W3C home > Mailing lists > Public > public-html@w3.org > December 2011

Re: Restoring PUT and DELETE

From: Yehuda Katz <wycats@gmail.com>
Date: Thu, 1 Dec 2011 13:06:39 -0800
Message-ID: <CAMFeDTULHYERdMJ2MNaHVx=z7WQxXAYEp6wK7poMQfY5kTTHBQ@mail.gmail.com>
To: mike amundsen <mamund@yahoo.com>
Cc: Julian Reschke <julian.reschke@gmx.de>, HTML WG <public-html@w3.org>
Yehuda Katz
(ph) 718.877.1325


On Wed, Nov 30, 2011 at 2:27 PM, mike amundsen <mamund@yahoo.com> wrote:

> Julian:
>
> all good points.
>
> Yehuda: any thoughts from you that I should include?
>

I should have time to review and provide feedback today. :)


>
> i'll clean this up and re-post to the list w/ some follow up remarks so we
> can continue the discussion.
>
> thanks.
>
> mca
> http://amundsen.com/blog/
> http://twitter.com@mamund
> http://mamund.com/foaf.rdf#me
>
>
>
>
> On Wed, Nov 30, 2011 at 17:16, Julian Reschke <julian.reschke@gmx.de>wrote:
>
>> On 2011-11-30 22:58, mike amundsen wrote:
>>
>>> Julian:
>>>
>>> I while back, I posted a page that, I think, covers your questions:
>>> http://amundsen.com/examples/**put-delete-forms/<http://amundsen.com/examples/put-delete-forms/>
>>> ...
>>>
>>
>> Some of them; thanks for what you have so far. This is exactly what needs
>> to happen; I just don't think we're done yet. Also, I encourage people to
>> read all of this; it's *not* a matter of just "restoring" PUT and DELETE.
>>
>> Here are a few comments:
>>
>>  1.3.
>>> A Simple HTML Example
>>>
>>> <form action="http://example.org/**user/12 <http://example.org/user/12>"”
>>> method=”put” if-match="*">
>>>  <input name="user-name" type="text" value="" />
>>>  <input name="hat-size" type="text" value="" />
>>>  <input type="submit" />
>>> </form>
>>>
>>> Filling the “user-name” and “hat-size” inputs with “mike” and “small”
>>> respectively, will result in the following HTTP request:
>>>
>>> PUT /user/123 HTTP/1.1
>>> Host: example.org
>>> Content-Type: application/x-www-form-**urlencoded
>>> If-Match: "*"
>>> ...
>>> user-name=mike&hat-size=small
>>>
>>
>> The example should include the response, and information what the UA is
>> supposed to do with it.
>>
>>  3.
>>> Sample Usage Scenarios
>>>
>>> Below are example usage scenarios for PUT and DELETE w/ HTML Forms.
>>> 3.1.
>>> Creating a New Resource
>>>
>>> PUT can be used to create a new resource.
>>>
>>> *** REQUEST
>>> GET /users/;create HTTP/1.1
>>> Host: www.example.org
>>> ...
>>>
>>> *** RESPONSE
>>> 200 OK HTTP/1.1
>>>
>>
>> That should be 201.
>>
>>  ...
>>>
>>> <html>
>>> ...
>>> <form action=”http://www.example.**org/users/123<http://www.example.org/users/123>”
>>> method=”put” if-none-match=”*”>
>>>  <input name=”user-name” value=”” />
>>>  <input name=”hat-size” value=”” />
>>>  <input type=”submit” />
>>> </form>
>>> ...
>>> </html>
>>>
>>> *** REQUEST
>>> PUT /users/123 HTTP/1.1
>>> Host: www.example.org
>>> If-None-Match: "*"
>>> Content-Type: application/x-www-form-**urlencoded
>>> Content-Length: nnn
>>>
>>> user-name=mike&hat-size=small
>>>
>>> *** RESPONSE
>>> 200 OK HTTP/1.1
>>> ...
>>> <html>
>>> ...
>>> <ul>
>>>  <li>user-name: mike</li>
>>>  <li>hat-size: small</li>
>>> </ul>
>>> ...
>>> <html>
>>>
>>
>> Here, the server sends a new HTML page for display. Servers currently do
>> not do that upon PUT. We need to tell what we expect from them (yes, see
>> below).
>>
>> This applies to the other examples as well.
>>
>>
>>> 3.4.
