W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1995

Re: Location Proposals

From: Shel Kaphan <sjk@amazon.com>
Date: Wed, 30 Aug 1995 22:48:54 -0700
Message-Id: <199508310548.WAA27222@bert.amazon.com>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com

  > From: Brian Behlendorf <brian@organic.com>
	...
  > This assumes "server" is a contiguous authority - not true, 

  I was about to make the same observation, but another area of problems
  is that a server might want to return a URI (is this the new name for
  Location?) that is a URN for the document.  How is the client supposed
  to recognize that the URN is for the same "server"?

I don't really have a good answer...maybe it shouldn't be a URN for
this reason.  Ugh. I feel like I'm fighting a rear guard action on
this one.  There are so many reasons it would be nice to save this.

  The only generally safe thing I can think of doing is that if a
  URI is returned to the client, it should always be considered a
  redirect, or only allowed in a redirect.

Just to be clear, you're advocating removing the newly added
possibility of returning Location with 2xx responses.

  The server ought not return
  the very same URI as for the request, to avoid an obvious loop.  But if
  it is a different URI, the client ought to be given the chance to find
  it in a local cache anyway, so a redirect is reasonable.  

I'm not denying the existence of the security problem, but again, to
be clear, in my model of how this ought to work, the resource enclosed
in the response should replace anything in the cache under that
URI. This is what would make this construct so useful.  The use of
Location in a 2xx response is to identify a resource being sent, not as
a redirection.

  Daniel LaLiberte (liberte@ncsa.uiuc.edu)
  National Center for Supercomputing Applications
  http://union.ncsa.uiuc.edu/~liberte/

--Shel
Received on Wednesday, 30 August 1995 22:53:53 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:27 EDT