W3C home > Mailing lists > Public > xml-dist-app@w3.org > October 2005

Re: rec33 proposal

From: Mark Baker <distobj@acm.org>
Date: Tue, 11 Oct 2005 14:17:35 -0400
To: Yves Lafon <ylafon@w3.org>
Cc: xml-dist-app@w3.org
Message-ID: <20051011181734.GR3412@markbaker.ca>

Yves,

On Tue, Oct 11, 2005 at 06:31:23PM +0200, Yves Lafon wrote:
> Here is a quote from rfc2616 regarding 301 (it applies also to 302 and 
> 307):
> <<<
>    If the 301 status code is received in response to a request other
>    than GET or HEAD, the user agent MUST NOT automatically redirect the
>    request unless it can be confirmed by the user, since this might
>    change the conditions under which the request was issued.
> >>>
> 
> As the redirect handling is done at the SOAP level, everything is OK.

I don't think so.

The reason given, "since this might change the conditions under which
the request was issued" still holds, whether SOAP's being used or not.

And don't get me started on the notion of a "SOAP level/layer"! 8-O

Keep in mind that all agents are "user agents", in that they act on
behalf of some human, somewhere.  Whether that relationship is up-close
and synchronous (e.g. browser & operator), or distant and asynchronous
(e.g. Web services client and a remote administrator), the issue is the
same in the case of a 30[127] response; an exceptional condition has
occurred which requires human intervention.

P.S., there's an errata for this chunk of text, though I don't think
it's relevant to this issue since POST is not safe;

http://skrb.org/ietf/http_errata.html#saferedirect

Mark.
-- 
Mark Baker.  Ottawa, Ontario, CANADA.          http://www.markbaker.ca
Coactus; Web-inspired integration strategies   http://www.coactus.com
Received on Tuesday, 11 October 2005 18:15:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:59:20 GMT