Re: DELETE and 410 Gone

Alexandre, Julian,

Le 25 août 2011 à 09:10, Alexandre Morgaut a écrit :
> This difference is an interesting piece of information to give to the user but for some privacy policy it might also be a lack of security.

Ah! interesting. Tell us more. 

Le 25 août 2011 à 08:48, Julian Reschke a écrit :
> Why?
> Why not 404?
> And 200 is possible once the URI gets mapped again...

Why 410 Gone? 
because I had the feeling it was a good practice aka for intermediaries and search engines to say forget about this URI. There was something here indeed it is not a mistake but it is just gone for good. 

Why not 404?
in 404 section
http://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-16#section-8.4.5

   "The 410 (Gone) status code SHOULD be used if the server
   knows, through some internally configurable mechanism, that an old
   resource is permanently unavailable and has no forwarding address."

Typically this is the case after a DELETE where the server is informed to remove access to the resource. 


Yup 200 is possible if you map it again. No issue with that. There is a question of right balance. If you know that it is a temporary condition, you might design your server with a 404 response, but if you are sure that you have remove access to this resource for a long period of time (subjective but like everything in HTTP), 410 Gone is a good fit. 

I can modify the proposed text (modulo privacy/security issues to come)

   Once the server has successfully completed
   the DELETE, and the intent of this DELETE is 
   permanent, a server response on any subsequent 
   requests on the same URI SHOULD be 410 (Gone) 
   (See section 8.4.11 of [Part2]).

privacy, security, I want to hear more about it. :)

-- 
Karl Dubost - http://dev.opera.com/
Developer Relations & Tools, Opera Software

Received on Thursday, 25 August 2011 14:36:02 UTC