- From: Gabriel Montenegro <Gabriel.Montenegro@microsoft.com>
- Date: Tue, 17 Jul 2012 17:02:24 +0000
- To: Adrien de Croy <adrien@qbik.com>, Poul-Henning Kamp <phk@phk.freebsd.dk>
- CC: Amos Jeffries <squid3@treenet.co.nz>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
> From: Adrien de Croy [mailto:adrien@qbik.com]
...
> I agree, and actually I'd be keen to apply this philosphy in both directions,
> where no significant resource is transmitted in either direction without the
> recipient indicating prior willingness (either by requesting it, or indicating
> willingness). What I'm getting at here is large POST / PUT requests. Currently
> it's a mess esp with auth in the mix.
Along these lines, to help with a POST/PUT with auth in the mix we mentioned an idea in our authentication EoI of a lightweight probe:
http://lists.w3.org/Archives/Public/ietf-http-wg/2012JulSep/0239.html:
1. Lightweight "probe" for POSTs and PUTs. Initial PUTs and POSTs with long entity bodies will cause problems because of the extra round trip required by authentication. ("Initial" means when first request on a connection is PUT or POST). If the body is indefinite length, it may not be able to be recreated. This is a problem with any multi-legged authentication scheme in HTTP. It could be avoided if there were a guaranteed benign request type that could be used to force authentication if needed before doing the PUT or POST.
Received on Tuesday, 17 July 2012 17:03:07 UTC