Re: #904: Content on GET requirement strength
Rafal Pietrak <cookie.rp@ztk-rp.eu> Sat, 17 July 2021 11:42 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D40B23A0795 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 17 Jul 2021 04:42:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.898
X-Spam-Level:
X-Spam-Status: No, score=-2.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, MAILING_LIST_MULTI=-1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PoJO5dGyXhxG for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sat, 17 Jul 2021 04:42:06 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4A6A3A078F for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sat, 17 Jul 2021 04:42:05 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.92) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1m4ifY-0000dR-Hy for ietf-http-wg-dist@listhub.w3.org; Sat, 17 Jul 2021 11:39:44 +0000
Resent-Date: Sat, 17 Jul 2021 11:39:44 +0000
Resent-Message-Id: <E1m4ifY-0000dR-Hy@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <cookie.rp@ztk-rp.eu>) id 1m4ifW-0000ce-65 for ietf-http-wg@listhub.w3.org; Sat, 17 Jul 2021 11:39:42 +0000
Received: from sm.strop.com.pl ([83.17.179.219]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <cookie.rp@ztk-rp.eu>) id 1m4ifT-0008FQ-TK for ietf-http-wg@w3.org; Sat, 17 Jul 2021 11:39:41 +0000
Received: from zorro.ztk-rp.eu ([::ffff:193.239.82.149]) (TLS: TLS1.2,256bits,ECDHE_RSA_AES_256_GCM_SHA384) by sm.strop.com.pl with ESMTPS; Sat, 17 Jul 2021 13:39:22 +0200 id 000000000000060C.0000000060F2C16A.00007FF2
Received: from public-gprs406455.centertel.pl ([37.47.218.248]:18544 helo=[192.168.43.32]) by zorro.ztk-rp.eu with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from <cookie.rp@ztk-rp.eu>) id 1m4if6-000uXN-SV for ietf-http-wg@w3.org; Sat, 17 Jul 2021 13:39:21 +0200
To: ietf-http-wg@w3.org
References: <BFB50EB9-90E2-44B0-B469-4FBFA0488BFE@mnot.net> <BLAPR22MB2259BDE901088D82A1033F45DA119@BLAPR22MB2259.namprd22.prod.outlook.com> <9D46B333-D2F1-4D1D-9BE3-D6B701167B70@tzi.org> <CAF8qwaDXjHZ6cQO5512VsDi7ZRT0wq5h3NQWuR4x67Fq_Qn9Mg@mail.gmail.com> <CAEdRHi7iH060t0xhOtuiEj2vApfD5KRu=v-6LBErp+6v+z=pyQ@mail.gmail.com> <106CAD9F-66C1-4852-892C-F20F8B44B911@tzi.org>
From: Rafal Pietrak <cookie.rp@ztk-rp.eu>
Message-ID: <2165ab6d-5faa-b962-896b-16e0e18958bf@ztk-rp.eu>
Date: Sat, 17 Jul 2021 13:39:13 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <106CAD9F-66C1-4852-892C-F20F8B44B911@tzi.org>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-SA-Exim-Connect-IP: 37.47.218.248
X-SA-Exim-Mail-From: cookie.rp@ztk-rp.eu
X-SA-Exim-Version: 4.2.1 (built Sat, 13 Feb 2021 17:57:42 +0000)
X-SA-Exim-Scanned: Yes (on zorro.ztk-rp.eu)
Received-SPF: unknown (IP address lookup failed.) SPF=FROM; sender=cookie.rp@ztk-rp.eu; remoteip=::ffff:193.239.82.149; remotehost=; helo=zorro.ztk-rp.eu; receiver=sm.strop.com.pl;
Received-SPF: pass client-ip=83.17.179.219; envelope-from=cookie.rp@ztk-rp.eu; helo=sm.strop.com.pl
X-W3C-Hub-Spam-Status: No, score=-3.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, NICE_REPLY_A=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1m4ifT-0008FQ-TK 785c9ed5a59f89a6247bf54cc70cb6cd
X-Original-To: ietf-http-wg@w3.org
Subject: Re: #904: Content on GET requirement strength
Archived-At: <https://www.w3.org/mid/2165ab6d-5faa-b962-896b-16e0e18958bf@ztk-rp.eu>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/39048
