W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2011

Re: [File API] Dereferencing Model for Blob URIs

From: Arun Ranganathan <arun@mozilla.com>
Date: Thu, 13 Oct 2011 16:32:00 -0400
Message-ID: <4E974AC0.2070009@mozilla.com>
To: Anne van Kesteren <annevk@opera.com>
CC: WebApps WG <public-webapps@w3.org>
On 8/31/11 3:49 AM, Anne van Kesteren wrote:
> This model should be rephrased a bit to make it more clear what the 
> requirements are. E.g. I think if you use POST it should not be a MAY 
> but a MUST that 500 is returned.
> Also what are the security errors you can get a 500 for? Are they not 
> handled by 403? I think handling them with 403 is counter to how they 
> are handled elsewhere though. Usually any kind of error is handled as 
> a generic network error. I think it might be better to simply use 200 
> if the method was GET and 500 for everything else. You should probably 
> also state what needs to happen with user/password arguments and maybe 
> add a note that request headers are ignored. Furthermore, it has a 
> note of sorts that you can expect a Content-Type header in the 
> response, but it should be more detailed about what 
> getAllResponseHeaders() will return. I.e. give a more complete 
> definition of the response.

1. I've made it clearer what all the request and response headers should be.

2. I've simplified the model to only include 200 and 500 responses; in 
particular, I was swayed by the argument not to leak information, and 
felt that a minimum number of response codes would be most useful.

3. An open question is what ought to be done about user/password 
arguments.  Servers honor them, but I'm not entirely certain browsers on 
top of file systems need to do anything here.  I sense there's a use 
case here, but if there is, it hasn't been articulated.  For now, the 
protocol doesn't really allow or disallow them.  What is your opinion 
for what should be done?

-- A*
Received on Thursday, 13 October 2011 20:32:39 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:36 UTC