Dear all,
Although TAPIR is layered on top of HTTP, the existing documents (including the spec) don't mention anything about HTTP versions.
I was recently asked about this because it seems that providers that are installed on HTTP/1.1 servers are starting to reject HTTP/1.0 requests, probably for security reasons.
I think we should be more explicit in the specification about the minimum HTTP version compatible with TAPIR. In this case HTTP/1.0 (the previous version didn't even have the POST method).
This means that a TAPIR provider can potentially be installed on an HTTP/1.0 or 1.1 server. In both cases, technically there should be no problem to process requests in either HTTP/1.0 or 1.1 (1.0 servers will simply ignore 1.1 extensions, and 1.1 servers are "expected" to be able to easily handle requests in previous versions, as noted in the HTTP/1.1 RFC).
Anyway, considering the fact that HTTP/1.1 servers are starting to deny 1.0 requests, I could add a recommendation for TAPIR clients to always send requests in HTTP/1.1. This would not be a "protocol rule", just a pragmatic recommendation, so I would probably add this in the TAPIR network builders' guide instead of the spec.
Please let me know if you have any ideas or suggestions in this respect.
Best Regards, -- Renato
Renato, Are you sure about HTTP/1.1 servers denying 1.0 requests? Any examples? HTTP1.1 can be problematic sometimes, especially when you want to retrieve html messages in parts like with using fsockopen() and streams. See also: http://developers.sun.com/mobility/midp/questions/chunking/
Wouter
-----Original Message----- From: tdwg-tapir-bounces@lists.tdwg.org [mailto:tdwg-tapir-bounces@lists.tdwg.org] On Behalf Of Renato De Giovanni Sent: Wednesday, June 04, 2008 3:33 PM To: tdwg-tapir@lists.tdwg.org Subject: [tdwg-tapir] TAPIR & HTTP
Dear all,
Although TAPIR is layered on top of HTTP, the existing documents (including the spec) don't mention anything about HTTP versions.
I was recently asked about this because it seems that providers that are installed on HTTP/1.1 servers are starting to reject HTTP/1.0 requests, probably for security reasons.
I think we should be more explicit in the specification about the minimum HTTP version compatible with TAPIR. In this case HTTP/1.0 (the previous version didn't even have the POST method).
This means that a TAPIR provider can potentially be installed on an HTTP/1.0 or 1.1 server. In both cases, technically there should be no problem to process requests in either HTTP/1.0 or 1.1 (1.0 servers will simply ignore 1.1 extensions, and 1.1 servers are "expected" to be able to easily handle requests in previous versions, as noted in the HTTP/1.1 RFC).
Anyway, considering the fact that HTTP/1.1 servers are starting to deny 1.0 requests, I could add a recommendation for TAPIR clients to always send requests in HTTP/1.1. This would not be a "protocol rule", just a pragmatic recommendation, so I would probably add this in the TAPIR network builders' guide instead of the spec.
Please let me know if you have any ideas or suggestions in this respect.
Best Regards, -- Renato _______________________________________________ tdwg-tapir mailing list tdwg-tapir@lists.tdwg.org http://lists.tdwg.org/mailman/listinfo/tdwg-tapir
Hi Wouter,
Yes, the information I've got is that when there's an attempt to index a specific provider (don't know which one) the connection is immediately closed because the request is in HTTP/1.0.
I guess it's some Web Server/Firewall/Proxy setting because of this kind of thing:
http://lists.w3.org/Archives/Public/ietf-http-wg/2007OctDec/0352.html
As far as I know it's the first time it happens, but maybe it will become more frequent in the future. Anyway, it's an opportunity for us to improve the documentation.
Regarding the complexity of HTTP/1.1, I suppose that most TAPIR clients are using/will use third-party libraries to make the HTTP calls. As a example, tapirChirp uses the PHP PEAR HTTP library, which defaults to HTTP/1.1, and also supports compression if the zlib extension is loaded.
Best Regards, -- Renato
On 4 Jun 2008 at 16:02, Wouter Addink wrote:
Renato, Are you sure about HTTP/1.1 servers denying 1.0 requests? Any examples? HTTP1.1 can be problematic sometimes, especially when you want to retrieve html messages in parts like with using fsockopen() and streams. See also: http://developers.sun.com/mobility/midp/questions/chunking/
Wouter
-----Original Message----- From: tdwg-tapir-bounces@lists.tdwg.org [mailto:tdwg-tapir-bounces@lists.tdwg.org] On Behalf Of Renato De Giovanni Sent: Wednesday, June 04, 2008 3:33 PM To: tdwg-tapir@lists.tdwg.org Subject: [tdwg-tapir] TAPIR & HTTP
Dear all,
Although TAPIR is layered on top of HTTP, the existing documents (including the spec) don't mention anything about HTTP versions.
I was recently asked about this because it seems that providers that are installed on HTTP/1.1 servers are starting to reject HTTP/1.0 requests, probably for security reasons.
I think we should be more explicit in the specification about the minimum HTTP version compatible with TAPIR. In this case HTTP/1.0 (the previous version didn't even have the POST method).
This means that a TAPIR provider can potentially be installed on an HTTP/1.0 or 1.1 server. In both cases, technically there should be no problem to process requests in either HTTP/1.0 or 1.1 (1.0 servers will simply ignore 1.1 extensions, and 1.1 servers are "expected" to be able to easily handle requests in previous versions, as noted in the HTTP/1.1 RFC).
Anyway, considering the fact that HTTP/1.1 servers are starting to deny 1.0 requests, I could add a recommendation for TAPIR clients to always send requests in HTTP/1.1. This would not be a "protocol rule", just a pragmatic recommendation, so I would probably add this in the TAPIR network builders' guide instead of the spec.
Please let me know if you have any ideas or suggestions in this respect.
Best Regards,
Renato _______________________________________________ tdwg-tapir mailing list tdwg-tapir@lists.tdwg.org http://lists.tdwg.org/mailman/listinfo/tdwg-tapir
participants (2)
-
Renato De Giovanni
-
Wouter Addink