W3C home > Mailing lists > Public > xml-dist-app@w3.org > October 2001

Re: Determining when an HTTP Post is a SOAP request.

From: Mark Baker <distobj@acm.org>
Date: Tue, 2 Oct 2001 16:42:01 -0400 (EDT)
Message-Id: <200110022042.QAA20544@markbaker.ca>
To: BRIAN.RICKABAUGH@APPL.GE.COM ("Rickabaugh, Brian (GEA, 094855)")
Cc: xml-dist-app@w3.org ('xml-dist-app@w3.org')
Brian,

> Hello All:
> 
> Suppose a component is going to receive an HTTP POST and needs to determine
> if the stream of data that it is receiving is an incoming SOAP message.  If
> the incoming data is not a SOAP message, it needs to parse the incoming data
> as a normal NAME/VALUE sequence.

I assume by "name/value sequence" that you mean an
application/x-www-form-urlencoded body.  POST can carry arbitrary types
of bodies, so it's probably not a good idea to assume that it's either SOAP
or that.  Check the Content-Type header.

> Does the SOAP spec. provide a mechanism for handling this determination?

SOAP 1.1 provides the SOAPAction header for this purpose.  SOAP 1.2 mucks
around with how SOAPAction is used[1], as it allows a receiver to notify the
sender that it will only accept messages that include the header.  But IMO,
this will end up meaning exactly the same thing as it does in 1.1, and
everybody will send it to avoid the additional roundtrip for negotiation.
i.e. a long winded way of maintaining the status quo (which is ok with me).

> Should it?

Absolutely.  Since SOAP can be used to create new & potentially insecure
protocols, a firewall administrator should be able to block it.

 [1] http://www.w3.org/TR/2001/WD-soap12-part2-20011002/#N400838

MB (not a member of the WG, just a contributor from the cheap seats)
Received on Tuesday, 2 October 2001 16:39:49 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:04 GMT