Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Content-Location with QUERY #1746

Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

Content-Location with QUERY #1746

wants to merge 11 commits into from

Conversation

MikeBishop
Copy link
Contributor

Fixes #1745.

@mnot
Copy link
Member

mnot commented Oct 14, 2021

Content-Location doesn't indicate whether the resource on the other end will return these results in perpetuity, or whether it'll return the results to the query (which may change over time).

So it might be better to be explicit -- if the server wants to create a resource for these results, use 201 Created with Location that explicitly points to a resource that represents this query, and which can change over time. The server can choose whether to include the query results on the 201, of course.

@MikeBishop
Copy link
Contributor Author

Given that we're defining this method, it seems like we can specify which is the intended behavior, or provide mechanisms for each.

@asbjornu
Copy link

asbjornu commented Nov 2, 2022

Could perhaps a Link header be used to disambiguate the two use-cases?

Link: </updated-results>; rel="latest-version", </these-results>; rel="memento"

The chosen link relations are probably not appropriate, I just picked some that exists to provide a complete example.

@MikeBishop
Copy link
Contributor Author

MikeBishop commented Mar 21, 2024
edited

Per discussion in Brisbane side-meeting:

  • Need to add text indicating what it means if the C-L target errors
  • Add text clarifying that the resource can be cached despite the different URI (this is cautioned against in SEMANTICS)
  • Security Considerations? Suggest that the URI SHOULD NOT expose the plaintext of the query contents (for Header to request always using QUERY over GET #1909)

reschke
reschke reviewed Mar 21, 2024
View reviewed changes
draft-ietf-httpbis-safe-method-w-body.xml Outdated
@@ -200,6 +200,14 @@ q=foo&amp;limit=10&amp;sort=-published
using an HTTP GET request. Various non-normative examples of successful
QUERY responses are illustrated in <xref target="examples" />.
</t>

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

MikeBishop
MikeBishop commented Mar 21, 2024
View reviewed changes
Copy link
Contributor Author

@MikeBishop MikeBishop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review feedback from @reschke.

martinthomson
martinthomson reviewed Mar 25, 2024
View reviewed changes
Copy link
Contributor

@martinthomson martinthomson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see nothing here about cacheability or origins. I know that I left early, but I thought that we had concluded that the server claims about the Content-Location resource would be treated differently based on whether the indicated resource was on the same origin (or not).

draft-ietf-httpbis-safe-method-w-body.xml Outdated
A successful response to a QUERY request &MAY; include a Content-Location
header field (see <xref target="HTTP" section="8.7"/>) containing an
identifier for a specific resource corresponding to the results of the
operation. A client can send a GET request for the indicated URI to repeat
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
operation. A client can send a GET request for the indicated URI to repeat
operation. A client can send a GET request for the indicated URI to repeat

So is this "A client can" or "This represents a claim from the server that a client can"

@MikeBishop
Copy link
Contributor Author

@martinthomson, I've added language restricting it to same-origin; is there a stronger statement you were expecting to see here?

@MikeBishop @reschke
Apply suggestions from @reschke's code review
e6def7d 
Co-authored-by: Julian Reschke <julian.reschke@gmx.de>
@reschke
Copy link
Contributor

reschke commented May 24, 2024

@mnot , @royfielding , @martinthomson - should we go ahead with this?

@royfielding
Copy link
Member

No.

See #1745 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@martinthomson martinthomson martinthomson left review comments

@reschke reschke reschke approved these changes

Assignees
No one assigned
Labels
safe-method-w-body
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

QUERY should describe use of Content-Location field
6 participants
@MikeBishop @mnot @asbjornu @reschke @royfielding @martinthomson