Discussion of the XML-RPC specification

Bryan Henderson | 15 Nov 2010 04:15

content-type

The XML-RPC spec says the HTTP content type of an XML-RPC call or response is
text/xml and, if you squint, says the content-type header field has to be
there.

But what do people think an XML-RPC server ought to do with a call that is
otherwise XML-RPC but lacks the content-type header field or says the content
type is something else, e.g. text/plain?

A comment from long ago in the source code of XML-RPC For C and C++ says the
server should reject the call as malformed for this reason: the server's
network security filters may turn away POST requests of type text/xml with the
intention of stopping XML-RPC calls, so processing a call that doesn't state
text/xml would defeat that filter.  And XML-RPC For C and C++ has in fact
always rejected calls that don't say content-type: text/xml.

On the other hand, being liberal in what you accept is the general rule, and
makes for higher interoperability.  This question came up because I
encountered a supposed XML-RPC client that does in fact indicate content-type:
text/plain .

--

-- 
Bryan Henderson                                   San Jose, California

------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/xml-rpc/

(Continue reading)

John Wilson | 15 Nov 2010 10:11

Picon

Re: content-type


On 15 Nov 2010, at 03:15, Bryan Henderson wrote:

> The XML-RPC spec says the HTTP content type of an XML-RPC call or response is
> text/xml and, if you squint, says the content-type header field has to be
> there.
> 
> But what do people think an XML-RPC server ought to do with a call that is
> otherwise XML-RPC but lacks the content-type header field or says the content
> type is something else, e.g. text/plain?
> 
> A comment from long ago in the source code of XML-RPC For C and C++ says the
> server should reject the call as malformed for this reason: the server's
> network security filters may turn away POST requests of type text/xml with the
> intention of stopping XML-RPC calls, so processing a call that doesn't state
> text/xml would defeat that filter.  And XML-RPC For C and C++ has in fact
> always rejected calls that don't say content-type: text/xml.
> 
> On the other hand, being liberal in what you accept is the general rule, and
> makes for higher interoperability.  This question came up because I
> encountered a supposed XML-RPC client that does in fact indicate content-type:
> text/plain .

My view is that the server should ignore content-type.

In practice you have to disregard part of the meaning of content-type: text/xml anyway. The charset
parameter is omitted so you are supposed use US-ASCII (http://www.ietf.org/rfc/rfc3023 section 3.1)
as the character encoding and nobody does that.

I think the firewall example is very unconvincing. Anybody who used that rule and expected to stop XML-RPC

(Continue reading)

Gaetano Giunta | 15 Nov 2010 10:29

Picon

Re: content-type

John Wilson <tug <at> wilson.co.uk> wrote on 15/11/2010 10:11:
>
>
> On 15 Nov 2010, at 03:15, Bryan Henderson wrote:
>
> > The XML-RPC spec says the HTTP content type of an XML-RPC call or response is
> > text/xml and, if you squint, says the content-type header field has to be
> > there.
> >
> > But what do people think an XML-RPC server ought to do with a call that is
> > otherwise XML-RPC but lacks the content-type header field or says the content
> > type is something else, e.g. text/plain?
> >
> > A comment from long ago in the source code of XML-RPC For C and C++ says the
> > server should reject the call as malformed for this reason: the server's
> > network security filters may turn away POST requests of type text/xml with the
> > intention of stopping XML-RPC calls, so processing a call that doesn't state
> > text/xml would defeat that filter. And XML-RPC For C and C++ has in fact
> > always rejected calls that don't say content-type: text/xml.
> >
> > On the other hand, being liberal in what you accept is the general rule, and
> > makes for higher interoperability. This question came up because I
> > encountered a supposed XML-RPC client that does in fact indicate content-type:
> > text/plain .
>
> My view is that the server should ignore content-type.
>
> In practice you have to disregard part of the meaning of content-type: text/xml anyway. The charset
parameter is omitted so you are supposed use US-ASCII 
> (http://www.ietf.org/rfc/rfc3023 section 3.1) as the character encoding and nobody does that.

(Continue reading)

Bryan Henderson | 15 Nov 2010 17:07

Re: discerning multiple protocols

>it would be nice if there was some (set of?) request headers that could be
>used in a meaningful way to discern between soap, xmlrpc, jsonrpc and plain
>rest requests that are sent to the same url

Why would that be better than having separate URLs for the separate
protocols?

I thought the point of /RPC2 in the URL was to say, "execute this as XML-RPC".

