Mercurial > hg > orthanc
annotate OrthancServer/OrthancHttpHandler.cpp @ 2248:69b0f4e8a49b
Escape multipart type parameter value in Content-Type header
## Summary
Multipart responses do not quote/escape the value of their type
parameter (the subtype) even though it always contains at least one
special character (the slash "/"), which confuses standard-compliant
HTTP clients.
## Details
The Content-Type header in HTTP is in RFC 7231, Section 3.1.1.5:
https://tools.ietf.org/html/rfc7231#section-3.1.1.5
The section defers to the media type section (3.1.1.1) for the syntax of
the media type:
https://tools.ietf.org/html/rfc7231#section-3.1.1.1
This states that a parameter value can be quoted:
parameter = token "=" ( token / quoted-string )
A parameter value that matches the token production can be transmitted
either as a token or within a quoted-string. The quoted and unquoted
values are equivalent.
Tokens are defined in RFC 7230, Section 3.2.6 (via RFC 7231, appendix
C):
https://tools.ietf.org/html/rfc7231#appendix-C
https://tools.ietf.org/html/rfc7230#section-3.2.6
Here we observe that tokens cannot contain a slash "/" character:
token = 1*tchar
tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*"
/ "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
/ DIGIT / ALPHA
; any VCHAR, except delimiters
Delimiters are chosen from the set of US-ASCII visual characters not
allowed in a token (DQUOTE and "(),/:;<=>?@[\]{}").
However, the current implementation does not quote/escape the value of
the type parameter:
multipart/related; type=application/dicom
Instead, it should be:
multipart/related; type="application/dicom"
All of this also seems to apply to the MIME Content-Type header
definition, even though it is a little different:
https://www.iana.org/assignments/message-headers
https://tools.ietf.org/html/rfc2045#section-5.1
https://tools.ietf.org/html/rfc2387
author | Thibault Nélis <tn@osimis.io> |
---|---|
date | Mon, 16 Jan 2017 13:07:11 +0100 |
parents | a3a65de1840f |
children | 878b59270859 |
rev | line source |
---|---|
1442 | 1 /** |
2 * Orthanc - A Lightweight, RESTful DICOM Store | |
1900 | 3 * Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics |
1442 | 4 * Department, University Hospital of Liege, Belgium |
2244
a3a65de1840f
shared copyright with osimis
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1900
diff
changeset
|
5 * Copyright (C) 2017 Osimis, Belgium |
1442 | 6 * |
7 * This program is free software: you can redistribute it and/or | |
8 * modify it under the terms of the GNU General Public License as | |
9 * published by the Free Software Foundation, either version 3 of the | |
10 * License, or (at your option) any later version. | |
11 * | |
12 * In addition, as a special exception, the copyright holders of this | |
13 * program give permission to link the code of its release with the | |
14 * OpenSSL project's "OpenSSL" library (or with modified versions of it | |
15 * that use the same license as the "OpenSSL" library), and distribute | |
16 * the linked executables. You must obey the GNU General Public License | |
17 * in all respects for all of the code used other than "OpenSSL". If you | |
18 * modify file(s) with this exception, you may extend this exception to | |
19 * your version of the file(s), but you are not obligated to do so. If | |
20 * you do not wish to do so, delete this exception statement from your | |
21 * version. If you delete this exception statement from all source files | |
22 * in the program, then also delete it here. | |
23 * | |
24 * This program is distributed in the hope that it will be useful, but | |
25 * WITHOUT ANY WARRANTY; without even the implied warranty of | |
26 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
27 * General Public License for more details. | |
28 * | |
29 * You should have received a copy of the GNU General Public License | |
30 * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
31 **/ | |
32 | |
33 | |
34 #include "PrecompiledHeadersServer.h" | |
35 #include "OrthancHttpHandler.h" | |
36 | |
37 #include "../Core/OrthancException.h" | |
38 | |
39 | |
40 namespace Orthanc | |
41 { | |
42 bool OrthancHttpHandler::Handle(HttpOutput& output, | |
1571
3232f1c995a5
provide the origin of the requests to HTTP handlers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1446
diff
changeset
|
43 RequestOrigin origin, |
3232f1c995a5
provide the origin of the requests to HTTP handlers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1446
diff
changeset
|
44 const char* remoteIp, |
3232f1c995a5
provide the origin of the requests to HTTP handlers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1446
diff
changeset
|
45 const char* username, |
1442 | 46 HttpMethod method, |
47 const UriComponents& uri, | |
48 const Arguments& headers, | |
49 const GetArguments& getArguments, | |
1446
8dc80ba768aa
refactoring: IHttpHandler does not use std::string to hold the request body
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1445
diff
changeset
|
50 const char* bodyData, |
8dc80ba768aa
refactoring: IHttpHandler does not use std::string to hold the request body
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1445
diff
changeset
|
51 size_t bodySize) |
1442 | 52 { |
53 bool found = false; | |
54 | |
55 for (Handlers::const_iterator it = handlers_.begin(); | |
56 it != handlers_.end() && !found; ++it) | |
57 { | |
1571
3232f1c995a5
provide the origin of the requests to HTTP handlers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1446
diff
changeset
|
58 found = (*it)->Handle(output, origin, remoteIp, username, method, uri, |
3232f1c995a5
provide the origin of the requests to HTTP handlers
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1446
diff
changeset
|
59 headers, getArguments, bodyData, bodySize); |
1442 | 60 } |
61 | |
62 return found; | |
63 } | |
64 | |
65 | |
1443
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1442
diff
changeset
|
66 void OrthancHttpHandler::Register(IHttpHandler& handler, |
895ab369d63c
refactoring: OrthancHttpHandler
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1442
diff
changeset
|
67 bool isOrthancRestApi) |
1442 | 68 { |
69 handlers_.push_back(&handler); | |
70 | |
71 if (isOrthancRestApi) | |
72 { | |
73 orthancRestApi_ = &handler; | |
74 } | |
75 } | |
76 | |
77 | |
1445
d26c8a93d05a
refactoring: SimpleGet
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1443
diff
changeset
|
78 IHttpHandler& OrthancHttpHandler::RestrictToOrthancRestApi(bool restrict) |
1442 | 79 { |
1445
d26c8a93d05a
refactoring: SimpleGet
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1443
diff
changeset
|
80 if (restrict) |
1442 | 81 { |
1445
d26c8a93d05a
refactoring: SimpleGet
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1443
diff
changeset
|
82 if (orthancRestApi_ == NULL) |
d26c8a93d05a
refactoring: SimpleGet
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1443
diff
changeset
|
83 { |
d26c8a93d05a
refactoring: SimpleGet
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1443
diff
changeset
|
84 throw OrthancException(ErrorCode_InternalError); |
d26c8a93d05a
refactoring: SimpleGet
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1443
diff
changeset
|
85 } |
d26c8a93d05a
refactoring: SimpleGet
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1443
diff
changeset
|
86 |
d26c8a93d05a
refactoring: SimpleGet
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1443
diff
changeset
|
87 return *orthancRestApi_; |
1442 | 88 } |
1445
d26c8a93d05a
refactoring: SimpleGet
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1443
diff
changeset
|
89 else |
d26c8a93d05a
refactoring: SimpleGet
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1443
diff
changeset
|
90 { |
d26c8a93d05a
refactoring: SimpleGet
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1443
diff
changeset
|
91 return *this; |
d26c8a93d05a
refactoring: SimpleGet
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
1443
diff
changeset
|
92 } |
1442 | 93 } |
94 } |