RE: WebDAV Bindings - Issue Yaron.403

Disclaimer: I still hate the idea of introducing new error codes. I think
these should all be 400/500 error codes with a header or a body. I only
state this for the record.

I think adding a new 5xx code makes the most sense.

> -----Original Message-----
> From: Slein, Judith A [mailto:JSlein@crt.xerox.com]
> Sent: Wednesday, January 19, 2000 6:17 PM
> To: 'Yaron Goland'; w3c-dist-auth@w3.org
> Subject: RE: WebDAV Bindings - Issue Yaron.403
> 
> 
> The previous revision of the spec had a separate error code 
> for this case,
> and I have no objection to putting it back in.  I think it 
> would be a 5xx
> rather than a 4xx though.  There's no error in the request, 
> it's just that
> the particular server has a policy forbidding creation of loops.
>  
> --Judy
> 
> -----Original Message-----
> From: Yaron Goland [mailto:yarong@Exchange.Microsoft.com]
> Sent: Sunday, January 16, 2000 8:48 PM
> To: w3c-dist-auth@w3.org
> Subject: WebDAV Bindings - Issue Yaron.403
> 
> 
> 
> Section 5.2 of the Bind spec instructs the reader that if a 
> server wishes to
> reject a BIND request because it would cause a loop then the 
> server should
> return a 403 (Forbidden). However 403 is overloaded as it is. 
> For example, a
> 403 could mean that the method is banned at the moment for 
> some reason even
> though it is normally supported. This means that someone 
> trying to write an
> API to issue a BIND never really knows what a 403 means and 
> so doesn't know
> if they should tell the user that the server is currently 
> just not going to
> let the user perform this action or if the problem is that 
> the action would
> result in a loop. Therefore the use of 403 introduces a 
> vagueness into the
> response.
> 
>         Therefore I move that a new 4xx error code be 
> introduced to cover
> the case when a server refuses a BIND because it would cause a loop.
> 
>                 Yaron 
> 
> P.S. I think that the introduction of all these new error codes is a
> mistake. A new error code should only be, in my opinion, 
> introduced when it
> provides a very high level error description that could be 
> reasonably used
> by members of the HTTP infrastructure, meaning firewalls and proxies.
> Otherwise only the x00 errors should be used for everything 
> and either new
> headers or a body should be introduced to give detailed error 
> information.
> But I'm way too busy to try and push for this change so for 
> the moment let's
> just throw another error code on the barbie until people go 
> insane with
> them. It will be interesting to see how bad things have to 
> become before we
> can get this fixed.
> 

Received on Saturday, 22 January 2000 05:33:11 UTC