- From: Mark Baker <distobj@acm.org>
- Date: Tue, 2 Oct 2001 16:42:01 -0400 (EDT)
- To: BRIAN.RICKABAUGH@APPL.GE.COM ("Rickabaugh, Brian (GEA, 094855)")
- Cc: xml-dist-app@w3.org ('xml-dist-app@w3.org')
Brian, > Hello All: > > Suppose a component is going to receive an HTTP POST and needs to determine > if the stream of data that it is receiving is an incoming SOAP message. If > the incoming data is not a SOAP message, it needs to parse the incoming data > as a normal NAME/VALUE sequence. I assume by "name/value sequence" that you mean an application/x-www-form-urlencoded body. POST can carry arbitrary types of bodies, so it's probably not a good idea to assume that it's either SOAP or that. Check the Content-Type header. > Does the SOAP spec. provide a mechanism for handling this determination? SOAP 1.1 provides the SOAPAction header for this purpose. SOAP 1.2 mucks around with how SOAPAction is used[1], as it allows a receiver to notify the sender that it will only accept messages that include the header. But IMO, this will end up meaning exactly the same thing as it does in 1.1, and everybody will send it to avoid the additional roundtrip for negotiation. i.e. a long winded way of maintaining the status quo (which is ok with me). > Should it? Absolutely. Since SOAP can be used to create new & potentially insecure protocols, a firewall administrator should be able to block it. [1] http://www.w3.org/TR/2001/WD-soap12-part2-20011002/#N400838 MB (not a member of the WG, just a contributor from the cheap seats)
Received on Tuesday, 2 October 2001 16:39:49 UTC