From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Status: No, score=-5.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.0 Received: from mail-ua0-f192.google.com (mail-ua0-f192.google.com [209.85.217.192]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id C20E21FBB0 for ; Mon, 24 Oct 2016 15:32:50 +0000 (UTC) Received: by mail-ua0-f192.google.com with SMTP id m11sf11608593uab.0 for ; Mon, 24 Oct 2016 08:32:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20120806; h=sender:mime-version:in-reply-to:references:from:date:message-id :subject:to:x-original-sender:x-original-authentication-results :reply-to:precedence:mailing-list:list-id:x-spam-checked-in-group :list-post:list-help:list-archive:list-subscribe:list-unsubscribe; bh=hhF7XL4Oas3k0ssbfzJk9Ry2AVCRpunBwmWMgfRz4Fg=; b=u7lfkb55mR48a3hmWf0Gu6OXHD2BPdJkbdL6rwF3mg7onqUxzE1VDUBx7/vw7NCpPm XuYlc8UcjfCIVNCN3AqQCXfmHrnIKPJihLiFDQ1IDtbK4kkQ92HAjiQRsS4fYSazOpJp Uu9jDMj2yHYtOk0Cj3DOfeAhKNeyhSYun2xs5SiUa2YjiC/YQeCRMS+7c2091DeIurUG 6/kVwcqY5MNpRwVIhx9vAKVrOG4XuiGs3rDf6J6oFylfgDgNAOSBSpmY1RERNRiloehR 9DPYK6jpeufc8sP9saJJnHP1ANWyNvyp4/O+e8L36vSzq7T2ATLXsMZqvzTbCjbW4YXU FhGg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :x-original-sender:x-original-authentication-results:reply-to :precedence:mailing-list:list-id:x-spam-checked-in-group:list-post :list-help:list-archive:list-subscribe:list-unsubscribe; bh=hhF7XL4Oas3k0ssbfzJk9Ry2AVCRpunBwmWMgfRz4Fg=; b=l2ZMlZWVEY910d85vdfub/iA0FHZarYUoHzNAmUeWYqi75B0v3Nud1f7w3LTKIZGsJ KGE/iaLJJ8k4wbNGel+eZeN0496k0PFTV7vu6bgn3zGZ2bqfLe2Me6bURKBA0RGnpwVW b095QdJzQVHzClanNjsA4qB+HHKeRMe+6SwvRraKTnSamMetbRWFA46e+tYsQwj+k1S/ 5SxYsZHgu9bB/x169jXI8b/sETJDz3EAh3hXQKwCqXy/cLJOLMsrJ2NI3BQVF8Lzha2F koFmZARHh/4CAGonZWpV5ZyXY9ZTrDqsqRICdy+Mhl8HpBZr0t8OASJyGYNMnb9NFXiL 5xQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=sender:x-gm-message-state:mime-version:in-reply-to:references:from :date:message-id:subject:to:x-original-sender :x-original-authentication-results:reply-to:precedence:mailing-list :list-id:x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=hhF7XL4Oas3k0ssbfzJk9Ry2AVCRpunBwmWMgfRz4Fg=; b=LtxROjtom2YCtM1Mp/EO/V6eIq2YC/hh4Mrqd6v9Dsfiwm5RAQVhXUMwRT3Wc7CtQX iRFWI7murWLiY2zbIPfop6on7OTKMDbFlyV4rwIyLfp1e67sWU7F1KFMKP8u4NDOqoUf 35Fe12CtLT0yTA0v0Hzde2a8+omATjqCCoEM1puYNgrORaFD93oZeQD38AG1oiFwvQ4J uTanfm59m3cUu7WdUbt+btGKXFEzSvB32V1RdMITQCSyRW83/yvZNEsd1kBdiMJnYO7k Mrrn8DKtjf3OkXvZgxd0H9XnPHTkf1Jqq/Ww4uwYese312c+TD9H3eu0VEICJlQ+y6uc urmA== Sender: rack-devel@googlegroups.com X-Gm-Message-State: ABUngvffpOtVlAecePfQzVmg3BDz5x4S5OAVO98Dw7cZAobGPWh0vJNIg8Wmw1RxALHyqg== X-Received: by 10.36.120.20 with SMTP id p20mr82172itc.0.1477323169645; Mon, 24 Oct 2016 08:32:49 -0700 (PDT) X-BeenThere: rack-devel@googlegroups.com Received: by 10.107.175.41 with SMTP id y41ls3790230ioe.8.gmail; Mon, 24 Oct 2016 08:32:49 -0700 (PDT) X-Received: by 10.36.39.12 with SMTP id g12mr1448961ita.28.1477323169009; Mon, 24 Oct 2016 08:32:49 -0700 (PDT) Received: from mail-yb0-x236.google.com (mail-yb0-x236.google.com. [2607:f8b0:4002:c09::236]) by gmr-mx.google.com with ESMTPS id u82si1072789ywg.3.2016.10.24.08.32.48 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 24 Oct 2016 08:32:48 -0700 (PDT) Received-SPF: pass (google.com: domain of jftucker@gmail.com designates 2607:f8b0:4002:c09::236 as permitted sender) client-ip=2607:f8b0:4002:c09::236; Received: by mail-yb0-x236.google.com with SMTP id 205so1982905ybz.5 for ; Mon, 24 Oct 2016 08:32:48 -0700 (PDT) X-Received: by 10.36.65.145 with SMTP id b17mr2668734itd.106.1477323168465; Mon, 24 Oct 2016 08:32:48 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.150.132 with HTTP; Mon, 24 Oct 2016 08:32:47 -0700 (PDT) Received: by 10.107.150.132 with HTTP; Mon, 24 Oct 2016 08:32:47 -0700 (PDT) In-Reply-To: References: <6c68f46f-fdc5-4cd3-b36c-9b2c6bf3e03e@googlegroups.com> From: James Tucker Date: Mon, 24 Oct 2016 08:32:47 -0700 Message-ID: Subject: Re: HTTP_ Headers from clients To: Rack Development Content-Type: multipart/alternative; boundary=001a11353e8aacc8e9053f9e1aa7 X-Original-Sender: jftucker@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com; spf=pass (google.com: domain of jftucker@gmail.com designates 2607:f8b0:4002:c09::236 as permitted sender) smtp.mailfrom=jftucker@gmail.com; dmarc=pass (p=NONE dis=NONE) header.from=gmail.com Reply-To: rack-devel@googlegroups.com Precedence: list Mailing-list: list rack-devel@googlegroups.com; contact rack-devel+owners@googlegroups.com List-ID: X-Google-Group-Id: 486215384060 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , --001a11353e8aacc8e9053f9e1aa7 Content-Type: text/plain; charset=UTF-8 http://www.rubydoc.info/github/rack/rack/file/SPEC#The_Environment On Oct 24, 2016 5:28 AM, "Olivar Plays" wrote: > Alright, > > then we just need use some documentation and properly communicate this. > At least I know where it stands now with Rack and can deal with it > appropriately. > > Thank you for the information. > > Kind regards, > Arne > > Op maandag 24 oktober 2016 14:25:15 UTC+2 schreef Lin Jen-Shin: >> >> Hi, >> >> On Mon, Oct 24, 2016 at 4:16 PM, Olivar Plays >> wrote: >> > Hello, >> > >> > I have a small question about the behaviour of Rack when it comes to >> headers >> > send by clients. >> > Are these always prefixed with HTTP_ ? Or do I need to tell my clients >> to >> > explicitly send them as HTTP_ ? >> >> I think according to Rack SPEC, all headers sent from client should be >> prefixed >> with HTTP_, and if your client prefix HTTP_, then you'll end up seeing >> HTTP_HTTP_ in your Rack application. >> >> > Example, I'm checking on every request in my Rails application whether >> the >> > HTTP_COMPANY header is present, and has the correct value. >> > But I've been running into issues with detecting them. >> > Right now I have the client app send the headers as COMPANY, and my >> Rails >> > app checks as HTTP_COMPANY. >> >> This is intended. >> >> > Is this the intended behaviour, or will this go wrong again when the >> client >> > suddenly submits the header as HTTP_COMPANY? >> > e.g is Rack smart enough not to prefix HTTP_COMPANY with HTTTP_ again? >> >> As stated above, if your client is sending HTTP_COMPANY, then you'll need >> to >> access it via HTTP_HTTP_COMPANY in your Rack application. Rack should >> not try to remove the prefix, otherwise HTTP_COMPANY and COMPANY >> would be ambiguous. >> >> It's designed this way to mix HTTP headers into env unambiguously. >> >> > Kind regards, >> > Arne >> > -- > > --- > You received this message because you are subscribed to the Google Groups > "Rack Development" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rack-devel+unsubscribe@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "Rack Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to rack-devel+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/d/optout. --001a11353e8aacc8e9053f9e1aa7 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

