- From: Mark Baker <distobj@acm.org>
- Date: Tue, 14 May 2002 15:43:39 -0400
- To: noah_mendelsohn@us.ibm.com
- Cc: xml-dist-app@w3.org
Noah, On Wed, May 08, 2002 at 12:02:42PM -0400, noah_mendelsohn@us.ibm.com wrote: > or (c) through some fluke, an HTTP responder which never intended to be a > SOAP node miraculously produced a legal response envelope when confronted > with the POST. Frankly, I find (c) not worth worrying about at all, and > (b) only slightly more interesting. I think if I were worried about (b) I > would use application-level checking, as for any other buggy HTTP server > response. My concern is about this scenario; d) a HTTP node which never intended to be a SOAP node, responds with a 204 when any SOAP message is POSTed to it (my concern is actually a bit more general than that, but that description will suffice for now) Henrik is completely correct when he states that this is just like a HTML form; that the form provides the context necessary to know what the HTTP response codes mean. But in the dozens of SOAP examples I've seen, none of them talk about this. It's just assumed that SOAP-RPC/HTTP works as other RPC protocols; if you invoke a method that isn't supported, you will get a SOAP fault. I'll refrain from raising this as an issue now, but will do so after Last Call. BTW, I don't believe the use of GET is related to this concern, so I'll refrain from comment for now. I just brought it up as an example of a method that people might try to invoke on arbitrary URIs. MB -- Mark Baker, CTO Idokorro Mobile Inc. Ottawa, Ontario, CANADA. distobj@acm.org http://www.markbaker.ca http://www.idokorro.com
Received on Tuesday, 14 May 2002 15:35:37 UTC