BoshIssues

This page lists known issues with the BOSH specifications (XEP-0124 and XEP-0206).

NOTE this list is in no particular order.

Summary
All 124 requests are POST requests -- and POST requests are non-idempotent and should not be pipelined. ?Though it is referred to as SHOULD NOT, unless you have a very very strong enough reason to pipeline POST, you MUST NOT. [*]

Status
No additional information needed, we can write a patch for section 18.1. Note we also need to fix this in paragraph 1, 4, 5, 7.1, 12 and 16. It seems that the term 'pipelining' is used as a way to tunnel multiple HTTP requests simultaneously over one TCP connection. Because re-using TCP-connections and keeping them alive does not have the same 'magical' properties, I think we should scale down and rewrite the standard as 'just 2 HTTP requests'.

Discussion

 * Peter Saint-Andre: Mridul, I agree with your later message that pipelining POSTs should be strongly discouraged, as it already is in RFC 2616. Do we need some text about that in XEP-0124?


 * Mridul: I always assumed that was implicit, but it is not obvious when starting out I guess. Considering the confusion it raised, I think you are right - we might want to discourage it strongly : with references to http rfc for the "why".


 * Peter Saint-Andre: BOSH uses POST, which is not idempotent. RFC 2616 says "Clients SHOULD NOT pipeline requests using non-idempotent methods or non-idempotent sequences of methods". Yet XEP-0124 says:

18.1 HTTP Pipelining

Even if the client requests HTTP Pipelining and the connection manager supports it, there is no guarantee that pipelining will succeed, because it might not be supported by intermediate proxies.

The best the client can do is to request the use of HTTP Pipelining by setting the 'hold' attribute to a value of "1". If HTTP Pipelining does not work (because the server returns HTTP 1.0 or connection:close), then the client SHOULD degrade gracefully by using multiple connections.


 * So I think we need to fix section 18.1.

Summary
The recommended value of 'hold' is "1" except when using pipelining. Because of the pipelining confusion, this is nonsense. So de facto the recommended value is always "1" right now. As far can be determined there is no reason to recommend otherwise, so it's best to simply recommend a 'hold' value of "1".

Status
Propose a patch and see if there are any objections.

Issue
In XEP-0124 section 7.2, text says the 'accept' attribute is space separated, yet the example is comma separated (thanks to Guus der Kinderen for bringing this issue up).

Status
More information/discussion needed:


 * Are there any CM implementations that send the accept attribute?
 * What separator do they use?
 * If it is not used, is there any reason to keep it in there when the compression can/should be done at HTTP level?

Issue
The 'secure' attribute was removed from the schema and some of the text regarding the session creation response, but there exists several references to it.

Status
More information/discussion is needed; should the 'secure' attribute here be removed altogether from section 7.2 and 16.3, or maintained for historical reasons (with a remark it is present only for backward compatibility and should be ignored)? It appears safe to remove mention of the 'secure' attribute from section 16.4.

Details
In section 7.2, immediately before example 2:

If it established a secure connection to the server (as defined in Initiating a BOSH Session), then in the same response the connection manager SHOULD also include the 'secure' attribute set to "true" or "1".

In section 7.2, caption for example 3:

Subsequent response with 'from' and 'secure' attributes

In section 16.3:

 The request MAY include 'route', 'from' and 'secure' attributes (see Session Creation Request), but SHOULD NOT include 'ver', 'content', 'hold' or 'wait' attributes (since a new session is not being created.

In section 16.4:

 Note: Empty elements that do not include a 'from' or 'secure' attribute SHOULD NOT include a 'stream' attribute (since nothing is being transmitted for any stream).

Issue
It is not clear on what connection there should be responded to a BOSH termination and what should be done with the other connection.

Status
Proposed fix to XEP-124 is:


 * Clarify that BOSH errors and BOSH termination should be sent on the most recent connection
 * Clarify that on termination (by request or by error), all connections (except for the most recent, above) should be closed by sending an empty &lt;body/&gt;
 * Clarify that if there is any payload included in the "terminate" request, the payload should not need any response from the service.

Discussion
to be included

Issue
Basically it seems that if no response is yet generated, you shouldn't throw out a re-request of the same RID, as there are cases where this is the logical thing to do.

Details
See https://groups.google.com/forum/#!msg/strophe/D3Nj_I2OvaM/VeoDvvHd-hMJ for more information.

HTTPS port
There is not an HTTPS port for BOSH.

JSON Content Type
See http://xmpp.org/extensions/inbox/json.html

Issue
This proposed extension adresses a discussion that reoccurs every now and then. The inital discussion over this proposal pointed out that mapping XML to JSON is a bit problematic. Also it should be clear where we are aming at: This proposal seems to do the last.
 * Keeping BOSH as it is with XML and allow a JSON payload
 * Translate the BOSH-layer to JSON
 * Translate all of XMPP, including BOSH to JSON

Status
If there are enough people motivated to work on this, best form some a working group to clear up the issues.
 * Mapping issues of the translation needs to be fixed
 * The aim of the proposal needs to be clarified
 * It is unclear how big the need for this is

Note
Also see http://xmpp.org/extensions/xep-0295.html (Humorous)