subject:"\[Django\] #27083\: Problems with ETag parsing and comparison"

Re: [Django] #27083: Problems with ETag parsing and comparison

2016-09-02 Thread Django

#27083: Problems with ETag parsing and comparison
---+
 Reporter:  marfire|Owner:  marfire
 Type:  Bug|   Status:  assigned
Component:  HTTP handling  |  Version:  master
 Severity:  Normal |   Resolution:
 Keywords: | Triage Stage:  Accepted
Has patch:  1  |  Needs documentation:  0
  Needs tests:  0  |  Patch needs improvement:  0
Easy pickings:  0  |UI/UX:  0
---+
Changes (by marfire):

 * needs_better_patch:  1 => 0
 * needs_tests:  1 => 0
 * needs_docs:  1 => 0


--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.2a5f3db8c6eab4a3f4da9716e7812f42%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #27083: Problems with ETag parsing and comparison

2016-08-18 Thread Django

#27083: Problems with ETag parsing and comparison
---+
 Reporter:  marfire|Owner:  marfire
 Type:  Bug|   Status:  assigned
Component:  HTTP handling  |  Version:  master
 Severity:  Normal |   Resolution:
 Keywords: | Triage Stage:  Accepted
Has patch:  1  |  Needs documentation:  1
  Needs tests:  1  |  Patch needs improvement:  1
Easy pickings:  0  |UI/UX:  0
---+
Changes (by timgraham):

 * stage:  Unreviewed => Accepted


--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.deba0f0d04e87ed3da670001dc596474%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #27083: Problems with ETag parsing and comparison

2016-08-18 Thread Django

#27083: Problems with ETag parsing and comparison
---+--
 Reporter:  marfire|Owner:  marfire
 Type:  Bug|   Status:  assigned
Component:  HTTP handling  |  Version:  master
 Severity:  Normal |   Resolution:
 Keywords: | Triage Stage:  Unreviewed
Has patch:  1  |  Needs documentation:  1
  Needs tests:  1  |  Patch needs improvement:  1
Easy pickings:  0  |UI/UX:  0
---+--
Changes (by marfire):

 * status:  new => assigned
 * cc: k@… (added)
 * needs_better_patch:   => 1
 * needs_tests:   => 1
 * owner:  nobody => marfire
 * needs_docs:   => 1
 * has_patch:  0 => 1


Comment:

 [https://github.com/django/django/pull/7112 PR]

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.136390325158500709fdb0f7d20b89c9%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

[Django] #27083: Problems with ETag parsing and comparison

2016-08-18 Thread Django

#27083: Problems with ETag parsing and comparison
---+
Reporter: marfire| Owner: nobody
Type: Bug| Status: new
Component: HTTP handling |Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
---+
There are a number of problems with the way Django currently parses and
compares ETags. The main issue is that we don't properly distinguish
between weak and strong ETags. Specifically:

- Since we don't distinguish between weak and strong ETags, all of our
comparisons are implicitly weak (see
[https://tools.ietf.org/html/rfc7232#section-2.3.2 section 2.3.2 of RFC
7232]). The specification, however, says that we "MUST use the strong
comparison function when comparing entity-tags for `If-Match`" (section
3.1).
- There's no way to supply a weak ETag via the `condition()` decorator.
- If the developer specifies a weak ETag directly (by assigning to the
`ETag` header in the response), we don't parse it properly and it will
never match.
- We interpret the ETag format and implement the matching algorithm based
on the old specification (RFC 2616), not the new one (RFC 7232). They are
somewhat different.

Correcting this is mostly straightforward. The only tricky issue is what
to do about the ETags returned from `etag_func()` in the `condition()`
decorator. We currently treat these as unquoted (and implicitly strong)
ETags. We can't suddenly require these to be quoted ETags since that would
break backwards compatibility.

Instead we can allow either quoted or unquoted ETags to be returned. Since
quotes are not an allowed character in the unquoted part of the ETag under
the new specification, there won't be any ambiguity. Existing code will
work as before, but it will now be possible for someone to provide an
`etag_func()` that returns a weak ETag.

There is still the possibility of a backwards incompatibility, though,
since as noted above the current ETag specification is slightly
incompatible with the old one (having to do with changing from an escaped
string to an opaque string). That is, there exist ETags that would have
been valid and would have matched under the old specification that will
not match after this change. I would expect actual use of such ETags to be
rare or nonexistent, and since the problem would be caused by user code
that is incompatible with the HTTP specification this doesn't seem like a
fatal problem.

--
Ticket URL:
Django
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/050.a1e908320ee19af71356ccd09b7f231d%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #27083: Problems with ETag parsing and comparison

Re: [Django] #27083: Problems with ETag parsing and comparison

Re: [Django] #27083: Problems with ETag parsing and comparison

[Django] #27083: Problems with ETag parsing and comparison

4 matches

Site Navigation

Mail list logo

Footer information