How to enforce that HTTP client uses conditional requests for updates?
Posted
by
Day
on Stack Overflow
See other posts from Stack Overflow
or by Day
Published on 2011-09-26T17:14:55Z
Indexed on
2012/10/02
9:38 UTC
Read the original article
Hit count: 160
In a (proper RMM level 3) RESTful HTTP API, I want to enforce the fact that clients should make conditional requests when updating resources, in order to avoid the lost update problem. What would be an appropriate response to return to clients that incorrectly attempt unconditional PUT requests?
I note that the (abandoned?) mod_atom returns a 405 Method Not Allowed
with an Allow
header set to GET, HEAD
(view source) when an unconditional update is attempted. This seems slightly misleading - to me this implies that PUT is never a valid method to attempt on the resource. Perhaps the response just needs to have an entity body explaining that If-Match
or If-Unmodified-Since
must be used to make the PUT
request conditional in which case it would be allowed?
Or perhaps a 400 Bad Request
with a suitable explanation in the entity body would be a better solution? But again, this doesn't feel quite right because it's using a 400
response for a violation of application specific semantics when RFC 2616 says (my emphasis):
The request could not be understood by the server due to malformed syntax.
But than again, I think that using 400 Bad Request
for application specific semantics is becoming a widely accepted pragmatic solution (citation needed!), and I'm just being overly pedantic.
© Stack Overflow or respective owner