W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2008

Re: Content negotiation for request bodies

From: Adrien de Croy <adrien@qbik.com>
Date: Wed, 27 Feb 2008 12:16:44 +1300
Message-ID: <47C49DDC.80603@qbik.com>
To: Julian Reschke <julian.reschke@gmx.de>
CC: Brian Smith <brian@briansmith.org>, 'HTTP Working Group' <ietf-http-wg@w3.org>

Just floating an idea.

GET has its good friend HEAD, which allows you to do the equivalent of a 
GET command without transferring any body.  In this case you can test 
for all sorts of things, including whether you will need to auth, 
whether the request might be accepted etc etc.

No other methods have such a helper method.

When discussing issues the other day, I came up with the concept of a 
potential new method that could address many of these issues.  For lack 
of a better name, I've called the method PROBE.


Probe-Headers: Method=POST; Content-Length=1000000000; Content-Type="..."
... other headers that aren't being tested.

This defines a message with no body, but which can be used to test a 
request that the client really would like to make, but be able to make 

A server understanding PROBE could use the Probe-Headers fields to 
determine if and under what conditions, such a request would be 
processed (or not), and respond accordingly.  Any auth at a proxy or 
server could be set up in the realm of the POROBE command before the 
actual request was made on the same connection.  Therefore you can auth 
your way through any number of intermediaries before you need to 
transfer any request body, and check if the request will be allowed 
anyway, all without breaking any semantics.

HTTP proxies that pass unknown methods should already be able to forward 
this as well.


Julian Reschke wrote:
> Brian Smith wrote:
>>> The problem with Expects, is it's only specified in HTTP 1.1, and 
>>> every link in the chain must support it for it to work.  In the 
>>> special case of
>>> Expects: 100-continue, this has grave problems with proxies that 
>>> I've raised before, and a heuristic timeout waiting for a 
>>> 100-continue which may never arrive causes further problems.
>> There is a lot of software generating "Expect: 100-continue" now. In 
>> particular, the .NET client libraries seem to add this by default. 
>> Curl uses it by default. Apache supports it well. If there is any 
>> problem, it would seem to lie in with proxies. Is "Expect: 
>> 100-continue" really that problematic for commonly deployed proxies?
>> ...
> One problem is that server framework implementations (such as servlet 
> implementations) frequently answer with "100 Continue", without 
> actually doing what RCF2616 says they should do:
> "The purpose of the 100 (Continue) status (see Section 10.1.1) is to 
> allow a client that is sending a request message with a request body 
> to determine if the origin server is willing to accept the request 
> (based on the request headers) before the client sends the request 
> body. In some cases, it might either be inappropriate or highly 
> inefficient for the client to send the body if the server will reject 
> the message without looking at the body." -- 
> <http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.8.2.3>
> Today servlet containers just say "100 Continue" without actually 
> consulting the servlet. That defeats part of what it's for.
> There have been proposals around for many years to improve this, but 
> as far as I know, nothing has happened so far.
> BR, Julian

Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
Received on Tuesday, 26 February 2008 23:15:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:44 UTC