- From: Brian Smith <brian@briansmith.org>
- Date: Tue, 29 Apr 2008 18:40:18 -0700
- To: "'Henrik Nordstrom'" <henrik@henriknordstrom.net>
- Cc: "'HTTP Working Group'" <ietf-http-wg@w3.org>
Henrik Nordstrom wrote: > > I would like to see an "Edit" header that allows the server > > to say that PUT/DELETE requests should be sent to a different > > request URI. For example, I want the server to suggest that > > edit requests for the resource at http://example.org/foo > > should be sent to the authenticated URI > > https://example.org/foo). > > This is one of the purposes of Content-Location, tells user agents the > "original/primary" location of this object if it's accessed from a > secondary location. Here are the problems I found with using Content-Location for this: * Content-Location changes the base URI used to resolve relative URIs. I don't want to change the base URI for relative URIs because the https:// server has different authentication and caching policies from the http:// server. Plus, many clients get the base URI handling of Content-Location wrong. * Section 14.14 of RFC 2616 says "The Content-Location value is not a replacement for the original requested URI; it is only a statement of the location of the resource corresponding to this particular entity at the time of the request. Future requests MAY specify the Content-Location URI as the request-URI if the desire is to identify the source of that particular entity." I want a header that says "Future requests, except for GET/HEAD requests, SHOULD/MUST specify the <header-name> URI as the request-URI." That is a small but very important difference. * I want to provide an ETag for resource HTTPS://example.org/foo in the response to a request at HTTP://example.org/foo, so that I can immediately issue meaningful conditional requests at the HTTPS:// URI. I think it would make sense for the specification to say that, when a response has an ETag field and a Content-Location field, the ETag MAY be used for meaningful conditional requests at the Content-Location URI. But, RFC 2616 doesn't say that. Recently I've seen a few discussions regarding Content-Location, where the definition of Content-Location *almost* seems to do what people want. For example: * Julian Reschke's GET-Location header [1]. Roy Fielding and others have said that Content-Location does the same thing as the proposed Content-Location header, but after reading RFC 2616 very carefully, I don't think the current definition of Content-Location is clear enough to draw that conclusion. * If a response to a PUT contains a Content-Location header and/or Expires/Cache-Control headers and/or an ETag, can we cache that response (to the PUT) for subsequent GET requests to the Content-Location URI. In particular, can we do so when the Request-URI is the same as the Content-Location URI? See [2]. My reading of RFC 2616 is that it explicitly says we can't do that. However, I'm not sure why not; it seems perfectly sensible do so, as long as the security considerations are kept in mind. It would be nice if the specification clearly explained the relationship between a response with a Content-Location of "X" and requests with a Request-URI of "X". [1] http://greenbytes.de/tech/webdav/draft-reschke-http-get-location-latest.html [2] http://www.imc.org/atom-protocol/mail-archive/msg10845.html (Be sure to read the whole thread) Regards, Brian > It's not pushed very hard in the specs as there is nothing > that says the > two really has any strict relation to each other. The one giving you > Content-Location may well be lying about it and providing you an > entirely different object than what is available at the > Content-Location > specified URI, just as they may make up any other headers > such as Link.. > > Regards > Henrik > >
Received on Wednesday, 30 April 2008 01:40:57 UTC