W3C home > Mailing lists > Public > public-xg-webid@w3.org > January 2012

Re: Reminder: Never send fragid with HTTP GET (Was: fixed https://foafssl.org/test/WebId_

From: Michael Hausenblas <michael.hausenblas@deri.org>
Date: Fri, 6 Jan 2012 16:12:19 +0000
Cc: public-xg-webid@w3.org
Message-Id: <C7BAE7E6-6871-4FC9-BD0C-7E9B2B8B9166@deri.org>
To: Kingsley Idehen <kidehen@openlinksw.com>
> My fundamental approach is to understand the rules, but also be  
> cognizant of rules violation and the context in which they occur.  
> Simply telling folks they broken rules they don't understand or have  
> no control over doesn't help end-users, developers, or plumbers  
> seeking to exploit the WWW.


Agreed. Broken tools should be fixed. Users and developers should be  
educated. This is our mission :)

Cheers,
	Michael
--
Dr. Michael Hausenblas, Research Fellow
LiDRC - Linked Data Research Centre
DERI - Digital Enterprise Research Institute
NUIG - National University of Ireland, Galway
Ireland, Europe
Tel. +353 91 495730
http://linkeddata.deri.ie/
http://sw-app.org/about.html

On 6 Jan 2012, at 15:45, Kingsley Idehen wrote:

> On 1/6/12 8:48 AM, Michael Hausenblas wrote:
>>
>>> That is a violation of the URI and HTTP specs.
>>
>>
>> And just for the record: this has not/will not change(d) with  
>> HTTPbis, see the 'Note' in section. '3.1.1.2. request-target' [1].
>
> Michael,
>
> Yes, but in the real world wide web, you have parser libraries,  
> frameworks etc..., as shown by this simple case that violate this  
> rule. The don't process the fragment identifier and you end up with  
> a server having to process a URL with a fragment identifier.
>
> A server can 404, 401, 406 etc... and the negotiation conversation  
> goes on between user agent and server.
>
> My fundamental approach is to understand the rules, but also be  
> cognizant of rules violation and the context in which they occur.  
> Simply telling folks they broken rules they don't understand or have  
> no control over doesn't help end-users, developers, or plumbers  
> seeking to exploit the WWW.
>
> As you know, these kinds of problems dog all standards, so  
> implementors do have the option to be more defensive and flexible  
> bearing in mind the fundamental goal of reducing hard /  
> irrecocoverable faults in the system. Unlike hardcore OS pointers,  
> the WWW deftly uses 404 to keep the system rolling :-)
>
>
> Kingsley
>
>
>>
>> Cheers,
>>    Michael
>>
>> [1] http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-18#section-3.1.1
>>
>> -- 
>> Dr. Michael Hausenblas, Research Fellow
>> LiDRC - Linked Data Research Centre
>> DERI - Digital Enterprise Research Institute
>> NUIG - National University of Ireland, Galway
>> Ireland, Europe
>> Tel. +353 91 495730
>> http://linkeddata.deri.ie/
>> http://sw-app.org/about.html
>>
>> On 6 Jan 2012, at 13:31, Tim Berners-Lee wrote:
>>
>>>
>>> (On 2012-01 -05, at 19:04, Henry Story wrote:
>>>
>>>> 1. do a GET on the URL with #i
>>>>
>>>> --------------------------8 
>>>> <----------------------------8<----------------------------
>>>> hjs@bblfish[0]$ telnet 2sea.org 80
>>>> Trying 46.228.199.61...
>>>> Connected to 2sea.org.
>>>> Escape character is '^]'.
>>>> GET http://2sea.org/sea.jsp#i HTTP/1.1
>>>
>>>
>>> That is a violation of the URI and HTTP specs.
>>> Never send the hash over HTTP.
>>> <foo#bar> means "Whatever is referred to a as <#bar> in <foo>".
>>> You must strip off the # and everything after it to retrieve <foo>.
>>> Just don't do it.
>>>
>>> Tim)
>>
>>
>>
>
>
> -- 
>
> Regards,
>
> Kingsley Idehen	
> Founder&  CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca handle: @kidehen
> Google+ Profile: https://plus.google.com/112399767740508618350/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>
>
>
>
>
>
Received on Friday, 6 January 2012 16:14:49 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 6 January 2012 16:14:50 GMT