Re: PaceServiceError GET vs. POST (was Re: AtomPubIssuesList)

[Greg Stein <gstein@xxxxxxxxxx>]

On Wed, Jun 23, 2004 at 02:40:08PM +1000, Eric Scheid wrote:
> 
> On 23/6/04 5:18 AM, "Robert Sayre" <mint@xxxxxxxxxxxxxxx> wrote:
> 
> >> It most certainly is not safe. Say, for whatever reason, someone's
> >> ErrorURI ends up in Google's spider. The spider never sends a POST,
> >> but will happily GET a resource a million times. Thus every time
> >> Google spiders that ErrorURI, that person starts running around
> >> looking for an error. POST is what you're looking for.
> > 
> > Atom ErrorURI requests are distinguished by the presence of an X-Atom
> > header.

Two things here:

* The ErrorURI and X-Atom approach makes no sense. The assumption here is
  that you want to use existing tools which can GET or POST to report the
  error. But when you use those tools, they won't necessarily give you a
  way to insert an X-Atom header. You certainly can't just have a web
  page do a POST, or hit a link to do a GET. You have to write some custom
  code to insert the X-Atom header.
  
  Thus, if you've already axed the possibility of a bare browser, and fell
  into custom code, then why not use an HTTP method that has actual
  semantic value? Such as ERR or ERROR.
  
  The method is present to say what you are trying to do. In this case,
  that is report an error. So specify a new method to do that.

* The header should not have an X- prefix. That is used for non-standard
  headers. By definition, you are specifying a standard. Thus, drop the X-
  prefix.

> does the X-Atom header get logged, typically?

Nope. Not at all. You'll have to custom configure your server to capture
that header. Apache can definitely be configured to log it; dunno about
IIS or other servers.

Cheers,
-g