BoshIssues
This page lists known issues with the BOSH specifications (XEP-0124 and XEP-0206).
NOTE this list is in no particular order.
Pipelining
Summary
All 124 requests are POST requests -- and POST requests are non-idempotent and should not be pipelined. ?Though it is referred to as SHOULD NOT, unless you have a very very strong enough reason to pipeline POST, you MUST NOT. [*]
Status
No additional information needed, we can write a patch for section 18.1. Note we also need to fix this in paragraph 1, 4, 5, 7.1, 12 and 16. It seems that the term 'pipelining' is used as a way to tunnel multiple HTTP requests simultaneously over one TCP connection. Because re-using TCP-connections and keeping them alive does not have the same 'magical' properties, I think we should scale down and rewrite the standard as 'just 2 HTTP requests'.
Discussion
- Peter Saint-Andre: Mridul, I agree with your later message that pipelining POSTs should be strongly discouraged, as it already is in RFC 2616. Do we need some text about that in XEP-0124?
- Mridul: I always assumed that was implicit, but it is not obvious when starting out I guess. Considering the confusion it raised, I think you are right - we might want to discourage it strongly : with references to http rfc for the "why".
- Peter Saint-Andre: BOSH uses POST, which is not idempotent. RFC 2616 says "Clients SHOULD NOT pipeline requests using non-idempotent methods or non-idempotent sequences of methods". Yet XEP-0124 says:
18.1 HTTP Pipelining Even if the client requests HTTP Pipelining and the connection manager supports it, there is no guarantee that pipelining will succeed, because it might not be supported by intermediate proxies. The best the client can do is to request the use of HTTP Pipelining by setting the 'hold' attribute to a value of "1". If HTTP Pipelining does not work (because the server returns HTTP 1.0 or connection:close), then the client SHOULD degrade gracefully by using multiple connections.
- So I think we need to fix section 18.1.
Value of 'hold' and Pipelining
Summary
The recommended value of 'hold' is "1" except when using pipelining. Because of the pipelining confusion, this is nonsense. So de facto the recommended value is always "1" right now. As far can be determined there is no reason to recommend otherwise, so it's best to simply recommend a 'hold' value of "1".
Status
Propose a patch and see if there are any objections.
Format of 'accept' value in session creation response
Issue
In XEP-0124 section 7.2, text says the 'accept' attribute is space separated, yet the example is comma separated (thanks to Guus der Kinderen for bringing this issue up).
Status
More information/discussion needed:
- Are there any CM implementations that send the accept attribute?
- What separator do they use?
- If it is not used, is there any reason to keep it in there when the compression can/should be done at HTTP level?
'secure' attribute
Issue
The 'secure' attribute was removed from the schema and some of the text regarding the session creation response, but there exists several references to it.
Status
More information/discussion is needed; should the 'secure' attribute here be removed altogether from section 7.2 and 16.3, or maintained for historical reasons (with a remark it is present only for backward compatibility and should be ignored)? It appears safe to remove mention of the 'secure' attribute from section 16.4.
Details
In section 7.2, immediately before example 2:
If it established a secure connection to the server (as defined in Initiating a BOSH Session), then in the same response the connection manager SHOULD also include the 'secure' attribute set to "true" or "1".
In section 7.2, caption for example 3:
Subsequent response with 'from' and 'secure' attributes
In section 16.3:
The request MAY include 'route', 'from' and 'secure' attributes (see Session Creation Request), but SHOULD NOT include 'ver', 'content', 'hold' or 'wait' attributes (since a new session is not being created.
In section 16.4:
Note: Empty <body/> elements that do not include a 'from' or 'secure' attribute SHOULD NOT include a 'stream' attribute (since nothing is being transmitted for any stream).
Session Termination and Sending BOSH Errors
Issue
It is not clear on what connection there should be responded to a BOSH termination and what should be done with the other connection.
Status
Proposed fix to XEP-124 is:
- Clarify that BOSH errors and BOSH termination should be sent on the most recent connection
- Clarify that on termination (by request or by error), all connections (except for the most recent, above) should be closed by sending an empty <body/>
- Clarify that if there is any payload included in the "terminate" request, the payload should not need any response from the service.