-- 
Bryan Henderson                                   San Jose, California

------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/xml-rpc/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/xml-rpc/join
    (Yahoo! ID required)

<*> To change settings via email:
    xml-rpc-digest <at> yahoogroups.com 
    xml-rpc-fullfeatured <at> yahoogroups.com

(Continue reading)

Gaetano Giunta | 17 Nov 2010 10:20

Picon

Re: discerning multiple protocols

Bryan Henderson <bryanh <at> giraffe-data.com> wrote on 15/11/2010 17:07:
>
> >it would be nice if there was some (set of?) request headers that could be
> >used in a meaningful way to discern between soap, xmlrpc, jsonrpc and plain
> >rest requests that are sent to the same url
>
> Why would that be better than having separate URLs for the separate
> protocols?
>
For the fun of it?

Seriously, it makes it easier to provide a "ws toolkit" that can be integrated as part of other
frameworks/cms/applications if all you need to deploy is a 
single controller file and not 3 or 4.

Bye
Gaetano

>
> I thought the point of /RPC2 in the URL was to say, "execute this as XML-RPC".
>
> -- 
> Bryan Henderson San Jose, California
>
> 

[Non-text portions of this message have been removed]

------------------------------------

(Continue reading)

Group

gmane.text.xml.rpc.specification.

Search Archive

Page

1

Articles in period: 5

November 2010

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

The Group is now closed (1 Apr 2013)
Proposal: Shut down this mailing list (3 Mar 2013)
XML-RPC problem with jetty9 (24 Feb 2013)
update my Openerp XML-rpc to XML-rpc2 (8 Oct 2012)
Problem using java xml-rpc (13 Sep 2012)
connection refused by server (12 Jun 2012)
XML Assignment Help (15 May 2012)
RPC::XML server... (28 Mar 2012)
perl RPC::XML (blackperl) (23 Mar 2012)
perl RPC::XML (blackperl) (23 Mar 2012)
Use mod_python and apache to be the XMLRPC server. (15 Feb 2012)
Help with a POST with an XMLRPC call. (22 Dec 2011)
Reg guidance for implementing rpc client and server (22 Nov 2011)
Why not add name to the scale/array type as struct type? (22 Nov 2011)
How "xmlrpc_client" use session_id (26 Oct 2011)
Binary compatiblity --how do you determin (16 Aug 2011)
Communication between php and c++ using xml-rpc (11 Jul 2011)
XMLRPC to SOAP (11 Jul 2011)
How to write unit test for rpc invoking? (20 May 2011)
How to access c++ code in php code? (10 May 2011)
enabledForExceptions doesn't work (20 Apr 2011)

Archives

1	April 2013
10	March 2013
2	February 2013
1	October 2012
1	September 2012
1	June 2012
2	May 2012
5	March 2012
1	February 2012
3	December 2011
5	November 2011
2	October 2011
1	August 2011
6	July 2011
5	May 2011
1	April 2011
3	March 2011
2	February 2011
14	January 2011
5	November 2010
3	October 2010
3	September 2010
2	July 2010
1	June 2010
3	May 2010
2	April 2010
2	March 2010
1	February 2010
1	December 2009
5	October 2009
2	September 2009
10	July 2009
7	June 2009
1	May 2009
11	April 2009
2	March 2009
2	February 2009
4	January 2009
12	December 2008
5	September 2008
4	August 2008
21	July 2008
1	June 2008
12	May 2008
3	April 2008
3	March 2008
4	February 2008
4	January 2008
11	December 2007
15	November 2007
7	October 2007
24	September 2007
5	August 2007
19	July 2007
15	May 2007
6	April 2007
5	March 2007
8	February 2007
8	January 2007
12	December 2006
5	November 2006
11	October 2006
18	September 2006
22	August 2006
19	July 2006
2	June 2006
8	May 2006
19	April 2006
24	March 2006
31	February 2006
12	January 2006
38	December 2005
33	November 2005
20	October 2005
6	September 2005
28	August 2005
23	July 2005
33	June 2005
4	May 2005
87	April 2005
29	March 2005
27	February 2005
27	January 2005
48	December 2004
23	November 2004
10	October 2004
7	September 2004
5	August 2004
9	July 2004
9	June 2004
27	May 2004
48	April 2004
29	March 2004
38	February 2004
72	January 2004
37	December 2003
49	November 2003
77	October 2003
41	September 2003
85	August 2003
73	July 2003
48	June 2003
24	May 2003
40	April 2003
36	March 2003
43	February 2003
71	January 2003
37	December 2002
42	November 2002
91	October 2002
118	September 2002
73	August 2002
84	July 2002
40	June 2002
8	May 2002

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template