W3C home > Mailing lists > Public > public-dxwg-wg@w3.org > September 2019

Re: [dxwg] Specify the realisation order of precedence for conflicting profile negotiation situations (#505)

From: Annette Greiner via GitHub <sysbot+gh@w3.org>
Date: Thu, 19 Sep 2019 02:16:01 +0000
To: public-dxwg-wg@w3.org
Message-ID: <issue_comment.created-532935995-1568859360-sysbot+gh@w3.org>
Yes, I think most APIs ignore content negotiation, but the question is what to do when there is server configuration for http-header-based conneg and a web application that accepts query strings for the same resources. As the server, I'm thinking of web server software like Apache or nginx, not the web application. These handle content negotiation by directives in the configuration file. There would only ever be a conflict if someone creates a directive to use the headers for content negotiation and also accepts a query string for requesting data by profile. That seems obviously a developer error, and it would be most helpful if the web server handled it in a way that allowed the developer to guess what was going on, following the principle of least surprise. 
If a user sends a request with profile=foo that isn't used by an API (a user error in sending the request), but there is a directive to negotiate on headers, I would expect the server to do http-header content negotiation. In this case, there is no logic anywhere to handle the profile=foo. If a user sends a request with a profile=foo that is indeed used by an API, and there is http-header-based negotiation configured for the resource (almost certainly a misconfiguration), it would make sense from the user point of view for the server to ignore the header info and use the query string, but the server cannot know whether the query string is actually used or not until it has passed the request on to the API. It just passes the parameters on and lets the web application do the parsing. It seems unprecedented for a general-purpose web server like apache to parse query strings and behave differently depending on whether a specific key exists. And even if it did, it would have no logic for what to do with profile=foo, because that is specific to the web application.

-- 
GitHub Notification of comment by agreiner
Please view or discuss this issue at https://github.com/w3c/dxwg/issues/505#issuecomment-532935995 using your GitHub account
Received on Thursday, 19 September 2019 02:16:03 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 30 October 2019 00:15:57 UTC