Obscure HTTP 1.1 header of the day... from Lisa Dusseault on 2001-06-21 (w3c-dist-auth@w3.org from April to June 2001)

From: Lisa Dusseault <lisa@xythos.com>
Date: Thu, 21 Jun 2001 14:37:13 -0700
To: "Webdav WG" <w3c-dist-auth@w3c.org>
Message-ID: <HPELJFCBPHIPBEJDHKGKIEJDCHAA.lisa@xythos.com>

RFC2616 defines the Expect: header for _any_ request method that normally
takes a body.

Before today, I thought the Expect: header was just the client's way of
advertising client support for the 100-Continue response.  (I've never seen
it sent by a client, BTW.)

But RFC2616 says "The Expect request-header field is used to indicate that
particular server behaviors are required by the client."  This is ambiguous,
but clearly the intention is that the server has some responsibility here
and can't safely ignore the Expect header.

Krishnamurthy and Rexford, in "Web Protocols and Practice", give a cool
example of how they think it's used with the "100-Continue" value.  The
client sends a request that normally has a body, but sends the Expect header
instead of the body.  The server indicates with 100-Continue that the client
should proceed with the request if it's likely to succeed, and the client
sends the body in the second message.  But if the request is going to fail,
the server responds with an error instead.

E.g.
	POST /foo/bar HTTP/1.1
	Content-Length: 23248
	Expect: 100-Continue

The server would respond with an error of some kind if it doesn't have
/foo/bar location, if /foo/bar doesn't allow POST, if the Content-Length is
too long, or anything else.

If anybody's got any other expectation of how the header is supposed to
work, I'd love to hear it.

Now how it affects WebDAV... RFC2518 makes no mention of the Expect header,
but RFC2518 servers are expected to be compliant HTTP 1.1 servers. This
would presumably mean they must support the Expect header.  So if I sent a
server the following request:
	PROPPATCH /~lisa HTTP/1.1
	Content-Length: 1234
	Depth: infinity
	Content-Type: text/xml
	Expect: 100-Continue

The server should NOT wait for a body on this request, and it should respond
with 100 Continue if it's going to allow me to do the PROPPATCH based on the
information provided.  E.g. it tests to see if I have write permission on
/~lisa and all its descendants.

Unless RFC 2518 were to explicitly state that methods defined there did not
use the Expect header...  Then WebDAV implementors would only have to worry
about implementing it correctly for PUT and POST.  Hmm?

lisa

Received on Thursday, 21 June 2001 17:39:19 UTC