- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Tue, 28 Sep 2004 03:55:02 -0700
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: HTTP working group <ietf-http-wg@w3.org>, Linus Walleij <triad@df.lth.se>, Lisa Dusseault <lisa@osafoundation.org>, Martin Duerst <duerst@w3.org>
On Sep 27, 2004, at 9:47 AM, Julian Reschke wrote: > As far as I know, the current wisdom seems to disallow put on a > content-negotiated resource, and to modify the "content" resource > (Content-Location response header, see > <http://greenbytes.de/tech/webdav/rfc2616.html#header.content- > location>) instead. That is correct. The best response from an HTTP server to an authoring type of method on a negotiated resource is either "not allowed" or a 300 response that explains the resource is negotiated and lists the URI(s) that might be authorable. On a PUT, servers will either disallow the request or change the URI's resource to having the fixed content. Providing those URIs is a hard problem in general because it depends on the algorithm used by the server to determine what representations are available for a given URI. For example, the Multiviews method in Apache works by filename extensions, whereas another method uses mappings defined in a URI".var" file, and mod_rewrite could do just about anything. A server should never attempt to "guess" while authoring -- any redirection of the content must be controlled by the user (for privacy reasons) and must not be assumed by the server (for security reasons). ....Roy
Received on Tuesday, 28 September 2004 11:02:55 UTC