W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2008

Re: i69: Clarify "Requested Variant" [was: New "200 OK" status codes, PATCH & PROPFIND]

From: Henrik Nordström <henrik@henriknordstrom.net>
Date: Tue, 05 Feb 2008 14:33:54 +0100
To: Yves Lafon <ylafon@w3.org>
Cc: Julian Reschke <julian.reschke@gmx.de>, Stefan Eissing <stefan.eissing@greenbytes.de>, Mark Nottingham <mnot@mnot.net>, Brian Smith <brian@briansmith.org>, "'HTTP Working Group'" <ietf-http-wg@w3.org>
Message-Id: <1202218434.17924.38.camel@hlaptop>

tis 2008-02-05 klockan 07:33 -0500 skrev Yves Lafon:

> > It should never differ, and only depend on the Request-URI + those request 
> > headers that select the variant.
> 
> But in this case it may apply to another URI than request URI...

In both cases (200 Content-Location + ETag / 201 Location + ETag) & it
does, and both are subject to the same security implications that it's
not always safe to assume the response is authorative for the indicated
resource.

The two is really just two facets of the same concept of indicating that
the action was taken/resulter in a resorce at a different location than
the request-URI, with the main difference being the meaning of the
response entity.

The RFC wording is more strict on this wrt the use of Content-Location
than Location because associating the wrong response entity (+ ETag)
with a resource is a lot more dangerous than associating just a wrong
ETag..

Regards
Henrik

Received on Tuesday, 5 February 2008 13:35:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:36 GMT