BoshIssues

From XMPP WIKI
Jump to navigation Jump to search

This page lists known issues with the BOSH specifications (XEP-0124 and XEP-0206).

NOTE this list is in no particular order.

Pipelining

Summary

All 124 requests are POST requests -- and POST requests are non-idempotent and should not be pipelined. ?Though it is referred to as SHOULD NOT, unless you have a very very strong enough reason to pipeline POST, you MUST NOT. [*]

Status

No additional information needed, we can write a patch for section 18.1. Note we also need to fix this in paragraph 1, 4, 5, 7.1, 12 and 16. It seems that the term 'pipelining' is used as a way to tunnel multiple HTTP requests simultaneously over one TCP connection. Because re-using TCP-connections and keeping them alive does not have the same 'magical' properties, I think we should scale down and rewrite the standard as 'just 2 HTTP requests'.

Discussion

Peter Saint-Andre: Mridul, I agree with your later message that pipelining POSTs should be strongly discouraged, as it already is in RFC 2616. Do we need some text about that in XEP-0124?
Mridul: I always assumed that was implicit, but it is not obvious when starting out I guess. Considering the confusion it raised, I think you are right - we might want to discourage it strongly : with references to http rfc for the "why".
Peter Saint-Andre: BOSH uses POST, which is not idempotent. RFC 2616 says "Clients SHOULD NOT pipeline requests using non-idempotent methods or non-idempotent sequences of methods". Yet XEP-0124 says:
18.1 HTTP Pipelining

Even if the client requests HTTP Pipelining and the connection manager supports it, there is no guarantee that pipelining will succeed, because it might not be supported by intermediate proxies.

The best the client can do is to request the use of HTTP Pipelining by setting the 'hold' attribute to a value of "1". If HTTP Pipelining does not work (because the server returns HTTP 1.0 or connection:close), then the client SHOULD degrade gracefully by using multiple connections.
So I think we need to fix section 18.1.

Value of 'hold' and Pipelining

Summary

The recommended value of 'hold' is "1" except when using pipelining. Because of the pipelining confusion, this is nonsense. So de facto the recommended value is always "1" right now. As far can be determined there is no reason to recommend otherwise, so it's best to simply recommend a 'hold' value of "1".

Status

Propose a patch and see if there are any objections.

Format of 'accept' value in session creation response

Issue

In XEP-0124 section 7.2, text says the 'accept' attribute is space separated, yet the example is comma separated (thanks to Guus der Kinderen for bringing this issue up).

Status

More information/discussion needed:

  • Are there any CM implementations that send the accept attribute?
  • What separator do they use?
  • If it is not used, is there any reason to keep it in there when the compression can/should be done at HTTP level?

'secure' attribute

Issue

The 'secure' attribute was removed from the schema and some of the text regarding the session creation response, but there exists several references to it.

Status

More information/discussion is needed; should the 'secure' attribute here be removed altogether from section 7.2 and 16.3, or maintained for historical reasons (with a remark it is present only for backward compatibility and should be ignored)? It appears safe to remove mention of the 'secure' attribute from section 16.4.

Details

In section 7.2, immediately before example 2:

If it established a secure connection to the server (as defined
in Initiating a BOSH Session), then in the same response the
connection manager SHOULD also include the 'secure' attribute
set to "true" or "1".

In section 7.2, caption for example 3:

Subsequent response with 'from' and 'secure' attributes

In section 16.3:

The request MAY include 'route', 'from' and 'secure' attributes
(see Session Creation Request), but SHOULD NOT include 'ver',
'content', 'hold' or 'wait' attributes (since a new session is
not being created.

In section 16.4:

Note: Empty <body/> elements that do not include a 'from' or
'secure' attribute SHOULD NOT include a 'stream' attribute
(since nothing is being transmitted for any stream).

Session Termination and Sending BOSH Errors

Issue

It is not clear on what connection there should be responded to a BOSH termination and what should be done with the other connection.

Status

Proposed fix to XEP-124 is:

  • Clarify that BOSH errors and BOSH termination should be sent on the most recent connection
  • Clarify that on termination (by request or by error), all connections (except for the most recent, above) should be closed by sending an empty <body/>
  • Clarify that if there is any payload included in the "terminate" request, the payload should not need any response from the service.

Discussion

See http://mail.jabber.org/pipermail/bosh/2011-March/thread.html#352

'Content-Type' HTTP Header

Issue

XEP-0124 states in section 5 (HTTP Overview):

The HTTP Content-Type header of all client requests SHOULD be "text/xml; charset=utf-8". However, clients MAY specify another value if they are constrained to do so (e.g., "application/x-www-form-urlencoded" or "text/plain"). The client and connection manager SHOULD ignore all HTTP Content-Type headers they receive.

Ignored headers add unnecessary overhead to every request; upstream is often severely limited.  It would be better to prefer omitting this header entirely when possible.

Proposed solution

In RFC2616 the content-type header is marked as 'SHOULD', as it is in XEP-0124. Constrained clients might need that header, in constrained network environments lack of a content-type header might result in blocking the request. (In section 7 XEP-0124 a little more is said about this). So omitting the header by default might have unwanted results. At the same time the 'SHOULD' in both XEP-0124 and RFC2616 leave room to omit the header when there are good reasons to so, e.g. in a deployment with very limited bandwidth. So the best solution would be: don't change XEP-0124.

Status

More discussion needed.

'Date' HTTP Header

Issue

Status

'Hold' and 'Request' Attribute Values

Issue

Status

Session Creation Attributes Too Optional

Issue

Status

Stream Creation: missing <stream:features/>

Issue

Status

Unclear Terminology

Issue

Better explanation for "1 sometimes 2 HTTP sockets open" mechanism

Issue

Re-requesting RIDs

Issue

Basically it seems that if no response is yet generated, you shouldn't throw out a re-request of the same RID, as there are cases where this is the logical thing to do.

Details

See https://groups.google.com/forum/#!msg/strophe/D3Nj_I2OvaM/VeoDvvHd-hMJ for more information. And http://mail.jabber.org/pipermail/standards/2012-May/thread.html#26000

Status

More discussion needed: is there consensus over the proposed solutions, do they break existing implementations?

HTTPS port

There is not an HTTPS port for BOSH.

JSON Content Type

See http://xmpp.org/extensions/inbox/json.html

Issue

This proposed extension adresses a discussion that reoccurs every now and then. The inital discussion over this proposal pointed out that mapping XML to JSON is a bit problematic. Also it should be clear where we are aming at:

  • Keeping BOSH as it is with XML and allow a JSON payload
  • Translate the BOSH-layer to JSON
  • Translate all of XMPP, including BOSH to JSON

This proposal seems to do the last.

Status

  • Mapping issues of the translation needs to be fixed
  • The aim of the proposal needs to be clarified
  • It is unclear how big the need for this is

If there are enough people motivated to work on this, best form some a working group to clear up the issues.

Note

Also see http://xmpp.org/extensions/xep-0295.html (Humorous)