W3C home > Mailing lists > Public > public-webapi@w3.org > April 2006

Re: Issue: request bodies

From: Maciej Stachowiak <mjs@apple.com>
Date: Sat, 22 Apr 2006 17:02:51 -0700
Message-Id: <B19DDCA5-68D2-4910-A125-241964FEE087@apple.com>
Cc: "Web APIs WG (public)" <public-webapi@w3.org>
To: Mark Nottingham <mnot@yahoo-inc.com>


On Apr 21, 2006, at 9:33 AM, Mark Nottingham wrote:

>
> [ from the big comment e-mail; raising as a separate issue, as  
> requested ]
>
> The current draft says that:
> "If the method is POST or PUT, then the data passed to the send()  
> method must be used for the entity body."
>
> This doesn't account for other request methods that may have a  
> request body, e.g., PROPPATCH.  Suggested text:
>
> "Any data passed to the send() method MUST be used in the entity  
> body. If data is passed to send() when it is known to be incorrect  
> (e.g., in GET, HEAD, and DELETE requests), implementations MUST  
> raise an error."

Current implementations silently ignore the body in this case. It  
seems like a bad idea to change this to raising an exception, since  
it could break existing content that blindly sets a body. But it  
seems ok to change the requirement to require ignoring the body for a  
specific list of methods, instead of allowing it only for a specific  
list of methods, so long as this would not allow security holes or  
violations of the http spec.

Regards,
Maciej
Received on Sunday, 23 April 2006 00:03:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:54 GMT