On Fri, 04 Jan 2008 23:08:32 +0100, Bertrand Le Roy  
<> wrote:
> I understand that but it brings the question of how you distinguish a  
> plain GET request to the resource and one that's being made just for  
> authorization purposes? Is it using "method-check" and is that header  
> only present in that case?

Yes, that is correct.

> Is there a precedent of not sending the actual contents of a resource  
> (but rather meta-data about it) based on the presence of a header?

I don't know.

> One other design that has been suggested in the OpenAjax discussion by  
> Manos Batsis from Abiss was to send the request using HEAD and revert to  
> GET only if the HEAD failed.

I already explained why I thought this would be a bad idea in this e-mail:

Anne van Kesteren

Received on Friday, 4 January 2008 22:56:32 UTC