Re: Request methods that allow an entity-body from Henrik Nordstrom on 2007-11-30 (ietf-http-wg@w3.org from October to December 2007)

From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Fri, 30 Nov 2007 16:24:13 +0100
To: Scott Nichol <snicholnews@scottnichol.com>
Cc: ietf-http-wg@w3.org
Message-Id: <1196436253.27696.77.camel@henriknordstrom.net>

On fre, 2007-11-30 at 09:12 -0500, Scott Nichol wrote:

> If Roy says "HTTP allows a message body on any request", then why does 
> the second sentence in the above even appear in the spec?

There is two sides of this.

One thing is what parsers (servers) must accept. Another how clients may
construct requests. If the method 

Specifications on how messages may be constructed is stricter than how
messages should be parsed/processed. Crossreading the two areas of the
specification as if they were one gets a bit confusing and is not how
the spec is intended to be read.

But yes, the sentence "A message-body MUST NOT be included in a request
if the specification of the request method does not allow sending an
entity-body in requests" is a bit ambigious. Does it mean that sending
an entity-body is not allowed if explicitly denied by the method
specification, or does it also mean that sending a body is not allowed
unless explicitly allowed by the method specifications. The difference
is the GET/HEAD/DELETE methods..

I read it the second way, that client MUST NOT include a body unless
explicitly allowed by the method specification. But it's clearly
specified what should happen at the server should a client send it a
such message with a request-body so it doesn't really matter that much.

> That an entity-body for a HEAD or GET would 
> be "useless" is not relevant.  A client is allowed send one and a server 
> must parse it.

Yes.

> What does "must parse it" imply?

That it manages to read the body and ignore it when it has no meaning.
It MUST NOT misread the body as the next request.

> I raised this issue because of a specific problem between NuSOAP and 
> lighttpd.  The former sends a GET with Content-Length: 0 when fetching 
> WSDL.  The latter responds with "400 Bad Request" because of the 
> message-body.  Would that server behavior be considered out of spec? 
> The server presumably "parsed" the request.

It's not entirely out of spec as the requirement to accept request
bodies is just a SHOULD, not a MUST. But it's not the desired behavior
to reject such messages.

Regards
Henrik

Received on Friday, 30 November 2007 15:25:14 UTC