W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2005

Re: [Bug 12] Destination header "consistent"

From: Julian Reschke <julian.reschke@gmx.de>
Date: Mon, 31 Oct 2005 23:05:23 +0100
Message-ID: <43669523.2010708@gmx.de>
To: Lisa Dusseault <lisa@osafoundation.org>
CC: Geoffrey M Clemm <geoffrey.clemm@us.ibm.com>, WebDav <w3c-dist-auth@w3.org>, Cullen Jennings <fluffy@cisco.com>

Lisa Dusseault wrote:
> On Oct 31, 2005, at 1:16 PM, Julian Reschke wrote:
>> Lisa Dusseault wrote:
>>> The original question that brought up this issue was how to interpret 
>>> the URLs inside the body of the Multi-Status if there was a Location
>> Is there any record on the mailing list of this issue? Has anybody 
>> ever *seen* a 207 with a Location header? That is, why was this 
>> question asked in the first place?
> Yes.  At an Interop event.

Is there any record on the mailing list of this issue?

>>> consistent with the Location header or the Request-URI
>> What does "consistent" mean here? Note that this is the original 
>> reason why I raised this issue.
> What I meant by "consistent" (and maybe somebody can find a better way 
> to word this or we can just define it) was:  In a PROPFIND or PROPPATCH 
> response, for the URLs in the body to be consistent with the 
> Request-URI, all URLs would all begin with the exact URL used in the 
> Request-URI.   I believe the same would be true for MOVE and COPY 
> responses -- the URLs would be consistent with the Request URI, not with 
> the Destination request header or the Location reply header.

I still don't see what problem this solves. The URIs appearing in 
multistatus responses should be either absolute, or relative to the 
Request-URI. If, for instance, in a PROPFIND response, a response 
element comes with a URI that after resolving is not descendant of the 
Request-URI, then the server made a mistake. We can of course discuss 
how a client should handle this. Skipping it is one answer, failing the 
whole request is another. In practice it's unlikely to make a difference 
because if a server get's one response element wrong, it's likely to get 
*all of them* wrong.

>>> There was an actual interoperability problem that uncovered this. 
>>> Some server returned a Location header and a bunch of URLs in the 
>>> body, that used the new location. The client errored because the 
>>> client never expected to query a Collection for its children and find 
>>> a bunch of URLs that didn't begin with the URL used in the request URI.
>> As far as I can tell, that's a server bug. Clients aren't expected to 
>> handle PROPFIND responses with URLs that identify resources are then 
>> the one identified by the Request-URI (and its descendants). If a 
>> server wants to redirect clients, it will have to use a 3xx status 
>> code (as defined in RFC2616).
> It may be a server bug under some models or readings of RFC2518.  The 
> server implementor certainly would have a case for interpreting RFC2518 
> as allowing their "solution".  This past week, Geoff seemed to be 
> arguing for allowing Location with 207 and not only with 3xx.

HTTP defines a range of response codes (3xx) for redirects, and defines 
how the Location header can be used to specify new URIs for subsequent 
requests. I think this feature is completely well-defined, and I'm not 
aware of any problems with that.

If a server implementor chooses to use non-3xx response code for a 
redirect, than that's simply outside what HTTP currently defines; and it 
escapes me why somebody would want to invent something new for a feature 
that already exists.

And finally, Geoff wasn't recommending to use 207 with Location, he just 
made a guess about what a client could conceivably do once it get's a 
response like that.

If this was an interop problem at one point of time, I'd like to see the 
details published, or -- if this isn't possible -- hear from client 
implementors who suffered from that problem. Maybe the servers have been 
fixed since then, and the whole issue has gone away.

Best regards, Julian
Received on Monday, 31 October 2005 22:06:14 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:33 UTC