- From: Yishuai Li <yishuai@cis.upenn.edu>
- Date: Sat, 27 Oct 2018 02:04:34 -0400
- To: vladimir.lashchev@oracle.com
- Cc: ietf-http-wg@w3.org
- Message-ID: <CABCqrh+mRAQiwN9vdWDN+SQNvFXP3FQA=_b_ZrL47crVqO7Kew@mail.gmail.com>
I am also confused by this clause. Consider the following scenario (for simplicity, the entity-tag is identical to entity, and the all requests have the same target): (1) A --> S : PUT "a" (unconditional) (2) S --> A : 204 No Content, ETag: "a" (3) A --> S : PUT "a", If-Match: "b" (not satisfied) (4) S --> A : 204 No Content (5) A --> S : PUT "a", If-Match: "b" (not satisfied) (6) S --> A : 204 No Content, ETag "a" Did I understand the specification correctly that: S MUST NOT send a validator in (4), but MAY do so in (6), because (5) is a duplicate of (3), but (3) is not a duplicate of (1)? Thanks, Yishuai Li Vladimir Lashchev <vladimir.lashchev@oracle.com> 于2018年10月27日周六 上午1:07写道: > Hello, > > RFC7232 in https://tools.ietf.org/html/rfc7232#section-3.1 has the > following clause: > ``` > In the latter case, the origin server MUST NOT send a validator header > field in the response unless it can verify that the request is a duplicate > of an immediately prior change made by the same user agent > ``` > It doesn't really explain what security or performance considerations are > leading to such a requirement and seems to favor idempotent updates coming > from the same user agent. > Sending validator (ETag) to all requestors seems to be a simpler and > better choice. > Could somebody please clarify why we need to this as suggested in RFC? > > Thanks, > Vladimir Lashchev > > > >
Received on Monday, 29 October 2018 11:48:55 UTC