Discussion
See http://mail.jabber.org/pipermail/bosh/2011-March/thread.html#352
'Content-Type' HTTP Header
Issue
XEP-0124 states in section 5 (HTTP Overview):
The HTTP Content-Type header of all client requests SHOULD be "text/xml; charset=utf-8". However, clients MAY specify another value if they are constrained to do so (e.g., "application/x-www-form-urlencoded" or "text/plain"). The client and connection manager SHOULD ignore all HTTP Content-Type headers they receive.
Ignored headers add unnecessary overhead to every request; upstream is often severely limited. It would be better to prefer omitting this header entirely when possible.
Proposed solution
In RFC2616 the content-type header is marked as 'SHOULD', as it is in XEP-0124. Constrained clients might need that header, in constrained network environments lack of a content-type header might result in blocking the request. (In section 7 XEP-0124 a little more is said about this). So omitting the header by default might have unwanted results. At the same time the 'SHOULD' in both XEP-0124 and RFC2616 leave room to omit the header when there are good reasons to so, e.g. in a deployment with very limited bandwidth. So the best solution would be: don't change XEP-0124.
Status
More discussion needed.
'Date' HTTP Header
Issue
The HTTP 'Date' header is ignored in BOSH. Ignored headers add unnecessary overhead to every request; upstream is often severely limited. It would be better to prefer omitting this header entirely when possible.
Discussion
The Date headers are in RFC2616 marked as SHOULD. On the date RFC2616 states that if a client or server is without a clock, then it MAY be omitted. The 'SHOULD' leaves room to omit the header when there are good reasons for it. Note that neither XEP-0124 nor XEP-0206 mention the Date header anywhere and all the examples have no Date header. So the best solution would be: don't change XEP-0124
- Is anybody aware of network environments where omitting the Date header might have adverse results?
Status
More discussion needed.
'Hold' and 'Request' Attribute Values
Issue
XEP-0124 section 7.2 (Session Creation Response) states:
- 'requests' -- This attribute enables the connection manager to limit the number of simultaneous requests the client makes (see Overactivity and Polling Sessions). The RECOMMENDED values are either "2" or one more than the value of the 'hold' attribute specified in the session request.
- 'hold' -- This attribute informs the client about the maximum number of requests the connection manager will keep waiting at any one time during the session. This value MUST NOT be greater than the value specified by the client in the session request.
But it is senseless to specify an amount of 'Requests' that is equal or less then 'hold'. Better add that the value of requests MUST be bigger then hold, and that the RECOMMENDED value is hold+1.
Status
Needs a patch, that can be agreed upon.
Session Creation Attributes Too Optional
Issue
Status
Stream Creation: missing <stream:features/>
Issue
Status
Unclear Terminology
Issue
Better explanation for "1 sometimes 2 HTTP sockets open" mechanism
Issue
Re-requesting RIDs
Issue
Basically it seems that if no response is yet generated, you shouldn't throw out a re-request of the same RID, as there are cases where this is the logical thing to do.
Details
See https://groups.google.com/forum/#!msg/strophe/D3Nj_I2OvaM/VeoDvvHd-hMJ for more information. And http://mail.jabber.org/pipermail/standards/2012-May/thread.html#26000
Status
More discussion needed: is there consensus over the proposed solutions, do they break existing implementations?
HTTPS port
There is not an HTTPS port for BOSH.
JSON Content Type
See http://xmpp.org/extensions/inbox/json.html
Issue
This proposed extension adresses a discussion that reoccurs every now and then. The inital discussion over this proposal pointed out that mapping XML to JSON is a bit problematic. Also it should be clear where we are aming at:
- Keeping BOSH as it is with XML and allow a JSON payload
- Translate the BOSH-layer to JSON
- Translate all of XMPP, including BOSH to JSON
This proposal seems to do the last.
Status
- Mapping issues of the translation needs to be fixed
- The aim of the proposal needs to be clarified
- It is unclear how big the need for this is
If there are enough people motivated to work on this, best form some a working group to clear up the issues.
Note
Also see http://xmpp.org/extensions/xep-0295.html (Humorous)