Re: No validator in 200 response for conditional update

On 2018-10-27 00:52, Vladimir Lashchev wrote:
> Hello,
> RFC7232 in has the following clause:
> ```
> In the latter case, the origin server MUST NOT send a validator header field in the response unless it can verify that the request is a duplicate of an immediately prior change made by the same user agent
> ```
> It doesn't really explain what security or performance considerations are leading to such a requirement and seems to favor idempotent updates coming from the same user agent.
> Sending validator (ETag) to all requestors seems to be a simpler and better choice.
> Could somebody please clarify why we need to this as suggested in RFC?
> Thanks,
> Vladimir Lashchev

FWIW, "in the latter case" is about..:

>  b) one of the 2xx (Successful) status codes if the origin server
>    has verified that a state change is being requested and the final
>    state is already reflected in the current state of the target
>    resource (i.e., the change requested by the user agent has already
>    succeeded, but the user agent might not be aware of it, perhaps
>    because the prior response was lost or a compatible change was made
>    by some other user agent) that's an edge case already.

Best regards, Julian

Received on Saturday, 27 October 2018 09:39:09 UTC