- From: João Penteado <joao@penteado.me>
- Date: Fri, 09 Jul 2021 20:51:07 +0000
- To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On Friday, July 9th, 2021 at 15:45, Julian Reschke <julian.reschke@gmx.de> wrote: > Am 09.07.2021 um 19:51 schrieb João Penteado: > > > ... > > > > 2. If the most servers out there adopt the same validation order, clients will > > > > gain additional information unavailable before. If, for instance, every server > > > > checks URI length before checking payload size, and I get a "413 Request Entity > > > > Too Large" error, I would know for sure that my URI length is fine and all the > > > > previous checks passed successfully. > > > > ... > > You lost me here. > > If a client sends both a too large URI and a too large request body, > > why does it matter in practice which one is reported first? At the end > > of the day, to fix the issue, both problems need to be resolved, no? > > Best regards, Julian You're correct, in pratice, the validation order doesn't matter as much as what is being validated, as the client would still have to address all issues in order to have its request accepted. Which is why I believe that reason no. 1 is a more relevant argument for having a well definied validation order. Despite this, with a well defined validation order additional information would be conveyed to the client, given HTTP's limitation of only returning one error code at a time, which might be helpful in debugging. If there's no consensus on the need of establishing such a validation check order, what we could do instead is focus first on establishing what SHOULD and what MUST be validated and then suggest on the spec some considerations implementers may want observe regarding validation order. Best regards, João Penteado
Received on Friday, 9 July 2021 20:51:31 UTC