mnot at mnot.net
Fri Aug 27 01:03:36 CEST 2004
I like the Expect/Continue langauge in the latest draft -- thanks!
One thing; the first bullet point gives servers and gateways the option
of "Reject[ing] all client requests containing an Expect: 100-continue
header with a '417 Expectation failed' error."
This doesn't seem like a good thing to allow, because it makes server
implementations that take this path reject ALL requests that use
expect/continue, with no recourse. The intent of Expect/Continue is
that it should fall back to normal operation (the request gets sent and
processed) unless it is explicitly rejected.
So, I think this option should be removed. I can see some scenarios
where the server can and will be configured to reject all requests over
a certain size, etc. but rejecting all requests that use this mechanism
indiscriminately doesn't seem to fall into that case. If an
implementation doesn't want to deal with expect/continue at all, it has
1) don't claim to be HTTP/1.1 conformant
2) wait until the client decides you don't support expect/continue, and
sends the request body (this is suboptimal, for obvious reasons).
Mark Nottingham http://www.mnot.net/
More information about the Web-SIG