha
Wednesday Oct 12, 2016 at 08:05 GMT
Originally opened as akka/akka#21656
When we use akka-http for http request with following code:
Then Http request is as follows
Parameters filename and file are without quotation marks. However following HTTP specification this params should be quoted. As result some servers (ex. "django" app) are not able to see attached files.
The text was updated successfully, but these errors were encountered: