IETF Logo Mail Archive

Re: [httpapi] Discussion of adopting Content-Warning header

André Cedik <andre.cedik@googlemail.com> Mon, 11 January 2021 12:21 UTC

Return-Path: <andre.cedik@googlemail.com>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E3C853A03F5 for <httpapi@ietfa.amsl.com>; Mon, 11 Jan 2021 04:21:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=googlemail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 91RjPjng3wit for <httpapi@ietfa.amsl.com>; Mon, 11 Jan 2021 04:21:49 -0800 (PST)
Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com [IPv6:2a00:1450:4864:20::430]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EA623A03FC for <httpapi@ietf.org>; Mon, 11 Jan 2021 04:21:49 -0800 (PST)
Received: by mail-wr1-x430.google.com with SMTP id m5so16184850wrx.9 for <httpapi@ietf.org>; Mon, 11 Jan 2021 04:21:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=Tiww6a3W9TMmwMZvpE/UCwPP1kpV3wdp7Na98+okfiQ=; b=MedZGdGjc/oFgHX3rtvL7HaJw79idYuEjKR+5w/+mVNTtkMY0F817b2UygXDBaLqmf dvRN+4oJG3OlmaxYe8BAJQlgLljUMoTk5AAJIuw+UvYm/4dZvc3A8tJ8YW577sNvzWsA +WjZPDNwluIAhWd3H5vA887PqpVgW1IMt2I8xObHH25JYPyrrtyg4bzmh5/Xibj6rFYH KiAhtcVgAXBDr+j+TothdiOBXVmuxW/GnmKEAGI3aQPmRqGyK/tSpZFNM+ePn3UsOn5x txcVDfDUNKVlk46R2OySmKJL2v9CAsgdZLrAGcnh3fFS7TT/3om5XKIilpoAZtIZRdZq npuQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=Tiww6a3W9TMmwMZvpE/UCwPP1kpV3wdp7Na98+okfiQ=; b=BofcuG72YEBrn+LsqqlXXoJqzatsFF8EDVEdwgfwLwN01Dq0g3GZ+FoWUt4VA0WPFD i7Ily4V05vqwgZWBnTe2h4Ye/ucmSkvKxUinyx11vB2AcotktIwCBlRMZTrMrnYIoa73 7rwNmwsxUek+VZewrHxwlkdLiscih7uXTq9og8T2aidA2HCWxev6PhvKzHNO3wYvHNra /15nZSJnGvQEVqWLy9eJyhAmqoYQPBBej1BBvITrN37tdvAPga+UdNKxt4f1m9kgaNgs K6kWet3pTeavqFC9CD6u9s3+EtDlRNUVvhXqsTjwm7h7GRBl54HJZusN/AloPML73bqu lElg==
X-Gm-Message-State: AOAM5312WijS8/q6tkFzB4hTTFrsUE0WkipMUwX+OzH/BCA8C6WTglba aJK22AjGF/B7/MnRHx46DErKNngbtkR7/5bxqTg+VMiD4cDNLg==
X-Google-Smtp-Source: ABdhPJzOdZoCxmNE/hYjrnAj+tFy/SfHf4fas8QKiNb2DyxwCgRTelHeLuOIzJXAJ7mL7i4jUZvOI07DbbEDEJVlhCo=
X-Received: by 2002:adf:92a4:: with SMTP id 33mr15825103wrn.347.1610367707257; Mon, 11 Jan 2021 04:21:47 -0800 (PST)
MIME-Version: 1.0
References: <88ED49DB-E081-4C97-9FB9-080A1C585435@akamai.com> <80acc592-be10-533d-d6ba-e39ea78ef8de@dret.net> <BL0PR00MB0836A53E8E6526BF29BEF6DCF0C69@BL0PR00MB0836.namprd00.prod.outlook.com> <CAP9qbHW3N4yyN+pGf6T15xfDawZnNoFzChEzOqQB6C4S7zh4Sw@mail.gmail.com>
In-Reply-To: <CAP9qbHW3N4yyN+pGf6T15xfDawZnNoFzChEzOqQB6C4S7zh4Sw@mail.gmail.com>
From: André Cedik <andre.cedik@googlemail.com>
Date: Mon, 11 Jan 2021 13:21:36 +0100
Message-ID: <CAEQcYZi-JRJ2GSaL_VNfracRqXCU80a6ajJdgGWA8aQOuP8rkg@mail.gmail.com>
To: "httpapi@ietf.org" <httpapi@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000026206305b89ef37d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/g-fscxWSs6PUsjOlEYKgqhfSDew>
Subject: Re: [httpapi] Discussion of adopting Content-Warning header
X-BeenThere: httpapi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/httpapi>, <mailto:httpapi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi/>
List-Post: <mailto:httpapi@ietf.org>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/httpapi>, <mailto:httpapi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jan 2021 12:30:40 -0000

Hey everyone and a happy new year,

I'd like to take the opportunity (since it is the first day back at work
for me) to get the ball rolling again.

Interestingly my first message in December seems to not have made it to the
list. At least that's what I get from the archive, where it is missing.
So I've added it to the end just for reference since the discussion has
already been going further.

Back to Darrel's question/suggestion.

I have certainly run into scenarios where there is value in returning
> warnings with a response and I've see the Warnings header from RFC 7234
> used in several cases.  However, the Warning header includes the Warn-Code
> to provide some details about the reason for the warning.  One advantage of
> using the Warning header was the fact that the warnings did not need to
> affect the structure of the payload.
> Would you consider a change to this draft that enabled representing
> details of the warning in the header itself?


Do you already have anything specific in mind? Maybe even an example when
warnings were returned using the Warnings header?
It would definitely make sense to have some kind of "code" to be returned
when a warning is present, but I am not sure if the use cases for different
APIs might be too specific to be handled by an overarching code. Hence
every API might need different codes for what they are trying to convey.
The advantage of returning the warnings in the body would be that more
specific information could be returned than trying to squeeze it into the
header.

Roberto is right. It would be possible to add more specific things using
the Content-Warning Type Registry

---

Original message:

> Thank you Rich for bringing this up again.
> I was planning on writing to the list about the draft, but haven't found
> the time yet. So it's great that you put some pressure on us.
> Let me try to answer two of the questions that came up during the IETF 109
> meeting.
>


Is this just for JSON documents?
> Absolutely not!
> It is the goal of the header to signal to a client that warnings are
> being returned.
> The value "embedded-warning" is merely one idea of telling this client,
> that more information can be found in the body.
> One could return a different content type than "application/json" and
> embed the warnings in there.
> The example shown in section 6 (
> https://tools.ietf.org/html/draft-cedik-http-warning-02#section-6) is
> just there so we have a proposition of how this could be returned.
> Ideally, we'd have a common way of returning warnings. Independent of what
> the content type is. But I'm not sure if this is possible.
>


Can we mix errors and warnings?
> If you have a look at the initial proposal - which was based on the
> warning header - we've had an example with errors and warnings.
> https://tools.ietf.org/html/draft-cedik-http-warning-00#section-5.2
> I can definitely see that there is a use case for having both at the same
> time since a warning could have occurred before the actual error came to
> be. So in this case returning the warning and the error could be helpful
> for a client.
> If you have further questions just let me know.


Best
André


On Tue, Dec 15, 2020 at 4:32 PM Roberto Polli <robipolli@gmail.com> wrote:

> Hi @all,
>
>
> Il giorno mar 15 dic 2020 alle ore 06:00 Darrel Miller
> <Darrel.Miller=40microsoft.com@dmarc.ietf.org> ha scritto:
> > > if
> > > there isn't enough interest, an alternative path may be to keep
> > > developing it as an individual draft
> I think this draft will benefit from a wider discussion, including the
> considerations provided by Darrell.
>
> > [..] I've see the Warnings header from RFC 7234 used in several cases.
> > [..] One advantage of using the Warning header was the fact that the
> warnings did not need to affect the structure of the payload.
> > Would you consider a change to this draft that enabled representing
> details of the warning in the header itself?
> iiuc this behavior can be configured via the content-warning-type: the
> payload one is  "embedded-warning",
> so the field definition already has an extension mechanism capable of
> supporting further types, eg "expensive-request" or "old-api-version"
> or whatever.
>
> I think this kind of discussions are the kind of activity of the workgroup.
>
> Have a nice day,
> R.
>
> --
> httpapi mailing list
> httpapi@ietf.org
> https://www.ietf.org/mailman/listinfo/httpapi
>

v2.23.0 | Report a Bug | By Email