W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2011

Re: DELETE and 410 Gone

From: J Ross Nicoll <jrn@jrn.me.uk>
Date: Thu, 25 Aug 2011 18:00:24 +0100
Message-ID: <4E567FA8.6060201@jrn.me.uk>
To: Alexandre.Morgaut@4d.com
CC: ietf-http-wg@w3.org, karld@opera.com, julian.reschke@gmx.de
On 25/08/2011 17:08, Alexandre Morgaut wrote:
> Use cases:
>   - change of identity of somebody, maybe a whole family for their security
>   - someone is tagged by a third party on a picture and want this tag to be removed (the picture may be completly unrelated to the person like a porn or a racist picture just to give him a bad reputation)
>
> The fact is that with some very google friendly URL anyone could try some manually constructed URL to know if something has be related to another
>
> ex:
> Someone told me this guy was member of this organization
> I check
>
> ->  GET http://thisorganiztion.org/members/john-doe
> <- 410 Gone HTTP1/1
>
> If this wanted all his informations being removed from this organization website (he may not agree any more with its actions), here there is a problem...
>

I think what you've argued here is more that the entire 410 status code 
needs to be deprecated or have significant notes about privacy added, 
than the specific case of what happens after a DELETE operation. Which 
is fair, but I think an important distinction.

Assuming the 410 status code isn't going anywhere, I think "response on 
any subsequent requests on the same URI SHOULD be 410 (Gone)" is fine, 
as there's a SHOULD (appropriate to most cases) but if a server admin 
feels a need to return 404 instead they have that option.

Ross
Received on Thursday, 25 August 2011 17:00:51 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:47 GMT