Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Contradicting requirements on contained resource metadata #450

Closed
damooo opened this issue Aug 28, 2022 · 2 comments
Closed

Contradicting requirements on contained resource metadata #450

damooo opened this issue Aug 28, 2022 · 2 comments

Comments

@damooo
Copy link

damooo commented Aug 28, 2022

Following two statements contradict each other.

Req1

Servers SHOULD include resource metadata about contained resources as part of the container description, unless that information is inapplicable to the server.

Req2

Servers MUST NOT allow HTTP POST, PUT and PATCH to update a container’s resource metadata statements; if the server receives such a request, it MUST respond with a 409 status code. [Source]

First one requires us to update contained resource metadata statements, when POST targets a container with representation of to be created resource.

Second one forbids updating them when POST targets a container.

I understand that intention in second statement is to disallow them in case of POST in representation of to be created container, but not request target. But statement generalizes over methods on request-target, and representation-update operations.

@damooo
Copy link
Author

damooo commented Aug 30, 2022

Request to correct me if i am missing something obvious

@csarven
Copy link
Member

csarven commented Aug 31, 2022

First one requires us to update contained resource metadata statements, when POST targets a container with representation of to be created resource.

#server-contained-resource-metadata intends that the server should authoritatively materialise the resource metadata about contained resources. It does not require servers to accept and preserve the sender's statements about contained resource metadata.

Second one forbids updating them when POST targets a container.

I understand that intention in second statement is to disallow them in case of POST in representation of to be created container, but not request target. But statement generalizes over methods on request-target, and representation-update operations.

#server-protect-contained-resource-metadata intends that the target of the HTTP request is the container resource.

#server-protect-contained-resource-metadata intends a constraint on the request semantics of POST (to "perform resource-specific processing on the request payload"), targeting a container. It does not describe the processing instructions for payloads containing resource metadata about "to be created" resource. In essence, the server can accept the POST request while ignoring sender's statements about contained resource metadata.


There is a related background in #298 (comment) where I mentioned:

Updating container's description (as opposed to the side-effect of processing) with POST is unspecified. 409 can't even occur with the current spec. A test might at best reveal that there is no 409 possibility.

It means that when a POST request targets a container, the request semantics is about appending to the container - in effect creating a new resource in the targetted container. It is not about updating the description of the container (besides effectively adding a containment statement and server including resource metadata about the created resource.)

@damooo damooo closed this as completed Sep 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants