- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 11 Mar 2008 21:33:26 +1100
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
I don't think a SHOULD NOT is necessary; it should probably look something like 402 Payment Required IMO. On 11/03/2008, at 8:52 PM, Julian Reschke wrote: > Mark Nottingham wrote: >> No further discussion, so calling this closed. > > So what exactly do we do here? > > Currently we have: > > "9.3.6 305 Use Proxy > > The requested resource MUST be accessed through the proxy given by > the Location field. The Location field gives the URI of the proxy. > The recipient is expected to repeat this single request via the > proxy. 305 responses MUST only be generated by origin servers. > > Note: [RFC2068] was not clear that 305 was intended to redirect a > single request, and to be generated by origin servers only. Not > observing these limitations has significant security consequences." > > Make it...: > > "9.3.6 305 Use Proxy > > This status code is deprecated (see Section xyz) and SHOULD NOT be > generated." > > And then in the Changes section note what it used to be...: > > "Deprecate 305 Use Proxy status code, because user agents did not > implement it. It used to indicate that the requested resource must > be accessed through the proxy given by the Location field. The > Location field gave the URI of the proxy. The recipient was expected > to repeat this single request via the proxy. (Section 9.3.6)" > > BR, Julian -- Mark Nottingham http://www.mnot.net/
Received on Tuesday, 11 March 2008 10:33:41 UTC