- From: Mark Nottingham <mnot@mnot.net>
- Date: Wed, 8 Apr 2009 17:06:41 +1000
- To: Adam Barth <w3c@adambarth.com>
- Cc: Mark Baker <mark@coactus.com>, "=JeffH" <Jeff.Hodges@kingsmountain.com>, HTTP Working Group <ietf-http-wg@w3.org>
Yep. The point I'm making is that because there isn't a RFC2119 requirement there currently, conforming implementations are fine; adding a new one just adds complexity... On 08/04/2009, at 4:55 PM, Adam Barth wrote: > Now we're beyond my expertise. :) > > I think the point is to recommend using these headers but let > conforming implementations use additional information if they need to. > Maybe something like: > > "Implementations MAY use additional information (such as request > context, response headers, or the entity body itself) in determining > the data type, but [doing so can have security consequences; see > Section X.Y.Z]." > > Adam > > > On Tue, Apr 7, 2009 at 11:49 PM, Mark Nottingham <mnot@mnot.net> > wrote: >> I don't think a SHOULD is necessary here; 'via' says that they are >> part of >> the process, not necessarily the whole process. SHOULD is a pretty >> poor way >> of clarifying conformance, after all :) >> >> I could see s/via/using/ if you think it would help... >> >> >> On 08/04/2009, at 4:31 PM, Adam Barth wrote: >> >>> Maybe we should say something like: >>> >>> "When an entity-body is included with a message, the data type of >>> that >>> body SHOULD be determined via the header fields Content-Type and >>> Content-Encoding." >>> >>> That seems to clarify the level of conformance required. >>> >>> Adam >>> >>> >>> On Tue, Apr 7, 2009 at 11:26 PM, Mark Nottingham <mnot@mnot.net> >>> wrote: >>>> >>>> I think the disconnect here is that HTTP folks are assuming that >>>> this >>>> statement is made within the scope of HTTP; i.e., someone using >>>> HTTP will >>>> take that value and figure out what to do with it. >>>> >>>> >>>> On 08/04/2009, at 4:21 PM, Adam Barth wrote: >>>> >>>>> On Tue, Apr 7, 2009 at 11:00 PM, Mark Nottingham <mnot@mnot.net> >>>>> wrote: >>>>>> >>>>>> It seems like Mark's proposal is the minimum required to declare >>>>>> victory, >>>>>> from an HTTP standpoint at least. >>>>>> >>>>>> Remove this text from p3 section 3.2.1: >>>>>>> >>>>>>> "If and only if the media type is not given by a Content-Type >>>>>>> field, >>>>>>> the >>>>>>> recipient MAY attempt to guess the media type via inspection >>>>>>> of its >>>>>>> content >>>>>>> and/or the name extension(s) of the URI used to identify the >>>>>>> resource." >>>>> >>>>> I'm not an expert at spec reading, but the spec would still say: >>>>> >>>>> "When an entity-body is included with a message, the data type >>>>> of that >>>>> body is determined via the header fields Content-Type and >>>>> Content-Encoding." >>>>> >>>>> This seems false since the data type might be determined after >>>>> taking >>>>> other information into account. >>>>> >>>>> Adam >>>> >>>> >>>> -- >>>> Mark Nottingham http://www.mnot.net/ >>>> >>>> >> >> >> -- >> Mark Nottingham http://www.mnot.net/ >> >> -- Mark Nottingham http://www.mnot.net/
Received on Wednesday, 8 April 2009 07:07:24 UTC