W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 2004

Using error response bodies for more information

From: Lisa Dusseault <lisa@osafoundation.org>
Date: Sun, 11 Jul 2004 12:02:16 -0700
Message-Id: <D37EF54D-D36C-11D8-B746-000A95B2BB72@osafoundation.org>
To: Webdav WG <w3c-dist-auth@w3c.org>

There have been a number of discussions about using the error response 
body, as DeltaV and ACL do, in RFC2518bis. Some of the cases where this 
has been suggested:
  - If the XML sent to the server refers to external entities, the 
server would respond with 403 Forbidden with 'forbid-external-entities' 
in the body.
  - A 423 Locked response could include the lockdiscovery property value 
in the response body (including the lock token, timeout, owner, etc for 
client use)
  - A LOCK refresh or UNLOCK request was addressed to a Request-URI 
which did not fall in the scope of the lock identified by the 
Lock-Token header.
  - An UNLOCK request not containing a lock token at all
  - Clarify 409 error to PUT or MKCOL saying that the parent collection 
does not exist.
  - MOVE error response when the source and destination URLs are on 
different servers or different subnamespaces on a single server

I would like to confirm that we want to go down this path, because it 
involves new specification writing, more decisions, more changes, and 
an effort to maintain consistency with conflicting examples. For 
example, should the new requirements be consistent with DeltaV and ACL 
in using only 403 and 409 with precondition/postcondition responses, or 
should they be consistent with RFC2518 original status codes and 
include bodies with errors like 423 Locked and 400 Bad Request?   Would 
these be SHOULD requirements or MUST (in order to allow clients to rely 
on the additional information more quickly)?

Please respond with your opinion and further discussion,
Received on Sunday, 11 July 2004 15:02:31 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:30 UTC