>>> Binary Transfers
>>>
>>> PUT can be used to send binary data to servers.
>>>
>>> *** REQUEST
>>> GET /users/123/avatar HTTP/1.1
>>> Host: www.example.org
>>> Accept: text/html
>>> ...
>>>
>>> *** RESPONSE
>>> 200 OK HTTP/1.1
>>> ...
>>>
>>> <html>
>>> ...
>>> <form action=”http://www.example.**org/users/123<http://www.example.org/users/123>”
>>> method=”put” if-match=”*”>
>>>  <input type="file" name="imagefile" value="" />
>>>  <input type=”submit” />
>>> </form>
>>> ...
>>> </html>
>>>
>>> *** REQUEST
>>> PUT /user/123/avatar HTTP/1.1
>>> Host: example.org
>>> If-None-Match: "*"
>>> Content-Type: multipart/form-data; boundary=---------------------**
>>> ------3652875324033
>>> Content-Length: nnn
>>>
>>> -----------------------------**3652875324033
>>> Content-Disposition: form-data; name="imagefile";
>>> filename="my-avatar.jpg"
>>> Content-Type: image/jpeg
>>>
>>> ... binary data ...
>>>
>>
>> Why multipart? Typical implementations of servers that do PUT store the
>> content as is and do not process multipart.
>>
>>  4.
>>> Other Considerations
>>>
>>> 4.1.
>>> Handling Responses
>>>
>>> Typical responses from PUT (200/201/204) and DELETE (200/202/204) SHOULD
>>> be handled the same way these responses are handled for POST[cite].
>>>
>>> How *are* they handled by UAs? (Is this in HTML5?). (Julian Reschke)
>>>
>>
>> That's something we need to clarify.
>>
>>  How do WebDAV servers commonly respond to PUT/DELETE? (Mike Amundsen)
>>>
>>
>> PUT -> 200 or 201 (for new resources)
>>
>> DELETE -> 200 or 204.
>>
>>  4.2.
>>> Handling Security
>>>
>>> Security constraints for PUT/DELETE via FORMS SHOULD be handled the same
>>> as using PUT/DELETE via XHR.
>>>
>>
>> So PUT and DELETE cross-origin only work with CORS.
>>
>>  4.4.
>>> Optional Added FORM Content-Types
>>>
>>> Currently, HTML FORMS support three content-types for sending request
>>> entities[cite]:
>>>
>>>    application/x-www-form-**urlencoded
>>>    multipart/form-data
>>>    text/plain
>>>
>>> It is possible that additional content-types could be supported for
>>> FORMS including JSON[cite] and XML[cite]. While this is not required in
>>> order to add support for PUT in HTML FORMS, there are a number of scenarios
>>> where this will be desireable. It is assumed that any additional
>>> content-types would be supported for FORMS where the "method" atttribute is
>>> set to POST or PUT.
>>>
>>
>> That'll break assumptions about CSRF defences, I believe.
>>
>>  4.5.
>>> Optional Support for Prefer Header
>>>
>>> It is possible that HTML FORMS could support the Prefer Header[Prefer]
>>> as a way to communicate to the server the agent's preference for a
>>> response. This would allow agent's to indicate they wish a body returned
>>> for responses where a body MAY not always be returned by servers (201/202).
>>>
>>
>> Yes. We should work on that Internet Draft.
>>
>>  4.6.
>>> Support for Atom-Style PUT/DELETE
>>>
>>> The current proposal relies on added attributes in the FORM element (see
>>> above). An alternative approach is to adopt the way AtomPub[AtomPub]
>>> handles PUT/DELETE; only support it in cases where the current response
>>> representation is the actual resource to PUT/DELETE.
>>>
>>
>> That's also WebDAV's point of view, I believe.
>>
>>  ...
>>>
>>
>> Best regards, Julian
>>
>
>
Received on Thursday, 1 December 2011 21:07:31 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:39:28 UTC