W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2007

Re: Request methods that allow an entity-body

From: Scott Nichol <snicholnews@scottnichol.com>
Date: Fri, 30 Nov 2007 09:12:45 -0500
Message-ID: <040101c8335b$23d6a850$6801a8c0@GT5056>
To: <ietf-http-wg@w3.org>

One of Roy's posts 
(http://lists.w3.org/Archives/Public/ietf-http-wg/2002JulSep/0031.html) 
says

<quote>
No.  You may think of this as just "clarifying" the spec, but in reality
it changes the parsing algorithm on the server such that the server
must know the semantics of every message that passes through it, such
that extensibility of methods becomes impossible.  The server already
has an unambiguous algorithm for interpreting the length of a message.

Whether or not GET allows a message body is irrelevant.  HTTP allows a
message body on any request.  The fact that clients should not send
useless bodies does not lessen the requirement of servers to parse a
message independent of the message semantics.  The only exception is
HEAD responses, and that only because of legacy issues.
</quote>

The original portion of the spec I was questioning is

<quote>
The presence of a message-body in a request is signaled by the inclusion
of a Content-Length or Transfer-Encoding header field in the request's
message-headers. A message-body MUST NOT be included in a request if the
specification of the request method (Section 5.1.1) does not allow
sending an entity-body in requests.
</quote>

If Roy says "HTTP allows a message body on any request", then why does 
the second sentence in the above even appear in the spec?

I was concerned that the spec does not say in the description of any 
request method that an entity-body is not allowed.  Based on what Roy 
says, the spec is correct: there is no request method for which an 
entity-body is not allowed.  That an entity-body for a HEAD or GET would 
be "useless" is not relevant.  A client is allowed send one and a server 
must parse it.

What does "must parse it" imply?

I raised this issue because of a specific problem between NuSOAP and 
lighttpd.  The former sends a GET with Content-Length: 0 when fetching 
WSDL.  The latter responds with "400 Bad Request" because of the 
message-body.  Would that server behavior be considered out of spec? 
The server presumably "parsed" the request.

Scott Nichol

----- Original Message ----- 
From: "Adrien de Croy" <adrien@qbik.com>
To: "David Morris" <dwm@xpasc.com>
Cc: "Mark Baker" <distobj@acm.org>; "Scott Nichol" 
<snicholnews@scottnichol.com>; <ietf-http-wg@w3.org>
Sent: Thursday, November 29, 2007 8:16 PM
Subject: Re: Request methods that allow an entity-body


>
> that post does, but if you follow the thread through, Roy spells out 
> clearly what the requirements are, that being that message parsing 
> should not be dependent on the method, and that therefore (except for 
> HEAD response for legacy reasons), one should not assume that any 
> message (request or response) may not have an entity body.  If any 
> message is to have an entity body, it must have a non-zero 
> Content-Length header, or a Transfer-Encoding header.
>
> This is required for extensibility - the ability of existing 
> infrastructure to deal with new methods, which may or may not need to 
> use entity bodies in requests.
>
> This is also why there's an explicit requirement for proxies to 
> forward unknown methods (depending on admin policy of course, but must 
> be capable of doing it).
>
> Regards
>
> Adrien
>
> David Morris wrote:
>> Which agrees with the point that this was incompletely specified in 
>> the
>> RFC. 
>> http://lists.w3.org/Archives/Public/ietf-http-wg/2002JulSep/0026.html
>>
>> On Thu, 29 Nov 2007, Mark Baker wrote:
>>
>>
>>> This question pops up every few years.  Read this thread over;
>>>
>>> http://lists.w3.org/Archives/Public/ietf-http-wg/2002JulSep/thread.html#msg24
>>>
>>> Mark.
>>>
>>> On 11/29/07, Scott Nichol <snicholnews@scottnichol.com> wrote:
>>>
>>>> Section 4.3 states
>>>>
>>>> <quote>
>>>> The presence of a message-body in a request is signaled by the 
>>>> inclusion
>>>> of a Content-Length or Transfer-Encoding header field in the 
>>>> request's
>>>> message-headers. A message-body MUST NOT be included in a request 
>>>> if the
>>>> specification of the request method (Section 5.1.1) does not allow
>>>> sending an entity-body in requests.
>>>> </quote>
>>>>
>>>> I do not see any place in the specification where it says that any
>>>> request does not allow sending an entity-body.  I might guess that 
>>>> GET
>>>> and HEAD do not allow an entity-body, but isn't the spec supposed 
>>>> to
>>>> remove guesswork?  The spec would be better if, for each request 
>>>> method,
>>>> it were stated whether or not an entity-body is allowed.
>>>>
>>>> Scott Nichol
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
> -- 
> Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
>
> 
Received on Friday, 30 November 2007 14:15:23 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:23 GMT