Re: WGLC Issue for p4: Optionality of Conditional Request Support from Ray Polk on 2012-04-06 (ietf-http-wg@w3.org from April to June 2012)

From: Ray Polk <ray.polk@oracle.com>
Date: Fri, 06 Apr 2012 13:47:43 -0600
To: mnot@mnot.net
CC: zhong.j.yu@gmail.com, fielding@gbiv.com, ietf-http-wg@w3.org
Message-ID: <4F7F485F.4020106@oracle.com>
Have you had the chance to propose some prose for this ticket?  If not, 
was this approximately what you were thinking?

3.  Precondition Header Fields

This section defines the syntax and semantics of HTTP/1.1 header
fields for applying preconditions on requests.<new>If an origin server
supplies a Validator for a resources, the origin server MUST support the
corresponding conditionals.</new>

-----------------

I also had further concerns in this area.  I think the Conditional 
decision tree looks sort of like this:

Origin Server SHOULD generate Validators
--> UA MAY use Conditionals corresponding to the Validators
--> Origin Server MUST respect Conditionals

Since the UA only MAY use the conditionals, what should the Origin 
Server do if the UA doesn't supply a conditional?  For safe methods, 
it's no big deal.  However, for PUT & DELETE, I can see a case for UA 
MUST use the conditional.  So does this make sense?

3.1.  If-Match

The "If-Match" header field MAY be used to make a<new>safe</new>
request method conditional<new>and MUST be used to make an unsafe
request method conditional</new>  on the current existence or value
of an entity-tag for one or more representations of the target resource.

-----------------

Continuing the theme of Conditionals and method properties -- In last 
week's F2F discussion, there was some further discussion on the topic of 
conditional requests and PATCH.  Is the following assertion true?

Some Non-idempotent methods (e.g. PATCH) may be considered idempotent when the appropriate Conditional is applied (e.g. If-Match).

-----------------

Finally, how do Validators & Conditionals interact with POST?


Actually trying to contribute in a productive way ;-)
Ray

On 22/03/2012, at 3:38 AM, Zhong Yu wrote:

 > Mark,
 >
 > If preconditions on conditional unsafe requests can be *officially*
 > ignored, a client MUST not send such requests to a server, because the
 > semantics are fatally ambiguous, unless the client knows out-of-band
 > that the server does support such requests properly.
 >
 > You are arguing that this is not much different from today's situation
 > where most servers don't support such requests properly anyway
 > therefore clients cannot reliably issue these requests; that being the
 > reality, why not spare the servers the guilt?
 >
 > But why so nice to servers? What's the harm if we continue labeling
 > these servers as non compliant?

Thinking about this more, I'm inclined to agree.

The case that I'm concerned about is where a resource that's handled by 
something like CGI, PHP, etc. doesn't support If-Match. However, if 
they're bothering to generate ETags, they really should handle this 
correctly.

Discussing this with Roy here, the underlying requirements are not for 
interoperability, they're social requirements -- i.e., if servers don't 
support caching, it places a greater burden on the network. As such, I 
think they're appropriate, they just need to be explained. I'll propose 
a *small* amount of prose to close this ticket.

Cheers,



 > And this discussion is only relevant if a server is committed to
 > receive requests from the open wild; in that case the server is
 > expected to be very well built; if it doesn't properly handle "PUT +
 > If-Match", it should be considered a bug.
 >
 > However in most of today's applications, servers and clients are in
 > cahoots. A server can legitimately expect the forms of requests it'll
 > receive from clients.
 >
 > For example, a server returns to clients HTML pages with javascripts
 > sending certain PUT requests back to the server. The server will only
 > honor these PUT requests generated by these scripts; it's not
 > advertise as an open API. If a "strange" client adds an unexpected
 > header, say If-Match, the server is under no obligation whatsoever to
 > honor it; it can legitimately ignore the header.
 >
 > The question is, can we label this server as "non compliant"? That
 > seems too harsh. We shouldn't force a server to waste resources to
 > meticulously process requests it shouldn't receive in the first place.
 >
 > This is not limited to conditional requests, it applies to all kinds
 > of requests. Essentially, a server can "filter" incoming requests into
 > expected requests(within reason). It think we should have the
 > understanding that a server is allowed to do that, even though it is
 > technically non compliant.
 >
 > Zhong Yu
 >
 > On Sun, Mar 18, 2012 at 6:24 PM, Mark Nottingham <mnot@mnot.net> wrote:
 >>
 >> On 17/03/2012, at 9:16 AM, Roy T. Fielding wrote:
 >>
 >>> On Mar 16, 2012, at 1:53 AM, Mark Nottingham wrote:
 >>>
 >>>> Is p4 optional or not (for servers, clients, etc.)? I think it is, 
and so it should be explicitly marked as such.
 >>>
 >>> Nope, conditional requests have always been a SHOULD implement
 >>> because of the benefits to the rest of Internet.
 >>
 >>
 >> My .02 - The caching benefits are nice, but whether or not it's 
supported doesn't affect interop; it's a "moral" SHOULD.
 >>
 >> WRT pre-conditions on unsafe requests, most servers IME don't 
consistently honour If-Match or If-Unmodified-Since on POST, PUT, etc. 
requests (especially since POST is often handled by CGI). While we might 
say that it's REQUIRED or SHOULD or whatever, in real life it's treated 
as an optional add-on feature.
 >>
 >> I think we should call it such; implying that it's required to be 
supported by servers leads clients to believe that they can count on it. 
We can encourage its implementation, highlight the dangers of not 
supporting it, etc., of course.
 >>
 >>
 >> --
 >> Mark Nottingham
 >> http://www.mnot.net/
 >>

--
Mark Nottingham
http://www.mnot.net/
Received on Friday, 6 April 2012 19:49:49 UTC