[Web-SIG] WSGI - alternative ideas

Phillip J. Eby pje at telecommunity.com
Sun Aug 15 00:11:10 CEST 2004

At 01:21 PM 8/14/04 -0700, Mark Nottingham wrote:
>On Aug 14, 2004, at 12:05 PM, Phillip J. Eby wrote:
>>Because CGI variables aren't ordered.  If the request input were required 
>>to be HTTP headers, this would make it impossible for CGI, FastCGI and 
>>other gateways defined in terms of CGI to serve as valid WSGI implementations.
>Sorry, I don't follow. HTTP headers aren't ordered, except within a 
>particular header field-name. It's trivial to map from a dictionary like 
>{"HTTP_REFERER": "http://www.example.com/", "HTTP_HOST": 
>"www.example.org"} to [("referer", "http://www.example.com/"), ("host", 
>"www.example.org")]. No information is lost, and it's easier for non-CGI 
>implementations to work with.

Hm.  How many such frameworks are there?  I'm making the implicit 
assumption that web servers that know how to create CGI variables are more 
common than frameworks that don't use CGI variables.  If that's not a valid 
assumption, then perhaps the decision should be revisited.

>One other thing -- as far as I can tell, this interface can't accommodate 
>Expect/100-Continue interactions, as specified in RFC2616 section 8.2.3. 
>I.e., to support this, the application needs to be given access to the 
>request headers before reading the request body, so that it can send a 100 
>Continue, then read the request body, then send a normal response.

Actually, this *could* work under the current spec, so long as the 
application manages the second response.  However, there are pieces that 
need to be better defined, such as what happens if the application writes 
more data than is present in the outgoing 'Content-Length' header.

>I think it would be possible to support this feature without unduly 
>burdening implementations by saying that start_response() can be called a 
>second time, IF there is an expect: 100-continue header in the request. 
>Server implementations which don't support this behaviour, or 
>automatically handle it themselves, can filter out that header.
>E.g., if the request environment contains the expect: 100-continue header, 
>the application can do one of three things;
>1) respond as normal; i.e., call start_response() and send a successful, 
>redirect, or error response (possibly blocking until the request body is 
>2) respond with a 417 Expectation Failed status code
>3) respond with a 100 Continue in the first call to start_response(), and 
>then call start_response() again to make the actual response.

Unfortunately, I have no experience with this aspect of HTTP/1.1.  I fear I 
shall end up having to study the RFC extensively before drawing a 
conclusion on this.  :(

It seems to me that another approach is possible, though...  couldn't the 
web server just send a 100 Continue response if there's an "expect: 
100-continue"  header in the request, and you attempt to read from the 
input stream before you've called the 'start_response' callable?  At first 
glance, this sounds like a reasonable way to handle it, that wouldn't 
require any explicit handling by the application code.  Then, WSGI could 
also require that such an "expect" header must NOT appear in the request 
passed to an application.

More information about the Web-SIG mailing list