Re: Solution to the CGI message trap
From: Dave Kristol (dmk@bell-labs.com)
Date: Fri, Aug 07 1998
Message-ID: <35CB6D3A.4CE7@bell-labs.com>
Date: Fri, 07 Aug 1998 17:10:18 -0400
From: Dave Kristol <dmk@bell-labs.com>
To: Henrik Frystyk Nielsen <frystyk@w3.org>
CC: ietf-http-ext@w3.org, lawrence@agranat.com, paulle@microsoft.com
Subject: Re: Solution to the CGI message trap
Henrik Frystyk Nielsen wrote:
>
> The CGI problem of accepting (returning 200 OK) to arbitrary methods is a
> very serious problem and we need a solution urgently in order to be able to
> extend HTTP beyond GET, HEAD, PUT, and POST.
>
> Currently, you can't even do a DELETE and know that it works even if you
> get 200 OK back which means that neither HTTP/1.1, nor DAV nor Mandatory
> can be used reliably.
>
> Here are the possible solutions that I can think of:
[Solutions deleted]
The problem is between the server and a CGI, rather than between the
server and the client. Old servers, which really only understand
HEAD/GET/POST, will continue to do them the same.
If you can get "new servers" to define an updated CGI interface, then
there's another possibility. A new server might require a CGI to return
a Method: header with the method it thought it interpreted. Such a
server would require such a header of any non-HEAD/GET/POST request and
ensure that it matches the request method. Just as with the Status:
header from CGIs, Method: would be removed by the server before it
forwards the response.
"Old CGIs" with "new servers" would be safe: if the CGI failed to
return Method: on an unusual method, the response would be dropped.
Dave Kristol