- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 17 Jul 2012 19:17:57 +0200
- To: Gabriel Montenegro <Gabriel.Montenegro@microsoft.com>
- CC: Adrien de Croy <adrien@qbik.com>, Poul-Henning Kamp <phk@phk.freebsd.dk>, Amos Jeffries <squid3@treenet.co.nz>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On 2012-07-17 19:02, Gabriel Montenegro wrote: >> From: Adrien de Croy [mailto:adrien@qbik.com] > ... >> I agree, and actually I'd be keen to apply this philosphy in both directions, >> where no significant resource is transmitted in either direction without the >> recipient indicating prior willingness (either by requesting it, or indicating >> willingness). What I'm getting at here is large POST / PUT requests. Currently >> it's a mess esp with auth in the mix. > > Along these lines, to help with a POST/PUT with auth in the mix we mentioned an idea in our authentication EoI of a lightweight probe: > > http://lists.w3.org/Archives/Public/ietf-http-wg/2012JulSep/0239.html: > > 1. Lightweight "probe" for POSTs and PUTs. Initial PUTs and POSTs with long entity bodies will cause problems because of the extra round trip required by authentication. ("Initial" means when first request on a connection is PUT or POST). If the body is indefinite length, it may not be able to be recreated. This is a problem with any multi-legged authentication scheme in HTTP. It could be avoided if there were a guaranteed benign request type that could be used to force authentication if needed before doing the PUT or POST. We have Expect: 100-continue for that, no? Best regards, Julian
Received on Tuesday, 17 July 2012 17:18:45 UTC