- From: Mark Nottingham <mnot@mnot.net>
- Date: Wed, 1 May 2013 09:26:56 +1000
- To: Ken Murchison <murch@andrew.cmu.edu>
- Cc: ietf-http-wg@w3.org
On 01/05/2013, at 12:46 AM, Ken Murchison <murch@andrew.cmu.edu> wrote: > On Tue, 30 Apr 2013 15:07:49 +0200, Julian Reschke wrote: >> On 2013-04-23 05:47, Mark Nottingham wrote: >> >> > * 3.1 "...instead they MUST respond with the 412 (Precondition Failed) status code." This is too strong; e.g., what if authentication is needed? Suggest an "unless..." clause allowing other error status codes. > > The first paragraph of Section 5 seems to address the case of 401 and any other errors: > > "For each conditional request, a server must evaluate the request preconditions after it has successfully performed its normal request checks (i.e., just before it would perform the action associated with the request method). Preconditions are ignored if the server determines that an error or redirect response applies before they are evaluated. Otherwise, the evaluation depends on both the method semantics and the choice of conditional." > > The second sentence in Section 3 references Section 5 as far as when preconditions are applied. This seems sufficient to me, but perhaps that is because I have read the document several times and know what it says in its entirety. Unfortunately, some (many) people will read the MUST and just stop. Also, everywhere else we suggest the most sensible status code to use in a situation, barring exceptions (which is essentially what we're doing here), it's SHOULD; the MUST here seems sorely out of place. -- Mark Nottingham http://www.mnot.net/
Received on Tuesday, 30 April 2013 23:27:25 UTC