Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFC 2822 should not be recommended for handling HTTP requests #151

Closed
camper42 opened this issue Nov 1, 2024 · 5 comments · Fixed by #154
Closed

RFC 2822 should not be recommended for handling HTTP requests #151

camper42 opened this issue Nov 1, 2024 · 5 comments · Fixed by #154

Comments

@camper42
Copy link

camper42 commented Nov 1, 2024

According to RFC 9110, the preferred date/time format for HTTP is defined by RFC 5322, which has replaced RFC 2822.

One notable difference is that the zone field should always use GMT or be omitted (implying GMT), rather than using the format (( "+" / "-" ) 4DIGIT) / obs-zone.

we faced an header issue while using uv, which use jiff processing HTTP header.
@BurntSushi
Copy link
Owner

This is interesting, because I had thought RFC 2822 specifically defined the date format for use in things like HTTP. But it does seem like RFC 9110 defines something a bit stricter. It is also interesting that most HTTP servers seem to happily accept RFC 2822, and indeed, the stricter format prescribed by RFC 9110 is compatible with RFC 2822 from what I can tell. So if HTTP servers use an RFC 2822 parser, then they would read Jiff's output fine. But an HTTP server that exclusively supports the latest updates to RFC 9110 would not.

Either way, I think MDN is probably right here. I'll add a new method for printing timestamps in a way that is explicitly compatible with RFC 9110. One additional thing, besides using GMT instead of -0000, is that two digits for the day are always used. (This makes it a fixed length value.)

Now I'm left wondering what relationship RFC 2822 has to HTTP.

@BurntSushi
Copy link
Owner

And perhaps even more confusingly, RFC 2822 considers the use of GMT (instead of -0000, which mean the same thing) to be obsolete: https://datatracker.ietf.org/doc/html/rfc2822#section-3.3

BurntSushi added a commit that referenced this issue Nov 1, 2024
@BurntSushi
fmt/rfc2822: add routines explicitly for RFC 9110
2c05b3f 
It seems that RFC 9110 does not support offsets like `-0000` in the
date format, and also requires that days be padded to two digits in all
cases. This meant that Jiff's RFC 2822 output was, strictly speaking,
incompatible with a strict implementation of RFC 9110. For example, it
would output this:

    Thu, 1 Jan 1970 00:00:01 -0000

Where RFC 9110 would want this:

    Thu, 01 Jan 1970 00:00:01 GMT

I am actually still unclear as to the relationship between
RFC 2822/5322 and RFC 9110, but as far as I know, RFC 2822
has been obsoleted by RFC 5322, but RFC 5322 does not seem
to make any meaningful changes to the datetime format:
https://datatracker.ietf.org/doc/html/rfc5322#section-3.3

But, since it seems like the RFC 9110 format is a subset of the RFC
2822/5322 format, and since [MDN clearly stipulates the use of RFC
9110], we add a new method that outputs a RFC 2822 compatible timestamp
that is explicitly compatible with RFC 9110.

Fixes #151

[MDN clearly stipulates the use of RFC 9110]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-Modified-Since
This was referenced Nov 1, 2024
Merged
Closed
BurntSushi added a commit that referenced this issue Nov 1, 2024
@BurntSushi
fmt/rfc2822: add routines explicitly for RFC 9110
2f57962 
It seems that RFC 9110 does not support offsets like `-0000` in the
date format, and also requires that days be padded to two digits in all
cases. This meant that Jiff's RFC 2822 output was, strictly speaking,
incompatible with a strict implementation of RFC 9110. For example, it
would output this:

    Thu, 1 Jan 1970 00:00:01 -0000

Where RFC 9110 would want this:

    Thu, 01 Jan 1970 00:00:01 GMT

I am actually still unclear as to the relationship between
RFC 2822/5322 and RFC 9110, but as far as I know, RFC 2822
has been obsoleted by RFC 5322, but RFC 5322 does not seem
to make any meaningful changes to the datetime format:
https://datatracker.ietf.org/doc/html/rfc5322#section-3.3

But, since it seems like the RFC 9110 format is a subset of the RFC
2822/5322 format, and since [MDN clearly stipulates the use of RFC
9110], we add a new method that outputs a RFC 2822 compatible timestamp
that is explicitly compatible with RFC 9110.

Fixes #151

[MDN clearly stipulates the use of RFC 9110]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-Modified-Since
@camper42
Copy link
Author

camper42 commented Nov 1, 2024

RFC 5322 (Internet Message Format):

  • Document type: RFC - Draft Standard
  • Updated by RFC 6854
  • Obsoletes RFC 2822

From RFC 5322 Abstract:

This document specifies the Internet Message Format (IMF), a syntax
for text messages that are sent between computer users, within the
framework of "electronic mail" messages. This specification is a
revision of Request For Comments (RFC) 2822, which itself superseded
Request For Comments (RFC) 822, "Standard for the Format of ARPA
Internet Text Messages", updating it to reflect current practice and
incorporating incremental changes that were specified in other RFCs.

RFC 6854 (Update to Internet Message Format to Allow Group Syntax in the "From:" and "Sender:" Header Fields):

  • Document type: RFC - Proposed Standard

RFC 2822 (Internet Message Format)

  • Document type: RFC - Proposed Standard
  • Obsoleted by RFC 5322
  • Updated by RFC 5336, RFC 5335

RFC 9110 (HTTP Semantics)

  • Document type: RFC - Internet Standard

RFC 6854 seems unrelated to date/time format, RFC 5322 is a Draft Standard but preferred by
RFC 9110 (a Internet Standard).

according to About RFCs Statuses, RFC 9110 has higher priority, and even if RFC 5322 is a Draft Standard(An intermediate stage that is no longer used for new standards), it should be prefererd over RFC2822.

@BurntSushi
Copy link
Owner

BurntSushi commented Nov 1, 2024
edited
Loading

Yeah RFC 5322 and RFC 2822 define the same datetime format, so that part is fine. It's the interplay between RFC 9110 and RFC 5322 that is pretty confusing to me. I missed this before, but RFC 9110 does say this:

The preferred format is a fixed-length and single-zone subset of the date and time specification used by the Internet Message Format [RFC5322].

But note that RFC 9110 also says this:

Recipients of timestamp values are encouraged to be robust in parsing timestamps unless otherwise restricted by the field definition. For example, messages are occasionally forwarded over HTTP from a non-HTTP source that might generate any of the date and time specifications defined by the Internet Message Format.

Which could arguably interpreted as a suggestion that HTTP servers should just support parsing RFC 5322 in its entirety. Which is probably why -0000 worked as well as it does: most HTTP servers seem to be pretty flexible in that they accept all of RFC 5322. I don't know why Tencent COS doesn't do this.

Still weird that RFC 5322 considers GMT itself obsolete. ¯\_(ツ)_/¯

@camper42
Copy link
Author

camper42 commented Nov 1, 2024

it's very confusing indeed...But if we accept that 9110 has the highest priority.

A recipient that parses a timestamp value in an HTTP field MUST accept all three HTTP-date formats.

So, tencent cos server not accepting that outdated format is also a bug.

When a sender generates a field that contains one or more timestamps defined as HTTP-date, the sender MUST generate those timestamps in the IMF-fixdate .

So jiff should support parsing in all three formats, but it is only recommended that the sender use the IMF-fixdate format

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fmt/rfc2822: add routines explicitly for RFC 9110 BurntSushi/jiff
2 participants
@BurntSushi @camper42