From 3849f03db419a990c8321e6902b270021ec7a3dd Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Wed, 1 Feb 2017 15:53:23 +0100 Subject: [PATCH] HTTP Upload: Slight syntax changes and added ability to provide additional HTTP header fields on slot assignment --- xep-0363.xml | 79 ++++++++++++++++++++++++++++++---------------------- 1 file changed, 45 insertions(+), 34 deletions(-) diff --git a/xep-0363.xml b/xep-0363.xml index 61307441..9bf1a5ce 100644 --- a/xep-0363.xml +++ b/xep-0363.xml @@ -28,12 +28,18 @@ daniel@gultsch.de daniel@gultsch.de + + 0.3.0 + 2017-02-01 + dg +

Slight syntax changes and added ability to provide additional HTTP header fields on slot assignment.

 + 0.2.5 2017-01-08 XEP Editor: ssw

Merge typo fixes suggested by an unnamed user.

 - + 0.2.4 2016-10-28 @@ -97,13 +103,13 @@
  • Be as easy to implement as possible. This is grounded on the idea that most programming languages already have HTTP libraries available.
    • -
  • Be agnostic toward the distribution of the actual URL. Users can choose to send the URL in the body of a message stanza, utilize &xep0066;, or even use it as their avatar in &xep0084;.
    • -
  • Do not provide any kind of access control or security beyond Transport Layer Security in form of HTTPS and long random paths that are impossible to guess. That means everyone who knows the URL SHOULD be able to access it.
    • +
  • Be agnostic toward the distribution of the actual URL. Users can choose to send the URL in the body of a message stanza, utilize &xep0066;, &xep0370;, or even use it as their avatar in &xep0084;
    • +
  • Do not provide any kind of access control or security for file retrieval beyond Transport Layer Security in form of HTTPS and long random paths that are impossible to guess. That means everyone who knows the URL SHOULD be able to access it.
 -

An entity advertises support for this protocol by including the "urn:xmpp:http:upload" in its service discovery information features as specified in &xep0030; or section 6.3 of &xep0115;. To avoid unnecessary round trips an entity SHOULD also include the maximum file size as specified in &xep0128; if such a limitation exists. The field name MUST be "max-file-size" and the value MUST be in bytes.

-

A user's server SHOULD include any known entities that provide such services into its service discovery items.

+

An entity advertises support for this protocol by including the "urn:xmpp:http:upload:0" in its service discovery information features as specified in &xep0030; or section 6.3 of &xep0115;. To avoid unnecessary round trips an entity SHOULD also include the maximum file size as specified in &xep0128; if such a limitation exists. The field name MUST be "max-file-size" and the value MUST be in bytes.

+

A user’s server SHOULD include any known entities that provide such services into its service discovery items.

- + - urn:xmpp:http:upload + urn:xmpp:http:upload:0 5242880 @@ -150,28 +156,32 @@ ]]> -

A client requests a new upload slot by sending an IQ-get to the upload service containing a <request> child element qualified by the urn:xmpp:http:upload namespace. This element MUST include elements <filename> and <size> containing the file name and size respectively.

-

An additional element <content-type> containing the Content-Type is OPTIONAL.

+

A client requests a new upload slot by sending an IQ-get to the upload service containing a <request> child element qualified by the urn:xmpp:http:upload:0 namespace. This element MUST include the attributes filename and size containing the file name and size respectively.

+

An additional attribute content-type containing the Content-Type is OPTIONAL.

- - my_juliet.png - 23456 - image/jpeg + ]]> -

The upload service responds with both a PUT and a GET URL wrapped by a <slot> element. The service SHOULD keep the file name and especially the file ending intact. Using the same hostname for PUT and GET is OPTIONAL. The host SHOULD provide Transport Layer Security (&rfc5246;).

+

The upload service responds with both a PUT and a GET URL wrapped by a <slot> element. The service SHOULD keep the file name and especially the file ending intact. Using the same hostname for PUT and GET is OPTIONAL. The host MUST provide Transport Layer Security (&rfc5246;).

+

The <put> element MAY also contain an unlimited number of <header> elements which correspond to HTTP header fields. Each <header> element MUST have a name-attribute and a content with the value of the header.

- - https://upload.montague.tld/4a771ac1-f0b2-4a4a-9700-f2a26fa2bb67/my_juliet.png - https://download.montague.tld/4a771ac1-f0b2-4a4a-9700-f2a26fa2bb67/my_juliet.png + + +
Basic Base64String==
+
montague.tld
+ + ]]> @@ -182,14 +192,14 @@ id='step_03' to='romeo@montague.tld/garden' type='error'> - - my_juliet.png - 23456 - + - + File too large. The maximum file size is 20000 bytes + 20000 @@ -200,13 +210,13 @@ id='step_03' to='romeo@montague.tld/garden' type='error'> - - my_juliet.png - 23456 - + - Quota reached. You can only upload 5 files in 5 minutes ]]> - - my_juliet.png - 23456 - + - Only premium members are allowed to upload files ]]>

The actual upload of the file happens via HTTP-PUT and is out of scope of this document. The upload service MUST reject the file upload if the Content-Length does not match the size of the slot request. The service SHOULD reject the file if the Content-Type has been specified beforehand and does not match. The service MAY assume application/octet-stream as a Content-Type if it the client did not specify a Content-Type at all.

+

In addition to the Content-Length and Content-Type header the client MUST also include all additional headers that came with the slot assignment.

There is no further XMPP communication required between the upload service and the client. A HTTP status Code of 201 means that the server is now ready to serve the file via the provided GET URL. If the upload fails for whatever reasons the client MAY request a new slot.

 @@ -246,7 +257,7 @@

This specification defines the following XML namespace:

    -
  • urn:xmpp:http:upload
    • +
  • urn:xmpp:http:upload:0

Upon advancement of this specification from a status of Experimental to a status of Draft, the ®ISTRAR; shall add the foregoing namespace to the registry located at &NAMESPACES;, as described in Section 4 of &xep0053;.