From: Ilya Kirnos [mailto:ilya.kirnos@oracle.com] Julian Reschke wrote: > Try a PUT with known-to-fail If header first (-> Stefan's > proposal). I agree that Stefan's proposal is the most appealing. maybe. what's known to fail? > An invalid lock token, an invalid ETag, ... Actually, I'd suggest a simple logical contradition, i.e.: If: ("A" Not "A") again, i'd like to stay away from a dependency on locking if possible, and etags support isn't required if i recall correctly. etag support isn't required, and locking support isn't required, but support for the If header is required. So I suggest we check whether any server which does the If check before it does an authentication check. It certainly shouldn't, since the success or failure of the If check tells you something about the resource which you probably shouldn't know if you are not authenticated. I would have no objection to adding a statement to 2518bis that states that a server SHOULD do authentication checks before any If checks. Cheers, GeoffReceived on Tuesday, 17 September 2002 22:57:47 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:01 GMT