http://www.rubydoc.info/github/rack/rack/file/SPEC#The_E= nvironment


On Oct 24, 2016 5= :28 AM, "Olivar Plays" <arne.de.herdt@gmail.com> wrote:
Alright,

then we just need = use some documentation and properly communicate this.
At least I know wh= ere it stands now with Rack and can deal with it appropriately.

Than= k you for the information.

Kind regards,
Arne

Op maandag 2= 4 oktober 2016 14:25:15 UTC+2 schreef Lin Jen-Shin:
Hi,

On Mon, Oct 24, 2016 at 4:16 PM, Olivar Plays <a= rne.d...@gmail.com> wrote:
> Hello,
>
> I have a small question about the behaviour of Rack when it comes = to headers
> send by clients.
> Are these always prefixed with HTTP_ ? Or do I need to tell my cli= ents to
> explicitly send them as HTTP_ ?

I think according to Rack SPEC, all headers sent from client should be = prefixed
with HTTP_, and if your client prefix HTTP_, then you'll end up see= ing
HTTP_HTTP_ in your Rack application.

> Example, I'm checking on every request in my Rails application= whether the
> HTTP_COMPANY header is present, and has the correct value.
> But I've been running into issues with detecting them.
> Right now I have the client app send the headers as COMPANY, and m= y Rails
> app checks as HTTP_COMPANY.

This is intended.

> Is this the intended behaviour, or will this go wrong again when t= he client
> suddenly submits the header as HTTP_COMPANY?
> e.g is Rack smart enough not to prefix HTTP_COMPANY with HTTTP_ ag= ain?

As stated above, if your client is sending HTTP_COMPANY, then you'l= l need to
access it via HTTP_HTTP_COMPANY in your Rack application. Rack should
not try to remove the prefix, otherwise HTTP_COMPANY and COMPANY
would be ambiguous.

It's designed this way to mix HTTP headers into env unambiguously.

> Kind regards,
> Arne

--

---
You received this message because you are subscribed to the Google Groups &= quot;Rack Development" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to rack-devel+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

---
You received this message because you are subscribed to the Google Groups &= quot;Rack Development" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to rack-dev= el+unsubscribe@googlegroups.com.
For more options, visit http= s://groups.google.com/d/optout.
--001a11353e8aacc8e9053f9e1aa7--