Re: effective request URI/target URI, issues 221 & 222, was: Issues addressed by the -10 drafts from Julian Reschke on 2010-09-06 (ietf-http-wg@w3.org from July to September 2010)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Mon, 06 Sep 2010 17:54:41 +0200
To: "Roy T. Fielding" <fielding@gbiv.com>
CC: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>, =JeffH <Jeff.Hodges@KingsMountain.com>
Message-ID: <4C850EC1.2040606@gmx.de>

On 23.07.2010 09:48, Julian Reschke wrote:
> ...
> 2) Does eURI/target URI need to handle the case of HTTP/1.0 requests
> without Host header?
> (<http://trac.tools.ietf.org/wg/httpbis/trac/ticket/221>)
> ...

We discussed this in Maastricht, and the conclusion was that effective 
request URI can be left undefined in this case - I have rephrased the 
definition accordingly 
(<http://trac.tools.ietf.org/wg/httpbis/trac/changeset/992>):

-- snip --
4.3.  Effective Request URI

    HTTP requests often do not carry the absolute URI ([RFC3986], Section
    4.3) for the target resource; instead, the URI needs to be inferred
    from the request-target, Host header field, and connection context.
    The result of this process is called the "effective request URI".
    The "target resource" is the resource identified by the effective
    request URI.

    If the request-target is an absolute-URI, then the effective request
    URI is the request-target.

    If the request-target uses the path-absolute form or the asterisk
    form, and the Host header field is present, then the effective
    request URI is constructed by concatenating

    o  the scheme name: "http" if the request was received over an
       insecure TCP connection, or "https" when received over a SSL/
       TLS-secured TCP connection,

    o  the character sequence "://",

    o  the authority component, as specified in the Host header field
       (Section 9.4), and

    o  the request-target obtained from the Request-Line, unless the
       request-target is just the asterisk "*".

    If the request-target uses the path-absolute form or the asterisk
    form, and the Host header field is not present, then the effective
    request URI is undefined.

    Otherwise, when request-target uses the authority form, the effective
    request URI is undefined.
-- snip --

That being said, Roy said in a followup:

>> 2) Does eURI/target URI need to handle the case of HTTP/1.0 requests without Host header? (<http://trac.tools.ietf.org/wg/httpbis/trac/ticket/221>)
>
> Yes, though we should be clear that HTTP/1.0 requests should also
> have Host defined -- it just isn't required for legacy stuff.

...but that seems to be orthogonal to the change above (do we need a 
ticket number for Roy's proposal?).

Best regards, Julian

Received on Monday, 6 September 2010 15:55:19 UTC