- From: <ccjason@us.ibm.com>
- Date: Sun, 7 May 2000 21:34:52 -0400
- To: Greg Stein <gstein@lyra.org>
- cc: Kaushik Sridharan <kaushik@ruksun.com>, w3c-dist-auth@w3.org
<gs> I would disagree. I think that it is quite valid to return something like 403 (Forbidden) or 401 (Authorization required) as a response. Heck, you could also return something like 412 or 301, too. In each of these cases, the 3xx or 4xx applies to the Request-URI. If a status code ever applies to a URI *other* than the Request-URI (say, caused by a Depth: header), then a 207 (Multistatus) MUST be returned. </gs> <Caveats jlc> I've jogged my memory a abit. The discussion I mentioned only discussed PROPSTAT responses. As I said, the conclusion was that shortcuts would not be taken. The multistatus had to be fully populated and follow a standard formula. There was a bit of discussion of if a fully populated MULTISTATUS response was really merited for a pure 200 response. (Although consistant, it seemed like a bit of a pain to parse through all the XML just to find out everything was okay.) The thread seemed to conclude mildly in favor of not making an exception for 200. As I said, this was just PROPPATCH. PROPFIND was not discussed in that thread. And it doesn't discredit what Greg says. (It *is* reasonable to just return a single status for some situations.) That thread just valued a predictable response more highly. The conclusion didn't seem to be strongly held. </caveats> If you're writing a client, you'd better handle it both ways. And we should make sure this hits the issues list and that the issues list gets processed. J.
Received on Sunday, 7 May 2000 21:37:29 UTC