W3C home > Mailing lists > Public > public-webapi@w3.org > January 2008

Re: OPTIONS and Method-Check

From: Mark Nottingham <mnot@yahoo-inc.com>
Date: Sat, 12 Jan 2008 23:57:08 +1100
Cc: "Web API WG (public)" <public-webapi@w3.org>
Message-Id: <73071574-4F59-42DC-9409-5BD8B9F2E340@yahoo-inc.com>
To: Anne van Kesteren <annevk@opera.com>

Some more history and details on when it was patched in Apache:
   http://issues.apache.org/bugzilla/show_bug.cgi?id=15242

A few old-ish thoughts here:
   http://www.mnot.net/blog/2005/04/03/options

The main problem IMO is that OPTIONS isn't cacheable, which is going  
to pretty severely limit things.



On 12/01/2008, at 9:39 PM, Anne van Kesteren wrote:

>
> I and other played a bit more with our Apache installs (mine is on  
> the shared-host DreamHost) in #html-wg yesterday and it turns out  
> that OPTIONS now works as Björn Höhrmann indicated earlier on this  
> list. With web_dav installed and without the need for  
> ScriptTrapOptions. Jonas also seemed happy with OPTIONS if support  
> for it was present.
>
> The 10 to 20 lines code contest is now also pretty easy to beat. In  
> Python:
>
>  #!/usr/bin/env python
>  import os;
>  request_method = os.environ["REQUEST_METHOD"]
>  if "OPTIONS" == request_method:
>    ...
>  elif "GET" == request_method:
>    ...
>  else:
>    ...
>
> For PHP you use $_SERVER["REQUEST_METHOD"], for Perl  
> $ENV{REQUEST_METHOD}, etc.
>
>
> I have left the Method-Check header in the specification, but as the  
> primary (and only?) use case of that header was to indicate that  
> this is an authorization request maybe we should remove it. Opinions?
>
>
> -- 
> Anne van Kesteren
> <http://annevankesteren.nl/>
> <http://www.opera.com/>
>

--
Mark Nottingham       mnot@yahoo-inc.com
Received on Saturday, 12 January 2008 12:57:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 12 January 2008 12:57:47 GMT