Libsoup-3.0 (3.4.4) - Server, no fragment

spo · July 16, 2024, 8:53am

Hi,

I would like to know if I found a bug or if I missed something with the Server class of libsoup-3.0 (3.4.4) package.

I start the HTTP server with :

Soup.Server server = new Soup.Server ("server-header", "simple-httpd");
   server.listen_local (3000, Soup.ServerListenOptions.IPV4_ONLY);
   server.add_handler ("/", (server, msg, path, query) => {
      
      debug (msg.get_uri ().get_fragment ());
});

Then I use curl with this URL :

curl "http://localhost:3000/#access_token=anaccesstokens&scope=user%3Aread%3Abroadcast&token_type=bearer"

And here, the msg.get_uri ().get_fragment () does not contains any fragment.

But I also tried :

Uri uri = Uri.parse ("http://localhost:3000/#access_token=anaccesstokens&scope=user%3Aread%3Abroadcast&token_type=bearer", GLib.UriFlags.NONE);
debug (uri.get_fragment ());

And it’s working as expected since I get : access_token=anaccesstokens&scope=user:read:broadcast&token_type=bearer in my debug output.

So, is it an issue with Soup.Server or I missed an option somewhere ?

Thanks

spo · July 16, 2024, 10:01am

For log, after slightly updated the simple-httpd.c from official examples, to get the fragment part of the URI, I have the same issue.
So, maybe it’s an issue with the library…

pgriffis · July 21, 2024, 2:30am

Fragments are only used client side and do not get sent to the server as part of the request.

Fragments depend on the document MIME type and are evaluated by the client (web browser). Clients are not supposed to send URI fragments to servers when they retrieve a document.[1][2]

spo · July 21, 2024, 9:16am

And you are completely right, indeed.
I completely forgotten that fragments URI are for client side - which make sense
But maybe it could be great to have, at least, a way to get the complete raw URI received by the server. (which include the fragment).

But, well, since I’ll use a WebView, I will be able to get the fragment with that easily.

Thanks.

pgriffis · July 21, 2024, 10:55am

a way to get the complete raw URI received by the server. (which include the fragment).

Unless you wrote a custom client that violates all recommendations it never gets this. Seems pretty edge case.

akitouni · July 21, 2024, 4:49pm

You probably don’t want a fragment. Seeing how you’re using it, you probably want a query string instead. Something like

http://localhost:3000/?access_token=anaccesstokens&scope=user%3Aread%3Abroadcast&token_type=bearer

spo · July 23, 2024, 4:34pm

Yep, that would be ideal but I’m not in control of this part sadly.

The authentication endpoint of the service I used return all the mandatory authentication stuff in the fragment part

system · August 6, 2024, 4:35pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.