- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Sat, 27 Oct 2018 11:38:38 +0200
- To: Vladimir Lashchev <vladimir.lashchev@oracle.com>, ietf-http-wg@w3.org
On 2018-10-27 00:52, Vladimir Lashchev wrote: > Hello, > > RFC7232 in https://tools.ietf.org/html/rfc7232#section-3.1 has the following clause: > ``` > In the latter case, the origin server MUST NOT send a validator header field in the response unless it can verify that the request is a duplicate of an immediately prior change made by the same user agent > ``` > It doesn't really explain what security or performance considerations are leading to such a requirement and seems to favor idempotent updates coming from the same user agent. > Sending validator (ETag) to all requestors seems to be a simpler and better choice. > Could somebody please clarify why we need to this as suggested in RFC? > > Thanks, > Vladimir Lashchev FWIW, "in the latter case" is about..: > b) one of the 2xx (Successful) status codes if the origin server > has verified that a state change is being requested and the final > state is already reflected in the current state of the target > resource (i.e., the change requested by the user agent has already > succeeded, but the user agent might not be aware of it, perhaps > because the prior response was lost or a compatible change was made > by some other user agent) ...so that's an edge case already. Best regards, Julian
Received on Saturday, 27 October 2018 09:39:09 UTC