Re: Solution to the CGI message trap

From: Dave Kristol (dmk@bell-labs.com)
Date: Fri, Aug 07 1998


Message-ID: <35CB6D3A.4CE7@bell-labs.com>
Date: Fri, 07 Aug 1998 17:10:18 -0400
From: Dave Kristol <dmk@bell-labs.com>
To: Henrik Frystyk Nielsen <frystyk@w3.org>
CC: ietf-http-ext@w3.org, lawrence@agranat.com, paulle@microsoft.com
Subject: Re: Solution to the CGI message trap

Henrik Frystyk Nielsen wrote:
> 
> The CGI problem of accepting (returning 200 OK) to arbitrary methods is a
> very serious problem and we need a solution urgently in order to be able to
> extend HTTP beyond GET, HEAD, PUT, and POST.
> 
> Currently, you can't even do a DELETE and know that it works even if you
> get 200 OK back which means that neither HTTP/1.1, nor DAV nor Mandatory
> can be used reliably.
> 
> Here are the possible solutions that I can think of:

[Solutions deleted]

The problem is between the server and a CGI, rather than between the
server and the client.  Old servers, which really only understand
HEAD/GET/POST, will continue to do them the same.

If you can get "new servers" to define an updated CGI interface, then
there's another possibility.  A new server might require a CGI to return
a Method: header with the method it thought it interpreted.  Such a
server would require such a header of any non-HEAD/GET/POST request and
ensure that it matches the request method.  Just as with the Status:
header from CGIs, Method: would be removed by the server before it
forwards the response.

"Old CGIs" with "new servers" would be safe:  if the CGI failed to
return Method: on an unusual method, the response would be dropped.

Dave Kristol