Mercurial > hg > orthanc
view Resources/Samples/Lua/CallWebService.js @ 2248:69b0f4e8a49b
Escape multipart type parameter value in Content-Type header
## Summary
Multipart responses do not quote/escape the value of their type
parameter (the subtype) even though it always contains at least one
special character (the slash "/"), which confuses standard-compliant
HTTP clients.
## Details
The Content-Type header in HTTP is in RFC 7231, Section 3.1.1.5:
https://tools.ietf.org/html/rfc7231#section-3.1.1.5
The section defers to the media type section (3.1.1.1) for the syntax of
the media type:
https://tools.ietf.org/html/rfc7231#section-3.1.1.1
This states that a parameter value can be quoted:
parameter = token "=" ( token / quoted-string )
A parameter value that matches the token production can be transmitted
either as a token or within a quoted-string. The quoted and unquoted
values are equivalent.
Tokens are defined in RFC 7230, Section 3.2.6 (via RFC 7231, appendix
C):
https://tools.ietf.org/html/rfc7231#appendix-C
https://tools.ietf.org/html/rfc7230#section-3.2.6
Here we observe that tokens cannot contain a slash "/" character:
token = 1*tchar
tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*"
/ "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
/ DIGIT / ALPHA
; any VCHAR, except delimiters
Delimiters are chosen from the set of US-ASCII visual characters not
allowed in a token (DQUOTE and "(),/:;<=>?@[\]{}").
However, the current implementation does not quote/escape the value of
the type parameter:
multipart/related; type=application/dicom
Instead, it should be:
multipart/related; type="application/dicom"
All of this also seems to apply to the MIME Content-Type header
definition, even though it is a little different:
https://www.iana.org/assignments/message-headers
https://tools.ietf.org/html/rfc2045#section-5.1
https://tools.ietf.org/html/rfc2387
| author | Thibault Nélis <tn@osimis.io> |
|---|---|
| date | Mon, 16 Jan 2017 13:07:11 +0100 |
| parents | a3a65de1840f |
| children | 878b59270859 |
line wrap: on
line source
/** * Orthanc - A Lightweight, RESTful DICOM Store * Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics * Department, University Hospital of Liege, Belgium * Copyright (C) 2017 Osimis, Belgium * * This program is free software: you can redistribute it and/or * modify it under the terms of the GNU General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. **/ /** * This file is a simple echo Web service implemented using * "node.js". Whenever it receives a POST HTTP query, it echoes its * body both to stdout and to the client. Credentials are checked. **/ // Parameters of the ECHO server var port = 8000; var username = 'alice'; var password = 'alicePassword'; var http = require('http'); var authorization = 'Basic ' + new Buffer(username + ':' + password).toString('base64') var server = http.createServer(function(req, response) { // Check the credentials if (req.headers.authorization != authorization) { console.log('Bad credentials, access not allowed'); response.writeHead(401); response.end(); return; } switch (req.method) { case 'POST': { var body = ''; req.on('data', function (data) { response.write(data); body += data; }); req.on('end', function () { console.log('Message received: ' + body); response.end(); }); break; } default: console.log('Method ' + req.method + ' is not supported by this ECHO Web service'); response.writeHead(405, {'Allow': 'POST'}); response.end(); } }); server.listen(port);