W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 2000

Re: Multistatus required in responses?

From: <ccjason@us.ibm.com>
Date: Sun, 7 May 2000 21:34:52 -0400
To: Greg Stein <gstein@lyra.org>
cc: Kaushik Sridharan <kaushik@ruksun.com>, w3c-dist-auth@w3.org
Message-ID: <852568D9.0008CCF6.00@D51MTA03.pok.ibm.com>

<gs>
I would disagree. I think that it is quite valid to return something like
403 (Forbidden) or 401 (Authorization required) as a response. Heck, you
could also return something like 412 or 301, too.

In each of these cases, the 3xx or 4xx applies to the Request-URI. If a
status code ever applies to a URI *other* than the Request-URI (say,
caused by a Depth: header), then a 207 (Multistatus) MUST be returned.
</gs>


<Caveats jlc>
I've jogged my memory a abit.  The discussion I mentioned
only discussed PROPSTAT responses.  As I said, the conclusion was that
shortcuts would not be taken.  The multistatus had to be fully populated
and follow a standard formula.  There was a bit of discussion of
if a fully populated MULTISTATUS response was really merited for a pure
200 response.  (Although consistant, it seemed like a bit of a pain to
parse through all the XML just to find out everything was okay.)  The
thread seemed to conclude mildly in favor of not making an exception for
200.

As I said, this was just PROPPATCH.  PROPFIND was not discussed in that
thread.

And it doesn't discredit what Greg says.  (It *is* reasonable to just
return
a single status for some situations.)  That thread just valued a
predictable
response more highly.

The conclusion didn't seem to be strongly held.
</caveats>

If you're writing a client, you'd better handle it both ways.

And we should make sure this hits the issues list and that the issues list
gets processed.

J.
Received on Sunday, 7 May 2000 21:37:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:54 GMT