Thanks for the explanations.
I still think it would be interesting to investigate precedents as this seems at first to deviate from usual HTTP GET usage.


-----Original Message-----
From: Anne van Kesteren []
Sent: Friday, January 04, 2008 2:59 PM
To: Bertrand Le Roy
Cc: WAF WG (public)
Subject: Re: GET / HEAD / OPTIONS

On Fri, 04 Jan 2008 23:08:32 +0100, Bertrand Le Roy
<> wrote:
> I understand that but it brings the question of how you distinguish a
> plain GET request to the resource and one that's being made just for
> authorization purposes? Is it using "method-check" and is that header
> only present in that case?

Yes, that is correct.

> Is there a precedent of not sending the actual contents of a resource
> (but rather meta-data about it) based on the presence of a header?

I don't know.

> One other design that has been suggested in the OpenAjax discussion by
> Manos Batsis from Abiss was to send the request using HEAD and revert to
> GET only if the HEAD failed.

I already explained why I thought this would be a bad idea in this e-mail:

Anne van Kesteren

Received on Friday, 4 January 2008 23:10:30 UTC