W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 2003

RE: RFC2518bis issue: content type for locked empty resource

From: Geoffrey M Clemm <geoffrey.clemm@us.ibm.com>
Date: Mon, 23 Jun 2003 09:03:53 -0400
To: "Julian Reschke" <julian.reschke@gmx.de>
Cc: "Lisa Dusseault" <lisa@xythos.com>, "Webdav WG" <w3c-dist-auth@w3c.org>, w3c-dist-auth-request@w3.org
Message-ID: <OF93D5F205.716A085A-ON85256D4E.0046FF81-85256D4E.0047C51D@us.ibm.com>
I agree that server should return null content-type,
until the client has explicitly specified what it should be
(i.e. it should not default to some spec-specified or
server-specified type).

Cheers,
Geoff

Julian wrote on 06/22/2003 09:47:06 AM:

> 
> Lisa,
> 
> > ...
> > I hadn't thought that a client ought to know when it may guess 
> > the content-type. OTOH, there is no content-type to guess, so I'm 
> > not sure it helps to leave it null.  So here's some possible new 
language:
> > 
> > A locked empty resource:
> > "SHOULD default to a null content-type.  When the client sends a 
> > PUT request to overwrite the empty resource with a body the 
> > client SHOULD provide the correct content-type, and the server 
> > MUST then set the content-type."
> 
> I think the new wording would be much better.
> 
> > Does this violate HTTP -- IOW, does HTTP require a content-type 
> > for all resources? Is that requirement a theoretical, or 
> > practical requirement, or neither? 
> 
> From [1]:
> 
> "Any HTTP/1.1 message containing an entity-body SHOULD include a 
> Content-Type header field defining the media type of that body. If 
> and only if the media type is not given by a Content-Type field, the
> recipient MAY attempt to guess the media type via inspection of its 
> content and/or the name extension(s) of the URI used to identify the
> resource. If the media type remains unknown, the recipient SHOULD 
> treat it as type "application/octet-stream". "
> 
> This sounds to me like a client MUST NOT ever guess the content type
> when it's supplied by the server. Thus the server should not try to 
> guess the type itself, unless it happen to know it.
> 
> > Should we discuss elsewhere whether a resource may exist with a 
> > null content-type and a non-zero length body?  Should we discuss 
> > what the client or server do in that case?
> 
> I think that is the same discussion. If we can agree on the fact 
> that an absent content type is better than a "guessed" content type,
> this will automatically apply to those empty resources created by 
> LOCK as well.
> 
> > Another idea occurred to me that we could define a content-type 
> > specifically for "unknown" or "empty" body though that would have 
> > more ramifications.
> 
> No no no. If the server doesn't know the content type, don't guess. 
> The client may know more than the server. However, if the server 
> starts guessing, a client MUST NOT try to guess on it's own. See [2]:
> 
> "The following are the key architectural points of this finding:
> 
> 1. MIME headers sent by a server are authoritative. [Design choice]
> 2. User agent behavior that misrepresents the user or the server is 
> harmful. [Principle]"
> 
> > What else needs to be said?
> 
> I'm not sure how interoperability is improved by mandating a 
> specific content type. An empty resource created by LOCK doesn't 
> have entity body yet, so the question about the content type is 
> really moot. Nobody knows until such time that the client actually 
> PUTs something. 
> 
> Julian
> 
> [1] <http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.7.2.1>
> [2] <http://www.w3.org/2001/tag/doc/mime-respect.html>
> 
> --
> <green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760 
> 
> 
> 
Received on Monday, 23 June 2003 09:04:17 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:04 GMT