Re: EDITS for Section 5 (Request) (Was: Re: 5.1.2 Request-URI) from Dave Kristol on 1996-05-02 (ietf-http-wg@w3.org from April to June 1996)

From: Dave Kristol <dmk@allegra.att.com>
Date: Thu, 2 May 96 11:33:05 EDT
To: fielding@avron.ICS.UCI.EDU
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <9605021533.AA04909@aleatory.tempo.att.com>

Sigh.  The responses I made yesterday to this message disappeared in
the great bit-bucket in the sky.  I'll try to reconstruct....

Roy's new remarks went a long way toward satisfying most of my quibbles.
But....

"Roy T. Fielding" <fielding@avron.ICS.UCI.EDU> wrote on Tue, 30 Apr 1996 19:21:45 -0700:
  > [...]
  >     The most common form of Request-URI is that used to identify a
  > |   resource on an origin server or gateway. In this case, the absolute
  > |   path of the URI (see Section 3.2.1, abs_path) MUST be transmitted 
  > |   as the Request-URI, and the network location of the URI (net_loc)
  > |   MUST be transmitted in a Host header field. For example, a client

I believe this is too restrictive.  An HTTP/1.1 client may send an
absoluteURI to what it knows to be an HTTP/1.1 origin server.

  >     wishing to retrieve the resource above directly from the origin
  >     server would create a TCP connection to port 80 of the host
  > |   "www.w3.org" and send the lines:
  > [...]
  > 
  > ================
  > 5.3  The resource identified by a request
[This is 9.2 in Jim's rev57 draft.]
  > 
  >    HTTP/1.1 origin servers SHOULD be aware that the exact resource
  >    identified by an Internet request is determined by examining both
  >    the Request-URI and the Host header field.  An origin server that
  >    does not allow resources to differ by the requested host MAY ignore
  >    the Host header field.  An origin server that does differentiate
  >    resources based on the host requested (sometimes referred to as
  >    virtual hosts or vanity hostnames) MUST use the following rules
  >    for determining the requested resource on an HTTP/1.1 request:
  > 
  >    1. If Request-URI is an absoluteURI, the host is included in the
  >       Request-URI.  Any Host header field in the request is ignored.
  > 
  >    2. If the Request-URI is not an absoluteURI, and the request includes
  >       a Host header field, the host is determined by the Host header
  >       field.
  > 
  >    3. If the request-URI is not an absoluteURI and no Host header field
  >       is present (or does not represent a valid host on that server),
  >       the response SHOULD be a 400 (Bad Request) error message.
  > 
  >    Recipients of an HTTP/1.0 request lacking a Host header field MAY
  >    attempt to use heuristics (e.g., examination of the URI path for
  >    something unique to a particular host) in order to determine what
  >    exact resource is being requested.

Because Host is unconditionally required, I believe the rules should
read this way:

1) If there is no Host header field present in the request, the server
MUST respond with a 400 (Bad Request) error message.

2) If Request-URI is an absoluteURI, the host is included in the
Request-URI.  The Host header field in the request is ignored.

3) If the Request-URI is not an absoluteURI, the host is determined by
the Host header field.

Dave Kristol

Received on Thursday, 2 May 1996 08:46:54 UTC