Re: NEW ISSUE: Clarify whether request must be processed before responding with redirection codes from cowwoc on 2013-07-03 (ietf-http-wg@w3.org from July to September 2013)

From: cowwoc <cowwoc@bbs.darktech.org>
Date: Wed, 03 Jul 2013 18:08:43 -0400
To: Martin Thomson <martin.thomson@gmail.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <51D4A0EB.60006@bbs.darktech.org>

On 03/07/2013 4:31 PM, Martin Thomson wrote:
> On 3 July 2013 12:16, cowwoc <cowwoc@bbs.darktech.org> wrote:
>> For each status code in the 300 range please clarify which HTTP methods are
>> acceptable (e.g. is 304 acceptable for methods other than GET?) and whether
>> the server MUST or MUST NOT process the request before responding with that
>> code.
> We just discussed a more general version of the same issue for
> HTTP/2.0.  Whether the request has been processed or not is implicit
> in the description of some of the codes.
>
> For instance: 303 says:
>
>     The response to the request can be found under a different URI and
>     SHOULD be retrieved using a GET method on that resource.
>
> That says to me that the response can be retrieved.  If the request
> implies some action, and the only way to observe whether that action
> has occurred is to GET the identified resource, then the exact time
> that said action occurs need only be between receipt of the first (the
> POST) request and the response to the redirected GET.  That allows
> some freedom to servers that I'd be opposed to giving up.
>
> If the results of the action can be observed in other ways, then those
> ways need to be consistent with what the server has reported.  That is
> entirely up to the server, though.
>
> If there is a specific case where you believe this to be necessary,
> because it creates an ambiguity, then by all means let us know.  My
> read of the 3xx series says that only 303 has this potential for
> interesting behavior.

Hi Martin,

     If a tree falls in a forest but no one is around to see it, does it 
make a sound? :)

     I think that ambiguity is dangerous from a threading point of view. 
Consider the following made-up scenario:

  * A user visits a website.
  * index.html causes the browser to queue 100 different HTTP operations
    (as a result of DOM or Javascript operations that run onLoad).
  * The current HTTP operation (say, an HTTP PUT) results in HTTP 303
    pointing to a different domain.
  * Is the browser forced to invoke HTTP GET in response to the HTTP 303
    right away? Or can it defer this action to the end of the queue?
  * If the browser invokes the operation right away, it risks losing the
    open connection to the first server (HTTP pipelining). If it defers
    the operation, it risks introducing race conditions from the point
    of view of the Javascript code.

     Also, please read http://stackoverflow.com/a/13755096/14731 in 
which I posted quotes from theRESTful Web Services 
<http://shop.oreilly.com/product/9780596529260.do> book regarding this 
topic.

     Finally, I've got a second (slightly related) topic I'd like to 
bring to your attention: http://stackoverflow.com/q/13867129/14731

Thanks,
Gili

Received on Wednesday, 3 July 2013 22:09:37 UTC