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hello everybody, Pls forgive me cutting in, where I'm not particularly competent, but I've checked the link below, and read it from a perspective of a "simple" home-page web writer. The comments bellow come from reading it specifically from such perspective (i.e: what it gives web-page-authors). The draft seam to define SEARCH as "something" that HTTP server may receive "from the wild". When reading the proposal from "home-page-author" perspective, one MUST assume, that all the SEARCH requests will "get back" to the server as a result of interpretation of just received by the browser a "home-page". IMHO this perspective is missing from the draft. I admit, that when fixed (as below), the SEARCH method could provide functionality I was attempting to achieve with my cookie-draft. W dniu 17.07.2021 o 11:50, Carsten Bormann pisze: > On 2021-07-16, at 22:43, Asbjørn Ulsberg <asbjorn@ulsberg.no> wrote: >> >> To >> accommodate these use cases, an I-D for a safe method with body has >> been initiated: >> >> https://datatracker.ietf.org/doc/draft-ietf-httpbis-safe-method-w-body/ >> >> With such a method in the implementer's toolbox, I'm pretty certain a >> MUST NOT requirement would be easy to swallow. > > Indeed. > From 'home-page-writer' perspective, we assume, that the entire selection of possible SEARCH requests, that a client browser could submit to that server is provided to that browser by that server on the just retrieved home-page (html-home-page). If so, the questions are: 1. will it be possible to send to the browsers a "home-page" with some of the <form method="POST"> turned into <form method="SEARCH">? It looks like YES, but I'm not quite sure. So, at least a "none nominative" example would be nice to have. 2. will it be possible to change some (or all, if provision just "some" is unreasonable difficult) of the "<a href=''>", "<img src=>", "<link>", etc, etc, from launching a GET requests, into launchinig a SEARCH requests instead? This is not addressed by the draft, yet IMHO it would be nice to have. 3. the draft mentions 'accept-search' being used by the server to indicate it can accept SEARCH method. But from (1) and (2) above, it's equally important, that the browser is able to notify server, that the web-page returned can contain SEARCH requests ... like in <form methos="SEARCH"> in (1) above. So, "accept-search" should also be send to servers by complying browsers. Then again, when server receives "accept-search" it may request browser to turn "all the possible" href/src/source links from GET into SEARCH. something like "meta-search" for the <HEAD> could do that. That "meta-search" also could supplement SEARCH triggered by "a href" (or others) with additional data. the SEARCH draft mentions, that processing of SEARCH by the server will not change state of the server. From those words I was missing an emphesise, that in consequence, web browser submitting a SEARCH should not alert user like they do when user requests "page-refresh", while that page arrived as a response to POST request. Such clearification would be desirable I think there may be a problem with 3xxx redirect response as defined in current version of the draft: "alterative URI from which the search results can be retrieved using an HTTP GET request". The problem may be at the point where one MUST change method from SEARCH to GET. This may prove difficult when not all the SEARCH params fit into GET request. So, such change request should probably be returned by the server only under specific circumstances, and so as specific/uniq redirect code; while "simple redirection" should NOT change methods (SEARCH->GET). -- Rafał Pietrak
- #904: Content on GET requirement strength Mark Nottingham
- RE: #904: Content on GET requirement strength Mike Bishop
- Re: #904: Content on GET requirement strength Carsten Bormann
- Re: #904: Content on GET requirement strength David Benjamin
- Re: #904: Content on GET requirement strength Julian Reschke
- Re: #904: Content on GET requirement strength Willy Tarreau
- Re: #904: Content on GET requirement strength Asbjørn Ulsberg
- Re: #904: Content on GET requirement strength Carsten Bormann
- Re: #904: Content on GET requirement strength Rafal Pietrak
- SEARCH Julian Reschke
- Re: SEARCH Rafal Pietrak
- Re: #904: Content on GET requirement strength Mark Nottingham
- Re: #904: Content on GET requirement strength Amos Jeffries
- Re: #904: Content on GET requirement strength Willy Tarreau