Hi Andy,
Il 06/04/2023 16:36, Andrew Newton ha scritto:
On Thu, Apr 6, 2023 at 9:56 AM Mario Loffredo<[email protected]> wrote:
[ML] Sorry for the delay in replying and thanks for this.
Really there are some documents under discussion that would be
eventually affected.
But I wonder where it's stated that query parameters should/must not be
preserved in redirections.
Do you refer to a generally adopted practice or to an IETF document ?
I took a look at RFC 9110 and didn't find specific statements about that.
Because unless the server issuing the redirects explicitly preserves
the query parameters in the new URL, they will not be preserved. My
quick glance of 9110 does not say that query parameters are preserved
so I don't know how a conclusion can be drawn that they are. But we
don't have to be so theoretical about it. We can just try it:
$ curl -vhttps://rdap-bootstrap.arin.net/bootstrap/autnum/2830?someparam=foo
* Trying 199.212.0.160:443...
* Connected to rdap-bootstrap.arin.net (199.212.0.160) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=Virginia; L=Chantilly; O=American Registry for
Internet Numbers, Ltd.; CN=*.arin.net
* start date: Aug 4 00:00:00 2022 GMT
* expire date: Sep 4 23:59:59 2023 GMT
* subjectAltName: host "rdap-bootstrap.arin.net" matched cert's "*.arin.net"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS RSA SHA256 2020 CA1
* SSL certificate verify ok.
GET /bootstrap/autnum/2830?someparam=foo HTTP/1.1
Host: rdap-bootstrap.arin.net
User-Agent: curl/7.79.1
Accept: */*
* Mark bundle as not supporting multiuse
< HTTP/1.1 302
< Date: Thu, 06 Apr 2023 14:23:33 GMT
< Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
< Location:https://rdap.db.ripe.net/autnum/2830
< Content-Length: 0
< Access-Control-Allow-Origin: *
<
* Connection #0 to host rdap-bootstrap.arin.net left intact
-andy
[ML] AFAIU from RFC 9110, removing the query part from the target URI is
a misinterpretation of redirection .
If the original target URI includes the query part, it should be
preserved in the new target URI similarly to the path part.
In addition, if I correctly understood RFC 7484 , the RDAP bootstrap
method consists in replacing only the base RDAP URL of the URI.
Best,
Mario
--
Dott. Mario Loffredo
Technological Unit “Digital Innovation”
Institute of Informatics and Telematics (IIT)
National Research Council (CNR)
via G. Moruzzi 1, I-56124 PISA, Italy
Phone: +39.0503153497
Web:http://www.iit.cnr.it/mario.loffredo
_______________________________________________
regext mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/regext
