Bad example perhaps with If-Match, but substitute for If-None-Match and it’s not a violation.
However, ETags are opaque, so it’s not clear to me how I would distinguish the following: If-None-Match: W/"RYNBLKMNQ/LK" If-None-Match: "W/RYNBLKMNQ/LK" Which one is weak and which one isn’t? On Thu, Oct 29, 2020 at 3:54 PM Joakim Erdfelt joa...@webtide.com <http://mailto:joa...@webtide.com> wrote: So there's 2 topics here, both about field values. > > 1. What does comma mean? > 2. What does dquote mean? > > If there is a comma present, and it's not within a DQUOTE pair, then > that's the delimiter between field-values. > > So that means ... > > *Example 1:* > > X-Foo: apple, banana, pear > > Is a field of name "X-Foo", with 3 values: > 1. apple > 2. banana > 3. pear > > This can also be represented across multiple headers of the same name. > > *Example 2:* > > X-Foo: apple > X-Foo: banana > X-Foo: pear > > Those 2 examples are equivalent field definitions. > > Those 3 values, as they are written, are considered "token" field values > per spec. > > See https://tools.ietf.org/html/rfc7230#section-3.2.6 > > You can have a field value of either: > 1. a token > 2. quoted-string > 3. comment > > The rules for "token" are ... > > token = 1*tchar > > tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" > / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" > / DIGIT / ALPHA > ; any VCHAR, except delimiters > > > Also, it notes that delimiters are (DQUOTE and "(),/:;<=>?@[\]{}") > > > The rules for "quoted-string" are ... > > quoted-string = DQUOTE *( qdtext / quoted-pair ) DQUOTE > qdtext = HTAB / SP /%x21 / %x23-5B / %x5D-7E / obs-text > obs-text = %x80-FF > > > If we take these rules and apply it to your stated example strings ... > > *Your Example 1:* > > If-Match: "ab35ef1bc78", "5be73a9c523" > > This is a field of name "If-Match", with 2 quoted-string values. > > 1. ab35ef1bc78 > 2. 5be73a9c523 > > *Your Example 2:* > > If-Match: W/"ab35ef1bc78", W/"5be73a9c523" > > This is a field of name "If-Match". > It has 2 values, both of which are in violation of the spec. > Why? > This is started to be parsed as a token, as it doesn't start with DQUOTE. > This field-value has 3 forbidden delimiter characters, the "/" is invalid, > and so are the DQUOTE characters. > This example doesn't fit the definition for quoted-string either, as it > doesn't start with DQUOTE. > > If your example was ... > > If-Match: "W/ab35ef1bc78", "W/5be73a9c523" > > Then you would satisfy the quoted-string rules. (as the "/" is %x2F and > within the allowed qdtext definition). > And the parsed definition would be .. > > Field with name "If-Match", with a value list > > 1. W/ab35ef1bc78 > 2. W/5be73a9c523 > > Joakim Erdfelt / joa...@webtide.com > > > On Thu, Oct 29, 2020 at 2:21 PM Cantor, Scott <canto...@osu.edu> wrote: > >> On 10/29/20, 3:14 PM, "jetty-users-boun...@eclipse.org on behalf of Nils >> Kilden-Pedersen" <jetty-users-boun...@eclipse.org on behalf of >> nil...@gmail.com> wrote: >> >> > I disagree. The quotes are part of the value and are significant. >> >> I agree. >> >> I was curious about this and followed the thread because I make use of >> the etags feature in the DefaultServlet. It seems to operate properly so >> far as it goes, but that may be due to simply expecting and handling the >> fact that the quotes are gone, or by not properly handling weak vs.strong >> comparison. >> >> But if something behind the server were looking at the header value, it >> would be getting a corrupted value out to compare with its own copy of the >> tag if it had produced it. >> >> -- Scott >> >> >> _______________________________________________ >> jetty-users mailing list >> jetty-users@eclipse.org >> To unsubscribe from this list, visit >> https://www.eclipse.org/mailman/listinfo/jetty-users >> > _______________________________________________ > jetty-users mailing list > jetty-users@eclipse.org > To unsubscribe from this list, visit > https://www.eclipse.org/mailman/listinfo/jetty-users >
_______________________________________________ jetty-users mailing list jetty-users@eclipse.org To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users