-
Notifications
You must be signed in to change notification settings - Fork 11
Use 'get a structured header' term from Fetch #2
Conversation
Why isn't https://tools.ietf.org/html/draft-ietf-httpbis-header-structure-14#section-4.2 used as the entry point with the header's byte sequence value? It seems the spec now doesn't skip OWS and doesn't support parameters. Is that intentional? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
OK I've changed this to call the main entry point 4.2 with the byte sequence, and handle the returned tuple (bare_item, parameters). It wasn't clear to me whether Structured Headers would fail parsing if the type isn't a token, so I explicitly said that should happen. I also banned parameters, but maybe we want to ignore parameters instead? I also removed an inline issue since that issue appears to be resolved, and Structured Headers how takes a byte sequence as input and converts it to an ASCII string. |
@mnot and @annevk might have opinions about how they'd like this integration to work from a Structured Headers/Fetch standpoint. It's probably reasonable, for example, to add something like a "get a structured header In the status quo, this patch matches my understanding of what we need to do. SH gives you a raw parse of the header, and then it falls upon the spec to determine whether the result is acceptable. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I would prefer we put an abstraction in Fetch.
In whatwg/fetch#930 I sketched something where for a header list there's an algorithm that takes a name and a type and returns failure or a representation of type. I think that still makes sense.
One other consideration I suppose is whether we should map structured header values to Infra values somehow for ease of use in specification algorithms and compatibility with IDL.
index.bs
Outdated
2. Let |parsed policy| be the result of executing the [$Structured Header parsing algorithm$] | ||
with <var ignore>input_string</var> set to |header|, and <var ignore>header_type</var> set | ||
to "`item`". | ||
If |parsed policy| is not a token, fail parsing. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If |parsed policy| is not a token, fail parsing. | |
If |parsed policy| is not a [=structured header/token=], fail parsing. |
index.bs
Outdated
passing it into the parsing algorithm? | ||
|
||
3. If |parsed policy| is "`require-corp`", set |policy| to "`require-corp`". | ||
2. If parsing did not fail and |parsed policy| is "`require-corp`", then set |policy| to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is fine for the moment, but I don't really like the implicitness of "parsing failed". I'd prefer for the parsing algorithm to return something that we interpret as failure. Like null
? (Obviously, this isn't the first place we're using this pattern, URL parsing comes to mind as well, but I don't like it there either. :) )
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't really mind how Structured Headers words it, but I agree that whatever we add in Fetch will have to do something like that. Bridging with the IETF world is always going to look a little clunky I suppose, though this is miles ahead of the pack.
(I suspect we want null for header not present, failure for failures, and instance of typed thingie.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see now that URL parser does "return failure", which is nicer than I remember. That explicit model seems reasonable to me. It might be nice to define that pattern via Infra?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mikewest could you open an issue on SH regarding this?
As discussed in #930 and WICG/cross-origin-embedder-policy#2, this patch adds a "get" method on header lists that allows consistent extraction of structured headers.
I probably do have opinions, but I'm out until the first week in Jan... |
In web-platform-tests/wpt#20852 (comment) @domenic said that parameters should be ignored, not fail parsing. This PR says to fail parsing. Which should we do? From the Structured Headers spec, I think the intent is that unknown parameters should generally be ignored. |
From structured headers' perspective, we should be able to parse headers with all the junk that can be attached to bits and pieces of the header's value according to the SH grammar. From this specific header's perspective, it may be reasonable to impose additional restrictions on the header's syntax. My main concern here is forward compatibility with new things we introduce. In particular for COEP, I expect that we'll want to introduce something like It occurs to me now that we've dealt with unknown in the past for things like Referrer-Policy by ignoring the whole header, which allowed developers to do things like That's a bit weird. I wonder if @mnot has opinions about this from the HTTP side (though I think he's going to be out until January), or @annevk from the Fetch side. |
The SH spec seems pretty clear on the intent:
I tend to agree with the SH spec, and don't see any reason to disallow parameters. They could be useful in the future and disallowing them just creates future compatibility problems, for no gain that I can see. |
As discussed in #930 and WICG/cross-origin-embedder-policy#2, this adds a "get" algorithm on header lists that allows consistent extraction of structured header values.
whatwg/fetch@8ca6148 landed in Fetch; @zcorpan, would you be interested in taking another pass at this, using that algorithm? |
Done. This now has conflicts with master, but I'd like to squash before rebasing, since |
See whatwg/fetch#983 Change duplicate requirements in the Framework section to non-normative note. Fail parsing if SH parameters are present, until SH is more stable.
7ecea11
to
d14cdf6
Compare
I've squashed and rebased this now. |
ISSUE(httpwg/http-extensions#662): The ASCII requirements of Structured Headers are | ||
somewhat unclear to me. Do we need to check whether |header| is an [=ASCII string=] before | ||
passing it into the parsing algorithm? | ||
4. If |parameters| is not empty, then return |policy|. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should ignore parameters as we do for Content-Type
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have you changed your opinion since whatwg/html#5172 (comment) ?
I believe this PR is equivalent to "byte-case-sensitive comparison of the value with the allowed strings".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, I think that's what we want long term. Perhaps instead we should add an open issue of sorts about changing that once SH is stable?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've filed whatwg/html#5220
Do you think there should be an inline issue in the spec also?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I meant an inline marker.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
3. If |parsed policy| is "`require-corp`", set |policy| to "`require-corp`". | ||
ISSUE: This step is expected to change when the Structured Headers for HTTP specification is | ||
more stable. See [whatwg/html issue #5172](https://github.com/whatwg/html/issues/5172). | ||
[[I-D.ietf-httpbis-header-structure]] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm fine with landing this just to correct the current text, but I think we're at the point where the IETF WG considers SH pretty close to done. I'd be surprised if something like parameterized items changed substantially at this point.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(So, LGTM from my side. If @annevk's also happy, land it. :))
Looks like it, @annevk. I'll close this. cc @yutakahirano |
See whatwg/fetch#983
Change duplicate requirements in the Framework section to non-normative note.
Fail parsing if SH parameters are present, until SH is more stable.